diff --git a/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt b/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt
index 80d258984c..4b73ccfb0e 100644
--- a/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt
+++ b/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt
@@ -1,13 +1,13 @@
 travis_fold:start:worker_info[0K[33;1mWorker information[0m
-hostname: 0bc92b95-51c8-4132-89b7-9e59fba8838a@1.worker-com-747c684559-fhdtp.gce-production-1
+hostname: 52aecd75-506f-44a2-af18-88e9dc465546@1.worker-com-747c684559-9sdrf.gce-production-1
 version: deploy_2024.10.02-2-gc32b553 https://github.com/travis-ci/worker/tree/c32b553e81363378d09787f52103ea9bcadf253c
-instance: travis-job-898a703d-2a98-4f6f-8d89-364f2ccb8967 travis-ci-ubuntu-2204-1726232313-c1c46c8c (via amqp)
-startup: 5.837072651s
-travis_fold:end:worker_info[0Ktravis_time:start:044e21e1[0Ktravis_time:end:044e21e1:start=1730884208613473928,finish=1730884208937323911,duration=323849983,event=no_world_writable_dirs[0Ktravis_time:start:0c71e164[0Ktravis_time:end:0c71e164:start=1730884208940435239,finish=1730884208943929509,duration=3494270,event=setup_filter[0Ktravis_time:start:0354b316[0Ktravis_time:end:0354b316:start=1730884208948442156,finish=1730884208958253314,duration=9811158,event=agent[0Ktravis_time:start:3868be18[0Ktravis_time:end:3868be18:start=1730884208961075008,finish=1730884208963137976,duration=2062968,event=check_unsupported[0Ktravis_time:start:0d7e78e0[0Ktravis_fold:start:system_info[0K[33;1mBuild system information[0m
+instance: travis-job-f22301d2-d38b-49c0-b350-6148661b18d8 travis-ci-ubuntu-2204-1726232313-c1c46c8c (via amqp)
+startup: 5.958511284s
+travis_fold:end:worker_info[0Ktravis_time:start:0100f1f6[0Ktravis_time:end:0100f1f6:start=1731316802978711398,finish=1731316803285699252,duration=306987854,event=no_world_writable_dirs[0Ktravis_time:start:0a5e3580[0Ktravis_time:end:0a5e3580:start=1731316803288767841,finish=1731316803292238729,duration=3470888,event=setup_filter[0Ktravis_time:start:2269f3fb[0Ktravis_time:end:2269f3fb:start=1731316803296509796,finish=1731316803308151639,duration=11641843,event=agent[0Ktravis_time:start:06051720[0Ktravis_time:end:06051720:start=1731316803312473891,finish=1731316803315164739,duration=2690848,event=check_unsupported[0Ktravis_time:start:0dd4f351[0Ktravis_fold:start:system_info[0K[33;1mBuild system information[0m
 Build language: go
 Build dist: jammy
-Build id: 273034818
-Job id: 627824803
+Build id: 273092716
+Job id: 627965097
 Runtime kernel version: 6.8.0-1014-gcp
 VM: default
 travis-build version: 6b157a1c
@@ -158,11 +158,11 @@ Composer version 2.3.7 2022-06-06 16:43:28
 ruby-2.7.8
 ruby-3.3.5
 travis_fold:end:system_info[0K
-travis_time:end:0d7e78e0:start=1730884208966113276,finish=1730884208974206390,duration=8093114,event=show_system_info[0Ktravis_time:start:2ce3296f[0Ktravis_time:end:2ce3296f:start=1730884208982049004,finish=1730884209010819064,duration=28770060,event=rm_riak_source[0Ktravis_time:start:3177cc42[0Ktravis_time:end:3177cc42:start=1730884209014697516,finish=1730884209021449360,duration=6751844,event=fix_rwky_redis[0Ktravis_time:start:06f34ac1[0Ktravis_time:end:06f34ac1:start=1730884209025110618,finish=1730884209670223632,duration=645113014,event=wait_for_network[0Ktravis_time:start:087235fc[0Ktravis_time:end:087235fc:start=1730884209673836645,finish=1730884209948806394,duration=274969749,event=update_apt_keys[0Ktravis_time:start:2dc97f44[0Ktravis_time:end:2dc97f44:start=1730884209952655259,finish=1730884210012580814,duration=59925555,event=fix_hhvm_source[0Ktravis_time:start:09fdf908[0Ktravis_time:end:09fdf908:start=1730884210016814370,finish=1730884210019879754,duration=3065384,event=update_mongo_arch[0Ktravis_time:start:120877b4[0Ktravis_time:end:120877b4:start=1730884210023978545,finish=1730884210063693382,duration=39714837,event=fix_sudo_enabled_trusty[0Ktravis_time:start:055c53a0[0Ktravis_time:end:055c53a0:start=1730884210067944045,finish=1730884210070254860,duration=2310815,event=update_glibc[0Ktravis_time:start:066ad7c0[0Ktravis_time:end:066ad7c0:start=1730884210073482656,finish=1730884210108138343,duration=34655687,event=clean_up_path[0Ktravis_time:start:0086e494[0Ktravis_time:end:0086e494:start=1730884210112145859,finish=1730884210124721220,duration=12575361,event=fix_resolv_conf[0Ktravis_time:start:006dda28[0Ktravis_time:end:006dda28:start=1730884210128091858,finish=1730884210141945570,duration=13853712,event=fix_etc_hosts[0Ktravis_time:start:04a0a735[0Ktravis_time:end:04a0a735:start=1730884210146256620,finish=1730884210154843382,duration=8586762,event=fix_mvn_settings_xml[0Ktravis_time:start:1bc21128[0Ktravis_time:end:1bc21128:start=1730884210158949957,finish=1730884210173316153,duration=14366196,event=no_ipv6_localhost[0Ktravis_time:start:02115c8c[0Ktravis_time:end:02115c8c:start=1730884210176640038,finish=1730884210179052810,duration=2412772,event=fix_etc_mavenrc[0Ktravis_time:start:31bf07d0[0KOK
-travis_time:end:31bf07d0:start=1730884210182784961,finish=1730884210655390595,duration=472605634,event=fix_perforce_key[0Ktravis_time:start:06f918fc[0Ktravis_time:end:06f918fc:start=1730884210658778846,finish=1730884210662030411,duration=3251565,event=fix_wwdr_certificate[0Ktravis_time:start:16641000[0Ktravis_time:end:16641000:start=1730884210665777526,finish=1730884210707450870,duration=41673344,event=put_localhost_first[0Ktravis_time:start:164106b7[0Ktravis_time:end:164106b7:start=1730884210710991450,finish=1730884210715106566,duration=4115116,event=home_paths[0Ktravis_time:start:05dd251c[0Ktravis_time:end:05dd251c:start=1730884210718860165,finish=1730884210736881902,duration=18021737,event=disable_initramfs[0Ktravis_time:start:2e760ada[0Ktravis_time:end:2e760ada:start=1730884210740903827,finish=1730884210889804144,duration=148900317,event=disable_ssh_roaming[0Ktravis_time:start:1e1622dc[0Ktravis_time:end:1e1622dc:start=1730884210893711743,finish=1730884210896184155,duration=2472412,event=debug_tools[0Ktravis_time:start:06da2540[0Ktravis_time:end:06da2540:start=1730884210899520972,finish=1730884210902639583,duration=3118611,event=uninstall_oclint[0Ktravis_time:start:182e55e5[0Ktravis_time:end:182e55e5:start=1730884210906638949,finish=1730884210909535223,duration=2896274,event=rvm_use[0Ktravis_time:start:036bfb56[0Ktravis_time:end:036bfb56:start=1730884210912981991,finish=1730884210925244746,duration=12262755,event=rm_etc_boto_cfg[0Ktravis_time:start:0954b4fc[0Ktravis_time:end:0954b4fc:start=1730884210928556533,finish=1730884210932370050,duration=3813517,event=rm_oraclejdk8_symlink[0Ktravis_time:start:0b167200[0Ktravis_time:end:0b167200:start=1730884210935826850,finish=1730884211073862846,duration=138035996,event=enable_i386[0Ktravis_time:start:05ee4120[0Ktravis_time:end:05ee4120:start=1730884211078144282,finish=1730884211081995202,duration=3850920,event=update_rubygems[0Ktravis_time:start:313d2127[0Ktravis_time:end:313d2127:start=1730884211085116882,finish=1730884212161677115,duration=1076560233,event=ensure_path_components[0Ktravis_time:start:04965172[0Ktravis_time:end:04965172:start=1730884212166068587,finish=1730884212168430216,duration=2361629,event=redefine_curl[0Ktravis_time:start:0ae76c84[0Ktravis_time:end:0ae76c84:start=1730884212172557332,finish=1730884212241859839,duration=69302507,event=nonblock_pipe[0Ktravis_time:start:17e286cc[0Ktravis_time:end:17e286cc:start=1730884212247114921,finish=1730884218309476716,duration=6062361795,event=apt_get_update[0Ktravis_time:start:241b802c[0Ktravis_time:end:241b802c:start=1730884218313384355,finish=1730884218315962951,duration=2578596,event=deprecate_xcode_64[0Ktravis_time:start:0954a188[0Ktravis_time:end:0954a188:start=1730884218319920799,finish=1730884222253601867,duration=3933681068,event=update_heroku[0Ktravis_time:start:172ef560[0Ktravis_time:end:172ef560:start=1730884222257076812,finish=1730884222259225458,duration=2148646,event=shell_session_update[0Ktravis_time:start:119cae3a[0Ktravis_fold:start:docker_mtu_and_registry_mirrors[0Ktravis_fold:end:docker_mtu_and_registry_mirrors[0Ktravis_time:end:119cae3a:start=1730884222262722838,finish=1730884224660119086,duration=2397396248,event=set_docker_mtu_and_registry_mirrors[0Ktravis_time:start:08f2f9b8[0Ktravis_fold:start:Docker[0Ktravis_fold:end:Docker[0Ktravis_time:end:08f2f9b8:start=1730884224664144431,finish=1730884224666944847,duration=2800416,event=docker_config[0Ktravis_time:start:1617a263[0Ktravis_fold:start:resolvconf[0Ktravis_fold:end:resolvconf[0Ktravis_time:end:1617a263:start=1730884224670439528,finish=1730884224745047341,duration=74607813,event=resolvconf[0Ktravis_time:start:22f2e5bf[0Ktravis_time:end:22f2e5bf:start=1730884224749567437,finish=1730884224976671897,duration=227104460,event=maven_central_mirror[0Ktravis_time:start:02971f68[0Ktravis_time:end:02971f68:start=1730884224980496253,finish=1730884225104236649,duration=123740396,event=maven_https[0Ktravis_time:start:01940ba1[0Ktravis_fold:start:services[0Ktravis_time:start:018fded8[0K$ sudo systemctl start docker
-travis_time:end:018fded8:start=1730884225112444467,finish=1730884225129841279,duration=17396812,event=prepare[0Ktravis_fold:end:services[0Ktravis_time:end:018fded8:start=1730884225112444467,finish=1730884228136150081,duration=3023705614,event=services[0Ktravis_time:start:05087500[0Ktravis_time:end:05087500:start=1730884228139924301,finish=1730884228142675837,duration=2751536,event=fix_ps4[0KUpdating gimme
-travis_time:start:0a0f9342[0K
-travis_fold:start:git.checkout[0Ktravis_time:start:01820618[0Ktravis_time:end:01820618:start=1730884233835429687,finish=1730884233846516232,duration=11086545,event=checkout[0Ktravis_time:start:0980e6c6[0K$ git clone --depth=50 --branch=6.0.4.4 https://github.com/noironetworks/aci-containers.git noironetworks/aci-containers
+travis_time:end:0dd4f351:start=1731316803319353652,finish=1731316803330143536,duration=10789884,event=show_system_info[0Ktravis_time:start:0936bead[0Ktravis_time:end:0936bead:start=1731316803336989494,finish=1731316803366729237,duration=29739743,event=rm_riak_source[0Ktravis_time:start:00329082[0Ktravis_time:end:00329082:start=1731316803373034731,finish=1731316803379850513,duration=6815782,event=fix_rwky_redis[0Ktravis_time:start:0dbd67b8[0Ktravis_time:end:0dbd67b8:start=1731316803383473333,finish=1731316803982364278,duration=598890945,event=wait_for_network[0Ktravis_time:start:04815cfa[0Ktravis_time:end:04815cfa:start=1731316803987789352,finish=1731316804260643061,duration=272853709,event=update_apt_keys[0Ktravis_time:start:0661e88e[0Ktravis_time:end:0661e88e:start=1731316804264597996,finish=1731316804322749192,duration=58151196,event=fix_hhvm_source[0Ktravis_time:start:117ec945[0Ktravis_time:end:117ec945:start=1731316804326661275,finish=1731316804329750921,duration=3089646,event=update_mongo_arch[0Ktravis_time:start:0311513b[0Ktravis_time:end:0311513b:start=1731316804333544171,finish=1731316804371415714,duration=37871543,event=fix_sudo_enabled_trusty[0Ktravis_time:start:11abfd18[0Ktravis_time:end:11abfd18:start=1731316804375757566,finish=1731316804378161767,duration=2404201,event=update_glibc[0Ktravis_time:start:000f8fa7[0Ktravis_time:end:000f8fa7:start=1731316804381666711,finish=1731316804418588518,duration=36921807,event=clean_up_path[0Ktravis_time:start:000a1540[0Ktravis_time:end:000a1540:start=1731316804423395825,finish=1731316804436376553,duration=12980728,event=fix_resolv_conf[0Ktravis_time:start:01b9ce0d[0Ktravis_time:end:01b9ce0d:start=1731316804439984653,finish=1731316804453891385,duration=13906732,event=fix_etc_hosts[0Ktravis_time:start:22e31388[0Ktravis_time:end:22e31388:start=1731316804458058363,finish=1731316804467982898,duration=9924535,event=fix_mvn_settings_xml[0Ktravis_time:start:087c0350[0Ktravis_time:end:087c0350:start=1731316804471874643,finish=1731316804486424655,duration=14550012,event=no_ipv6_localhost[0Ktravis_time:start:02a629d8[0Ktravis_time:end:02a629d8:start=1731316804490132590,finish=1731316804492574246,duration=2441656,event=fix_etc_mavenrc[0Ktravis_time:start:23a01d7c[0KOK
+travis_time:end:23a01d7c:start=1731316804496616179,finish=1731316804944589571,duration=447973392,event=fix_perforce_key[0Ktravis_time:start:0b442de8[0Ktravis_time:end:0b442de8:start=1731316804948359829,finish=1731316804951479832,duration=3120003,event=fix_wwdr_certificate[0Ktravis_time:start:0a7da3bb[0Ktravis_time:end:0a7da3bb:start=1731316804955313348,finish=1731316804994433849,duration=39120501,event=put_localhost_first[0Ktravis_time:start:054a7040[0Ktravis_time:end:054a7040:start=1731316804998386521,finish=1731316805001819427,duration=3432906,event=home_paths[0Ktravis_time:start:182ee920[0Ktravis_time:end:182ee920:start=1731316805005769547,finish=1731316805023409068,duration=17639521,event=disable_initramfs[0Ktravis_time:start:1ace1c50[0Ktravis_time:end:1ace1c50:start=1731316805027339274,finish=1731316805168212979,duration=140873705,event=disable_ssh_roaming[0Ktravis_time:start:298eeacb[0Ktravis_time:end:298eeacb:start=1731316805172160193,finish=1731316805174684040,duration=2523847,event=debug_tools[0Ktravis_time:start:0f10dad8[0Ktravis_time:end:0f10dad8:start=1731316805178629449,finish=1731316805181908838,duration=3279389,event=uninstall_oclint[0Ktravis_time:start:19d4d21e[0Ktravis_time:end:19d4d21e:start=1731316805185546823,finish=1731316805188496898,duration=2950075,event=rvm_use[0Ktravis_time:start:3471bab1[0Ktravis_time:end:3471bab1:start=1731316805192136734,finish=1731316805203979504,duration=11842770,event=rm_etc_boto_cfg[0Ktravis_time:start:005f25c0[0Ktravis_time:end:005f25c0:start=1731316805207341573,finish=1731316805210569919,duration=3228346,event=rm_oraclejdk8_symlink[0Ktravis_time:start:1356d214[0Ktravis_time:end:1356d214:start=1731316805213860097,finish=1731316805347904006,duration=134043909,event=enable_i386[0Ktravis_time:start:0a675818[0Ktravis_time:end:0a675818:start=1731316805352084615,finish=1731316805356140557,duration=4055942,event=update_rubygems[0Ktravis_time:start:0e3faa08[0Ktravis_time:end:0e3faa08:start=1731316805359229699,finish=1731316806611628480,duration=1252398781,event=ensure_path_components[0Ktravis_time:start:19c79c89[0Ktravis_time:end:19c79c89:start=1731316806615948795,finish=1731316806618579920,duration=2631125,event=redefine_curl[0Ktravis_time:start:0df2ddc0[0Ktravis_time:end:0df2ddc0:start=1731316806622577054,finish=1731316806692405684,duration=69828630,event=nonblock_pipe[0Ktravis_time:start:19208028[0Ktravis_time:end:19208028:start=1731316806696000488,finish=1731316812744753319,duration=6048752831,event=apt_get_update[0Ktravis_time:start:0a2a30f0[0Ktravis_time:end:0a2a30f0:start=1731316812748524572,finish=1731316812751203951,duration=2679379,event=deprecate_xcode_64[0Ktravis_time:start:0c5ac574[0Ktravis_time:end:0c5ac574:start=1731316812754983826,finish=1731316816704903235,duration=3949919409,event=update_heroku[0Ktravis_time:start:2fe2514c[0Ktravis_time:end:2fe2514c:start=1731316816708822357,finish=1731316816711216848,duration=2394491,event=shell_session_update[0Ktravis_time:start:009b97b2[0Ktravis_fold:start:docker_mtu_and_registry_mirrors[0Ktravis_fold:end:docker_mtu_and_registry_mirrors[0Ktravis_time:end:009b97b2:start=1731316816714551910,finish=1731316819109959436,duration=2395407526,event=set_docker_mtu_and_registry_mirrors[0Ktravis_time:start:0df1ae02[0Ktravis_fold:start:Docker[0Ktravis_fold:end:Docker[0Ktravis_time:end:0df1ae02:start=1731316819114114463,finish=1731316819116702762,duration=2588299,event=docker_config[0Ktravis_time:start:0964404a[0Ktravis_fold:start:resolvconf[0Ktravis_fold:end:resolvconf[0Ktravis_time:end:0964404a:start=1731316819120049670,finish=1731316819195246586,duration=75196916,event=resolvconf[0Ktravis_time:start:04cccd40[0Ktravis_time:end:04cccd40:start=1731316819199791362,finish=1731316819416025975,duration=216234613,event=maven_central_mirror[0Ktravis_time:start:21066414[0Ktravis_time:end:21066414:start=1731316819419577910,finish=1731316819542432723,duration=122854813,event=maven_https[0Ktravis_time:start:0d8824c7[0Ktravis_fold:start:services[0Ktravis_time:start:1cb81c00[0K$ sudo systemctl start docker
+travis_time:end:1cb81c00:start=1731316819550670492,finish=1731316819568331973,duration=17661481,event=prepare[0Ktravis_fold:end:services[0Ktravis_time:end:1cb81c00:start=1731316819550670492,finish=1731316822574567818,duration=3023897326,event=services[0Ktravis_time:start:34bb6d14[0Ktravis_time:end:34bb6d14:start=1731316822578759857,finish=1731316822581397874,duration=2638017,event=fix_ps4[0KUpdating gimme
+travis_time:start:10fbbec0[0K
+travis_fold:start:git.checkout[0Ktravis_time:start:0bfe632c[0Ktravis_time:end:0bfe632c:start=1731316828357500646,finish=1731316828367850650,duration=10350004,event=checkout[0Ktravis_time:start:24b733ea[0K$ git clone --depth=50 --branch=6.0.4.4 https://github.com/noironetworks/aci-containers.git noironetworks/aci-containers
 Cloning into 'noironetworks/aci-containers'...
 Note: switching to 'd090ca19b2ebe458b0f15e91dc685e6ba807e693'.
 
@@ -181,11 +181,11 @@ Or undo this operation with:
 
 Turn off this advice by setting config variable advice.detachedHead to false
 
-travis_time:end:0980e6c6:start=1730884233850565224,finish=1730884238006092871,duration=4155527647,event=checkout[0K$ cd noironetworks/aci-containers
+travis_time:end:24b733ea:start=1731316828371650842,finish=1731316833045128967,duration=4673478125,event=checkout[0K$ cd noironetworks/aci-containers
 $ git checkout -qf 6.0.4.4
 travis_fold:end:git.checkout[0K
-travis_time:end:0980e6c6:start=1730884233850565224,finish=1730884238040319255,duration=4189754031,event=checkout[0K$ travis_export_go 1.21.x github.com/noironetworks/aci-containers
-travis_time:start:035ca3d8[0K
+travis_time:end:24b733ea:start=1731316828371650842,finish=1731316833114205909,duration=4742555067,event=checkout[0K$ travis_export_go 1.21.x github.com/noironetworks/aci-containers
+travis_time:start:0281b341[0K
 [33;1mSetting environment variables from repository settings[0m
 $ export TRAVIS_TAGGER=[secure]
 $ export QUAY_TRAVIS_NOIRO_ROBO_PSWD=[secure]
@@ -199,17 +199,17 @@ $ export QUAY_TRAVIS_NOIROLABS_ROBO_USER=[secure]
 $ export DEFAULT_BRANCH=master
 $ export GOPROXY=https://proxy.golang.org,https://goproxy.io,direct
 
-travis_time:end:035ca3d8:start=1730884238046830391,finish=1730884238052622654,duration=5792263,event=env[0Ktravis_time:start:1ef055c8[0K$ travis_setup_go
+travis_time:end:0281b341:start=1731316833120823614,finish=1731316833127364775,duration=6541161,event=env[0Ktravis_time:start:02a7dc2e[0K$ travis_setup_go
 $ export GOPATH="/home/travis/gopath"
 $ export PATH="/home/travis/gopath/bin:/home/travis/bin:/home/travis/bin:/home/travis/.local/bin:/usr/local/lib/jvm/openjdk11/bin:/opt/pyenv/shims:/home/travis/.phpenv/shims:/home/travis/perl5/perlbrew/bin:/home/travis/.nvm/versions/node/v18.20.3/bin:/home/travis/.kiex/elixirs/elixir-1.12.2/bin:/home/travis/.kiex/bin:/home/travis/.rvm/gems/ruby-3.3.5/bin:/home/travis/.rvm/gems/ruby-3.3.5@global/bin:/home/travis/.rvm/rubies/ruby-3.3.5/bin:/home/travis/gopath/bin:/home/travis/.gimme/versions/go1.23.0.linux.amd64/bin:/usr/local/maven-3.9.5/bin:/usr/local/cmake-3.29.0/bin:/usr/local/clang-18.1.8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/home/travis/.rvm/bin:/home/travis/.phpenv/bin:/opt/pyenv/bin:/home/travis/.yarn/bin"
 $ export GO111MODULE="auto"
-go: downloading golang.org/dl v0.0.0-20241001165935-bedb0f791d00
-go: golang.org/dl/go1.21.x@latest: module golang.org/dl@latest found (v0.0.0-20241001165935-bedb0f791d00), but does not contain package golang.org/dl/go1.21.x
+go: downloading golang.org/dl v0.0.0-20241106222207-4e0968199959
+go: golang.org/dl/go1.21.x@latest: module golang.org/dl@latest found (v0.0.0-20241106222207-4e0968199959), but does not contain package golang.org/dl/go1.21.x
 go1.21.x: command not found
 go1.21.x: command not found
 $ export GOROOT=
 $ export PATH=/bin:/home/travis/gopath/bin:/home/travis/bin:/home/travis/bin:/home/travis/.local/bin:/usr/local/lib/jvm/openjdk11/bin:/opt/pyenv/shims:/home/travis/.phpenv/shims:/home/travis/perl5/perlbrew/bin:/home/travis/.nvm/versions/node/v18.20.3/bin:/home/travis/.kiex/elixirs/elixir-1.12.2/bin:/home/travis/.kiex/bin:/home/travis/.rvm/gems/ruby-3.3.5/bin:/home/travis/.rvm/gems/ruby-3.3.5@global/bin:/home/travis/.rvm/rubies/ruby-3.3.5/bin:/home/travis/gopath/bin:/home/travis/.gimme/versions/go1.23.0.linux.amd64/bin:/usr/local/maven-3.9.5/bin:/usr/local/cmake-3.29.0/bin:/usr/local/clang-18.1.8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/home/travis/.rvm/bin:/home/travis/.phpenv/bin:/opt/pyenv/bin:/home/travis/.yarn/bin
-travis_time:end:1ef055c8:start=1730884238057230525,finish=1730884239292522746,duration=1235292221,event=[0K$ gimme version
+travis_time:end:02a7dc2e:start=1731316833132881586,finish=1731316834821532523,duration=1688650937,event=[0K$ gimme version
 v1.5.4
 $ go version
 go version go1.23.0 linux/amd64
@@ -256,28 +256,28 @@ CGO_CXXFLAGS='-O2 -g'
 CGO_FFLAGS='-O2 -g'
 CGO_LDFLAGS='-O2 -g'
 PKG_CONFIG='pkg-config'
-GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2300800137=/tmp/go-build -gno-record-gcc-switches'
-travis_fold:end:go.env[0Ktravis_fold:start:before_install.1[0Ktravis_time:start:24e6c9f7[0K$ mkdir -vp ~/.docker/cli-plugins/
+GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1490971767=/tmp/go-build -gno-record-gcc-switches'
+travis_fold:end:go.env[0Ktravis_fold:start:before_install.1[0Ktravis_time:start:06ce4702[0K$ mkdir -vp ~/.docker/cli-plugins/
 mkdir: created directory '/home/travis/.docker'
 mkdir: created directory '/home/travis/.docker/cli-plugins/'
-travis_time:end:24e6c9f7:start=1730884239547833417,finish=1730884239553251444,duration=5418027,event=before_install[0Ktravis_fold:end:before_install.1[0Ktravis_fold:start:before_install.2[0Ktravis_time:start:0d44158a[0K$ curl --silent -L "https://github.com/docker/buildx/releases/download/v0.3.0/buildx-v0.3.0.linux-amd64" > ~/.docker/cli-plugins/docker-buildx
-travis_time:end:0d44158a:start=1730884239557924525,finish=1730884240924832474,duration=1366907949,event=before_install[0Ktravis_fold:end:before_install.2[0Ktravis_fold:start:before_install.3[0Ktravis_time:start:03662334[0K$ chmod a+x ~/.docker/cli-plugins/docker-buildx
-travis_time:end:03662334:start=1730884240930412229,finish=1730884240935198731,duration=4786502,event=before_install[0Ktravis_fold:end:before_install.3[0Ktravis_fold:start:install[0Ktravis_time:start:07ac5f02[0K$ pip install pytz
+travis_time:end:06ce4702:start=1731316835084606661,finish=1731316835089785419,duration=5178758,event=before_install[0Ktravis_fold:end:before_install.1[0Ktravis_fold:start:before_install.2[0Ktravis_time:start:005ea9de[0K$ curl --silent -L "https://github.com/docker/buildx/releases/download/v0.3.0/buildx-v0.3.0.linux-amd64" > ~/.docker/cli-plugins/docker-buildx
+travis_time:end:005ea9de:start=1731316835094339788,finish=1731316836333067965,duration=1238728177,event=before_install[0Ktravis_fold:end:before_install.2[0Ktravis_fold:start:before_install.3[0Ktravis_time:start:0aac56c9[0K$ chmod a+x ~/.docker/cli-plugins/docker-buildx
+travis_time:end:0aac56c9:start=1731316836337718888,finish=1731316836342171741,duration=4452853,event=before_install[0Ktravis_fold:end:before_install.3[0Ktravis_fold:start:install[0Ktravis_time:start:0697ff90[0K$ pip install pytz
 Defaulting to user installation because normal site-packages is not writeable
 Requirement already satisfied: pytz in /usr/lib/python3/dist-packages (2022.1)
 
 [notice] A new release of pip is available: 24.2 -> 24.3.1
 [notice] To update, run: pip install --upgrade pip
-travis_time:end:07ac5f02:start=1730884240941378705,finish=1730884242107508047,duration=1166129342,event=install[0Ktravis_fold:end:install[0Ktravis_fold:start:before_script.1[0Ktravis_time:start:041fb9e6[0K$ export DOCKER_BUILDKIT=1
-travis_time:end:041fb9e6:start=1730884242113854352,finish=1730884242116463127,duration=2608775,event=before_script[0Ktravis_fold:end:before_script.1[0Ktravis_fold:start:before_script.2[0Ktravis_time:start:196ca868[0K$ export UPSTREAM_ID=81c2369
-travis_time:end:196ca868:start=1730884242121643913,finish=1730884242124474542,duration=2830629,event=before_script[0Ktravis_fold:end:before_script.2[0Ktravis_time:start:079b66f9[0K$ echo "Skip running UTs"
+travis_time:end:0697ff90:start=1731316836348384277,finish=1731316837545701141,duration=1197316864,event=install[0Ktravis_fold:end:install[0Ktravis_fold:start:before_script.1[0Ktravis_time:start:2020f04c[0K$ export DOCKER_BUILDKIT=1
+travis_time:end:2020f04c:start=1731316837550754025,finish=1731316837553597105,duration=2843080,event=before_script[0Ktravis_fold:end:before_script.1[0Ktravis_fold:start:before_script.2[0Ktravis_time:start:1f6542d4[0K$ export UPSTREAM_ID=81c2369
+travis_time:end:1f6542d4:start=1731316837558315726,finish=1731316837560769440,duration=2453714,event=before_script[0Ktravis_fold:end:before_script.2[0Ktravis_time:start:1219bea0[0K$ echo "Skip running UTs"
 Skip running UTs
-travis_time:end:079b66f9:start=1730884242128488596,finish=1730884242131393831,duration=2905235,event=script[0K[32;1mThe command "echo "Skip running UTs"" exited with 0.[0m
-travis_time:start:076e5030[0K$ git clone http://www.github.com/noironetworks/cicd -b lmr-6.0.4 /tmp/cicd
+travis_time:end:1219bea0:start=1731316837565123162,finish=1731316837568037847,duration=2914685,event=script[0K[32;1mThe command "echo "Skip running UTs"" exited with 0.[0m
+travis_time:start:0fd83b4c[0K$ git clone http://www.github.com/noironetworks/cicd -b lmr-6.0.4 /tmp/cicd
 Cloning into '/tmp/cicd'...
 warning: redirecting to https://github.com/noironetworks/cicd.git/
-travis_time:end:076e5030:start=1730884242136471718,finish=1730884242522796255,duration=386324537,event=script[0K[32;1mThe command "git clone http://www.github.com/noironetworks/cicd -b lmr-6.0.4 /tmp/cicd" exited with 0.[0m
-travis_time:start:00b0a1ac[0K$ /tmp/cicd/travis/check-git-tag.sh; RETURN_CODE=$? ; if [ $RETURN_CODE -eq 140 ]; then travis_terminate 0; elif [ $RETURN_CODE -ne 0 ]; then travis_terminate $RETURN_CODE; fi
+travis_time:end:0fd83b4c:start=1731316837572883407,finish=1731316837976884186,duration=404000779,event=script[0K[32;1mThe command "git clone http://www.github.com/noironetworks/cicd -b lmr-6.0.4 /tmp/cicd" exited with 0.[0m
+travis_time:start:2c436d64[0K$ /tmp/cicd/travis/check-git-tag.sh; RETURN_CODE=$? ; if [ $RETURN_CODE -eq 140 ]; then travis_terminate 0; elif [ $RETURN_CODE -ne 0 ]; then travis_terminate $RETURN_CODE; fi
 ++dirname /tmp/cicd/travis/check-git-tag.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -285,9 +285,9 @@ travis_time:start:00b0a1ac[0K$ /tmp/cicd/travis/check-git-tag.sh; RETURN_CODE=
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -315,8 +315,8 @@ Date:   Wed Sep 25 13:53:28 2024 -0700
 ++grep 'Created by Travis Job'
 +tag_message=
 +[[ ! -z '' ]]
-travis_time:end:00b0a1ac:start=1730884242528218828,finish=1730884242552821712,duration=24602884,event=script[0K[32;1mThe command "/tmp/cicd/travis/check-git-tag.sh; RETURN_CODE=$? ; if [ $RETURN_CODE -eq 140 ]; then travis_terminate 0; elif [ $RETURN_CODE -ne 0 ]; then travis_terminate $RETURN_CODE; fi" exited with 0.[0m
-travis_time:start:030bed2e[0K$ /tmp/cicd/travis/build-push-aci-containers-images.sh || travis_terminate 1
+travis_time:end:2c436d64:start=1731316837982583546,finish=1731316838004453336,duration=21869790,event=script[0K[32;1mThe command "/tmp/cicd/travis/check-git-tag.sh; RETURN_CODE=$? ; if [ $RETURN_CODE -eq 140 ]; then travis_terminate 0; elif [ $RETURN_CODE -ne 0 ]; then travis_terminate $RETURN_CODE; fi" exited with 0.[0m
+travis_time:start:0ae97d60[0K$ /tmp/cicd/travis/build-push-aci-containers-images.sh || travis_terminate 1
 ++dirname /tmp/cicd/travis/build-push-aci-containers-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -324,9 +324,9 @@ travis_time:start:030bed2e[0K$ /tmp/cicd/travis/build-push-aci-containers-imag
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -350,7 +350,7 @@ Date:   Wed Sep 25 13:53:28 2024 -0700
 
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
 +RELEASE_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
 +docker/copy_iptables.sh quay.io/noirolabs/opflex-build-base:6.0.4.4.81c2369.z dist-static
 +BASE_IMAGE=quay.io/noirolabs/opflex-build-base:6.0.4.4.81c2369.z
@@ -368,17 +368,16 @@ b269587f540e: Pulling fs layer
 687cebdc776b: Pulling fs layer
 4d9428dafa9c: Waiting
 687cebdc776b: Waiting
-f04c9b876d29: Verifying Checksum
 f04c9b876d29: Download complete
 4d9428dafa9c: Verifying Checksum
 4d9428dafa9c: Download complete
 b269587f540e: Verifying Checksum
 b269587f540e: Download complete
-f04c9b876d29: Pull complete
-10e8d2cc46af: Verifying Checksum
-10e8d2cc46af: Download complete
 687cebdc776b: Verifying Checksum
 687cebdc776b: Download complete
+10e8d2cc46af: Verifying Checksum
+10e8d2cc46af: Download complete
+f04c9b876d29: Pull complete
 b269587f540e: Pull complete
 10e8d2cc46af: Pull complete
 4d9428dafa9c: Pull complete
@@ -395,7 +394,7 @@ Status: Downloaded newer image for quay.io/noirolabs/opflex-build-base:6.0.4.4.8
 +cp docker/iptables-wrapper-installer.sh dist-static
 +make -C . all-static
 make: Entering directory '/home/travis/build/noironetworks/aci-containers'
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:11:14.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:11:14.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:11:14.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:11:14.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-host-agent github.com/noironetworks/aci-containers/cmd/hostagent
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:21:13.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:21:13.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:21:13.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:21:13.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-host-agent github.com/noironetworks/aci-containers/cmd/hostagent
 internal/unsafeheader
 internal/goarch
 internal/cpu
@@ -482,8 +481,8 @@ sync
 internal/reflectlite
 internal/bisect
 errors
-io
 internal/godebug
+io
 internal/oserror
 syscall
 bytes
@@ -502,8 +501,8 @@ encoding/binary
 internal/fmtsort
 internal/syscall/execenv
 internal/testlog
-os
 encoding/base64
+os
 strings
 vendor/golang.org/x/net/dns/dnsmessage
 fmt
@@ -516,13 +515,13 @@ net/netip
 encoding/json
 flag
 sort
+net
 hash
 crypto
 crypto/cipher
 crypto/internal/boring
 crypto/internal/randutil
 math/rand
-net
 math/big
 crypto/rand
 golang.org/x/sys/unix
@@ -534,20 +533,20 @@ github.com/containernetworking/cni/pkg/types/100
 path/filepath
 github.com/containernetworking/plugins/pkg/utils/sysctl
 os/exec
-github.com/containernetworking/plugins/pkg/ns
 regexp/syntax
+github.com/containernetworking/plugins/pkg/ns
 encoding/hex
 github.com/safchain/ethtool
+regexp
 github.com/vishvananda/netns
 log
 github.com/vishvananda/netlink/nl
-regexp
 github.com/coreos/go-iptables/iptables
 io/ioutil
 github.com/containernetworking/cni/pkg/types/create
-github.com/vishvananda/netlink
 github.com/containernetworking/cni/pkg/version
 github.com/containernetworking/cni/pkg/invoke
+github.com/vishvananda/netlink
 github.com/fsnotify/fsnotify
 crypto/md5
 crypto/sha1
@@ -562,21 +561,21 @@ github.com/google/gofuzz/bytesource
 github.com/google/gofuzz
 gopkg.in/inf.v0
 k8s.io/apimachinery/third_party/forked/golang/reflect
+k8s.io/apimachinery/pkg/api/resource
 k8s.io/apimachinery/pkg/conversion
 k8s.io/apimachinery/pkg/fields
-k8s.io/apimachinery/pkg/api/resource
 k8s.io/apimachinery/pkg/util/sets
 k8s.io/utils/internal/third_party/forked/golang/net
 k8s.io/utils/net
 log/slog/internal/buffer
 log/slog
+github.com/go-logr/logr
 k8s.io/apimachinery/pkg/util/errors
 k8s.io/apimachinery/pkg/util/validation/field
-k8s.io/apimachinery/pkg/util/validation
-github.com/go-logr/logr
 k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock
+k8s.io/apimachinery/pkg/util/validation
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/sloghandler
@@ -589,9 +588,9 @@ k8s.io/apimachinery/pkg/labels
 go/doc/comment
 internal/lazyregexp
 go/build/constraint
-go/doc
 go/internal/typeparams
 go/parser
+go/doc
 net/url
 k8s.io/apimachinery/pkg/runtime/schema
 sigs.k8s.io/json/internal/golang/encoding/json
@@ -602,8 +601,8 @@ compress/flate
 hash/crc32
 compress/gzip
 sigs.k8s.io/json
-crypto/aes
 k8s.io/apimachinery/pkg/util/json
+crypto/aes
 crypto/des
 crypto/internal/edwards25519/field
 crypto/internal/nistec/fiat
@@ -612,31 +611,31 @@ crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
-crypto/internal/nistec
 vendor/golang.org/x/crypto/cryptobyte
+crypto/internal/nistec
 crypto/internal/edwards25519
 crypto/ecdh
 crypto/elliptic
 crypto/ed25519
 crypto/hmac
 vendor/golang.org/x/crypto/chacha20
-vendor/golang.org/x/crypto/internal/poly1305
 crypto/ecdsa
+vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/sha3
 crypto/internal/hpke
+crypto/internal/mlkem768
 crypto/rc4
 crypto/rsa
-crypto/internal/mlkem768
 crypto/sha256
 crypto/dsa
 crypto/x509/pkix
 encoding/pem
 vendor/golang.org/x/text/transform
-vendor/golang.org/x/text/unicode/bidi
 crypto/x509
+vendor/golang.org/x/text/unicode/bidi
 vendor/golang.org/x/text/secure/bidirule
 vendor/golang.org/x/text/unicode/norm
 vendor/golang.org/x/net/idna
@@ -653,9 +652,9 @@ net/http/internal
 net/http/internal/ascii
 github.com/modern-go/concurrent
 github.com/modern-go/reflect2
-github.com/json-iterator/go
 net/http/httptrace
 net/http
+github.com/json-iterator/go
 gopkg.in/yaml.v2
 sigs.k8s.io/structured-merge-diff/v4/value
 k8s.io/apimachinery/pkg/util/intstr
@@ -663,29 +662,29 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/secure/bidirule
 golang.org/x/text/unicode/norm
+k8s.io/apimachinery/pkg/util/runtime
+k8s.io/apimachinery/pkg/runtime
 golang.org/x/net/idna
 golang.org/x/net/http/httpguts
-k8s.io/apimachinery/pkg/util/runtime
 golang.org/x/net/http2/hpack
-k8s.io/apimachinery/pkg/runtime
 golang.org/x/net/http2
 k8s.io/apimachinery/pkg/runtime/serializer/recognizer
 k8s.io/apimachinery/pkg/util/framer
 sigs.k8s.io/yaml/goyaml.v2
-k8s.io/apimachinery/pkg/util/net
 sigs.k8s.io/yaml
 k8s.io/apimachinery/pkg/util/yaml
 k8s.io/apimachinery/pkg/runtime/serializer/json
-k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/pkg/runtime/serializer/streaming
 k8s.io/apimachinery/pkg/version
 k8s.io/client-go/pkg/version
-k8s.io/apimachinery/pkg/apis/meta/v1
 golang.org/x/term
 github.com/davecgh/go-spew/spew
+k8s.io/apimachinery/pkg/util/net
 k8s.io/apimachinery/pkg/util/dump
 k8s.io/client-go/tools/clientcmd/api
+k8s.io/apimachinery/pkg/watch
 k8s.io/client-go/tools/metrics
+k8s.io/apimachinery/pkg/apis/meta/v1
 golang.org/x/oauth2/internal
 golang.org/x/oauth2
 k8s.io/utils/clock
@@ -706,6 +705,8 @@ google.golang.org/protobuf/encoding/protowire
 google.golang.org/protobuf/internal/pragma
 google.golang.org/protobuf/reflect/protoreflect
 google.golang.org/protobuf/internal/encoding/messageset
+google.golang.org/protobuf/internal/strs
+google.golang.org/protobuf/internal/encoding/text
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1
 k8s.io/apimachinery/pkg/runtime/serializer/protobuf
 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured
@@ -717,25 +718,23 @@ k8s.io/apimachinery/pkg/runtime/serializer
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/scheme
 k8s.io/client-go/pkg/apis/clientauthentication/install
-k8s.io/client-go/plugin/pkg/client/auth/exec
 k8s.io/client-go/rest/watch
-google.golang.org/protobuf/internal/strs
-google.golang.org/protobuf/internal/encoding/text
-k8s.io/client-go/rest
+k8s.io/client-go/plugin/pkg/client/auth/exec
 google.golang.org/protobuf/internal/genid
 google.golang.org/protobuf/internal/order
 google.golang.org/protobuf/reflect/protoregistry
+k8s.io/client-go/rest
 google.golang.org/protobuf/runtime/protoiface
 google.golang.org/protobuf/proto
+google.golang.org/protobuf/encoding/prototext
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/typed/k8s.cni.cncf.io/v1
 google.golang.org/protobuf/internal/editiondefaults
 google.golang.org/protobuf/internal/encoding/defval
 google.golang.org/protobuf/internal/descfmt
-google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/internal/descopts
-google.golang.org/protobuf/internal/filedesc
 google.golang.org/protobuf/internal/version
 gopkg.in/yaml.v3
+google.golang.org/protobuf/internal/filedesc
 google.golang.org/protobuf/internal/encoding/tag
 google.golang.org/protobuf/internal/impl
 github.com/google/gnostic-models/jsonschema
@@ -784,8 +783,8 @@ k8s.io/api/autoscaling/v2beta1
 k8s.io/api/autoscaling/v2beta2
 k8s.io/api/batch/v1
 k8s.io/api/certificates/v1
-k8s.io/api/certificates/v1beta1
 k8s.io/api/batch/v1beta1
+k8s.io/api/certificates/v1beta1
 k8s.io/api/discovery/v1
 k8s.io/api/discovery/v1beta1
 k8s.io/api/events/v1
@@ -823,8 +822,8 @@ github.com/go-openapi/jsonreference/internal
 github.com/go-openapi/jsonreference
 encoding/base32
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
-k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/util/proto
+k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/validation/spec
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
@@ -833,17 +832,17 @@ k8s.io/kube-openapi/pkg/schemaconv
 sigs.k8s.io/structured-merge-diff/v4/merge
 github.com/munnerz/goautoneg
 k8s.io/kube-openapi/pkg/cached
+k8s.io/apimachinery/pkg/util/managedfields/internal
 hash/adler32
 compress/zlib
 encoding/xml
-k8s.io/apimachinery/pkg/util/managedfields/internal
 k8s.io/apimachinery/pkg/util/managedfields
 github.com/emicklei/go-restful/v3/log
-github.com/emicklei/go-restful/v3
 k8s.io/kube-openapi/pkg/spec3
+github.com/emicklei/go-restful/v3
 github.com/jaypipes/ghw/pkg/option
-archive/tar
 k8s.io/kube-openapi/pkg/common
+archive/tar
 k8s.io/kube-openapi/pkg/handler3
 k8s.io/client-go/openapi
 github.com/jaypipes/ghw/pkg/pci/address
@@ -893,6 +892,7 @@ google.golang.org/grpc/channelz
 google.golang.org/grpc/metadata
 google.golang.org/grpc/balancer
 google.golang.org/grpc/balancer/base
+golang.org/x/net/trace
 google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/balancer/roundrobin
 google.golang.org/grpc/codes
@@ -901,23 +901,22 @@ google.golang.org/grpc/internal/envconfig
 google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/encoding
 google.golang.org/grpc/encoding/proto
-golang.org/x/net/trace
 google.golang.org/grpc/internal/backoff
 google.golang.org/grpc/internal/balancer/gracefulswitch
 google.golang.org/grpc/internal/balancerload
 google.golang.org/grpc/binarylog/grpc_binarylog_v1
 google.golang.org/genproto/googleapis/rpc/status
-google.golang.org/grpc/internal/buffer
 google.golang.org/grpc/internal/status
+google.golang.org/grpc/internal/buffer
+google.golang.org/grpc/status
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/idle
-google.golang.org/grpc/status
-google.golang.org/grpc/internal/metadata
 google.golang.org/grpc/internal/binarylog
+google.golang.org/grpc/internal/metadata
 google.golang.org/protobuf/internal/encoding/json
-google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/serviceconfig
 google.golang.org/grpc/internal/resolver
+google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/resolver/passthrough
 google.golang.org/grpc/internal/transport/networktype
 google.golang.org/grpc/internal/resolver/unix
@@ -931,11 +930,11 @@ github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/balancer/grpclb/state
 google.golang.org/grpc/internal/resolver/dns/internal
 google.golang.org/grpc/internal/resolver/dns
-google.golang.org/grpc/internal/pretty
-google.golang.org/grpc/internal/transport
 google.golang.org/grpc/resolver/dns
 github.com/spf13/afero/internal/common
 github.com/spf13/afero/mem
+google.golang.org/grpc/internal/pretty
+google.golang.org/grpc/internal/transport
 golang.org/x/text/runes
 github.com/spf13/afero
 github.com/k8snetworkplumbingwg/sriovnet/pkg/utils/filesystem
@@ -945,25 +944,25 @@ google.golang.org/grpc
 internal/saferio
 encoding/gob
 net/rpc
-k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1
 github.com/natefinch/pie
 github.com/noironetworks/aci-containers/pkg/fabricattachment/apis/aci.fabricattachment/v1
+k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1
 k8s.io/client-go/applyconfigurations/meta/v1
-github.com/k8snetworkplumbingwg/sriov-network-device-plugin/pkg/types
 github.com/noironetworks/aci-containers/pkg/fabricattachment/applyconfiguration/aci.fabricattachment/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/scheme
-github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/typed/aci.fabricattachment/v1
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/scheme
+github.com/k8snetworkplumbingwg/sriov-network-device-plugin/pkg/types
+github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/scheme
 github.com/sirupsen/logrus
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/function
 github.com/google/go-cmp/cmp/internal/value
-github.com/google/go-cmp/cmp
 k8s.io/apimachinery/pkg/util/cache
+github.com/google/go-cmp/cmp
 k8s.io/client-go/tools/cache/synctrack
 k8s.io/apimachinery/pkg/apis/meta/v1beta1
 k8s.io/apimachinery/pkg/apis/meta/internalversion
@@ -974,12 +973,12 @@ k8s.io/utils/trace
 github.com/noironetworks/aci-containers/pkg/ipam
 github.com/noironetworks/aci-containers/pkg/metadata
 github.com/noironetworks/aci-containers/pkg/nodeinfo/apis/aci.snat/v1
-k8s.io/apimachinery/pkg/util/diff
-k8s.io/client-go/tools/cache
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/typed/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned
+k8s.io/apimachinery/pkg/util/diff
 github.com/noironetworks/aci-containers/pkg/nodepodif/apis/acipolicy/v1
+k8s.io/client-go/tools/cache
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/typed/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned
@@ -988,14 +987,14 @@ github.com/noironetworks/aci-containers/pkg/proactiveconf/applyconfiguration/aci
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/typed/aci.pc/v1
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned
-github.com/noironetworks/aci-containers/pkg/index
 github.com/noironetworks/aci-containers/pkg/qospolicy/apis/aci.qos/v1
-github.com/noironetworks/aci-containers/pkg/rdconfig/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/typed/aci.qos/v1
+github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/rdconfig/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/typed/aci.snat/v1
-github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/index
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatglobalinfo/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatlocalinfo/apis/aci.snat/v1
@@ -1007,8 +1006,8 @@ github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatlocalinfo/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatpolicy/apis/aci.snat/v1
 k8s.io/client-go/applyconfigurations/internal
-k8s.io/client-go/applyconfigurations/admissionregistration/v1
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned/scheme
+k8s.io/client-go/applyconfigurations/admissionregistration/v1
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned/typed/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1
@@ -1039,20 +1038,20 @@ k8s.io/client-go/kubernetes/typed/apps/v1beta1
 k8s.io/client-go/kubernetes/typed/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta2
 k8s.io/client-go/applyconfigurations/batch/v1
-k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/kubernetes/typed/apps/v1beta2
+k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/applyconfigurations/batch/v1beta1
-k8s.io/client-go/kubernetes/typed/batch/v1beta1
 k8s.io/client-go/kubernetes/typed/certificates/v1
+k8s.io/client-go/kubernetes/typed/batch/v1beta1
 k8s.io/client-go/applyconfigurations/certificates/v1alpha1
 k8s.io/client-go/applyconfigurations/certificates/v1beta1
 k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
-k8s.io/client-go/kubernetes/typed/certificates/v1beta1
 k8s.io/client-go/applyconfigurations/coordination/v1
-k8s.io/client-go/applyconfigurations/coordination/v1beta1
+k8s.io/client-go/kubernetes/typed/certificates/v1beta1
 k8s.io/client-go/kubernetes/typed/coordination/v1
-k8s.io/client-go/kubernetes/typed/coordination/v1beta1
+k8s.io/client-go/applyconfigurations/coordination/v1beta1
 k8s.io/client-go/tools/reference
+k8s.io/client-go/kubernetes/typed/coordination/v1beta1
 k8s.io/client-go/kubernetes/typed/core/v1
 k8s.io/client-go/applyconfigurations/discovery/v1
 k8s.io/client-go/kubernetes/typed/discovery/v1
@@ -1069,13 +1068,13 @@ k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
 k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
-k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
-k8s.io/client-go/applyconfigurations/networking/v1
+k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3
+k8s.io/client-go/applyconfigurations/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1alpha1
-k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/kubernetes/typed/networking/v1alpha1
+k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1beta1
 k8s.io/client-go/applyconfigurations/node/v1
 k8s.io/client-go/kubernetes/typed/node/v1
@@ -1095,17 +1094,17 @@ k8s.io/client-go/kubernetes/typed/rbac/v1alpha1
 k8s.io/client-go/applyconfigurations/rbac/v1beta1
 k8s.io/client-go/applyconfigurations/resource/v1alpha2
 k8s.io/client-go/kubernetes/typed/rbac/v1beta1
-k8s.io/client-go/applyconfigurations/scheduling/v1
 k8s.io/client-go/kubernetes/typed/resource/v1alpha2
-k8s.io/client-go/kubernetes/typed/scheduling/v1
+k8s.io/client-go/applyconfigurations/scheduling/v1
 k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
-k8s.io/client-go/applyconfigurations/scheduling/v1beta1
+k8s.io/client-go/kubernetes/typed/scheduling/v1
 k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
-k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
+k8s.io/client-go/applyconfigurations/scheduling/v1beta1
 k8s.io/client-go/applyconfigurations/storage/v1
+k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
 k8s.io/client-go/applyconfigurations/storage/v1alpha1
-k8s.io/client-go/kubernetes/typed/storage/v1alpha1
 k8s.io/client-go/kubernetes/typed/storage/v1
+k8s.io/client-go/kubernetes/typed/storage/v1alpha1
 k8s.io/client-go/applyconfigurations/storage/v1beta1
 github.com/openshift/api/config/v1
 k8s.io/client-go/kubernetes/typed/storage/v1beta1
@@ -1113,8 +1112,8 @@ k8s.io/client-go/kubernetes
 github.com/noironetworks/aci-containers/pkg/util
 github.com/cenkalti/hub
 github.com/cenkalti/rpc2
-github.com/cenkalti/rpc2/jsonrpc
 github.com/imdario/mergo
+github.com/cenkalti/rpc2/jsonrpc
 github.com/ovn-org/libovsdb
 encoding/csv
 github.com/spf13/pflag
@@ -1140,9 +1139,9 @@ github.com/prometheus/common/model
 runtime/metrics
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 google.golang.org/protobuf/encoding/protodelim
-github.com/prometheus/procfs/internal/fs
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/common/expfmt
+github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
 github.com/prometheus/procfs
 k8s.io/apimachinery/pkg/util/version
@@ -1155,8 +1154,8 @@ github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/promhttp
 k8s.io/component-base/metrics/prometheusextension
 github.com/prometheus/client_golang/prometheus/collectors
-k8s.io/kubernetes/pkg/apis/core/helper
 k8s.io/component-base/metrics
+k8s.io/kubernetes/pkg/apis/core/helper
 k8s.io/kubernetes/pkg/api/legacyscheme
 k8s.io/kubernetes/pkg/api/v1/service
 k8s.io/kubernetes/pkg/apis/autoscaling
@@ -1167,8 +1166,8 @@ github.com/distribution/reference
 k8s.io/component-base/metrics/prometheus/feature
 k8s.io/component-base/featuregate
 k8s.io/kubernetes/pkg/util/parsers
-k8s.io/component-helpers/node/util/sysctl
 k8s.io/apiserver/pkg/util/feature
+k8s.io/component-helpers/node/util/sysctl
 k8s.io/apiextensions-apiserver/pkg/features
 k8s.io/apiserver/pkg/features
 k8s.io/component-helpers/scheduling/corev1/nodeaffinity
@@ -1196,9 +1195,9 @@ k8s.io/apimachinery/pkg/api/validation/path
 k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme
 k8s.io/apiserver/pkg/endpoints/request
 k8s.io/apiserver/pkg/audit
-k8s.io/apiserver/pkg/admission
 k8s.io/kubernetes/pkg/apis/core/install
 k8s.io/kube-openapi/pkg/util
+k8s.io/apiserver/pkg/admission
 k8s.io/apiserver/pkg/endpoints/openapi
 k8s.io/apiserver/pkg/cel/openapi/resolver
 k8s.io/apiserver/pkg/quota/v1
@@ -1214,8 +1213,8 @@ k8s.io/client-go/informers/admissionregistration/v1
 k8s.io/client-go/informers/admissionregistration/v1alpha1
 k8s.io/client-go/informers/admissionregistration/v1beta1
 k8s.io/client-go/informers/apiserverinternal/v1alpha1
-k8s.io/client-go/informers/admissionregistration
 k8s.io/client-go/informers/apiserverinternal
+k8s.io/client-go/informers/admissionregistration
 k8s.io/client-go/informers/apps/v1
 k8s.io/client-go/informers/apps/v1beta1
 k8s.io/client-go/listers/apps/v1beta2
@@ -1223,8 +1222,8 @@ k8s.io/client-go/listers/autoscaling/v1
 k8s.io/client-go/informers/autoscaling/v1
 k8s.io/client-go/informers/apps/v1beta2
 k8s.io/client-go/listers/autoscaling/v2
-k8s.io/client-go/informers/apps
 k8s.io/client-go/informers/autoscaling/v2
+k8s.io/client-go/informers/apps
 k8s.io/client-go/listers/autoscaling/v2beta1
 k8s.io/client-go/listers/autoscaling/v2beta2
 k8s.io/client-go/informers/autoscaling/v2beta1
@@ -1233,8 +1232,8 @@ k8s.io/client-go/listers/batch/v1
 k8s.io/client-go/informers/autoscaling
 k8s.io/client-go/informers/batch/v1
 k8s.io/client-go/listers/batch/v1beta1
-k8s.io/client-go/listers/certificates/v1
 k8s.io/client-go/informers/batch/v1beta1
+k8s.io/client-go/listers/certificates/v1
 k8s.io/client-go/informers/certificates/v1
 k8s.io/client-go/informers/batch
 k8s.io/client-go/listers/certificates/v1alpha1
@@ -1247,8 +1246,8 @@ k8s.io/client-go/informers/certificates
 k8s.io/client-go/listers/coordination/v1beta1
 k8s.io/client-go/informers/coordination/v1beta1
 k8s.io/client-go/listers/core/v1
-k8s.io/client-go/informers/coordination
 k8s.io/client-go/informers/core/v1
+k8s.io/client-go/informers/coordination
 k8s.io/client-go/listers/discovery/v1
 k8s.io/client-go/informers/discovery/v1
 k8s.io/client-go/informers/core
@@ -1256,22 +1255,22 @@ k8s.io/client-go/listers/discovery/v1beta1
 k8s.io/client-go/informers/discovery/v1beta1
 k8s.io/client-go/listers/events/v1
 k8s.io/client-go/informers/events/v1
-k8s.io/client-go/informers/discovery
 k8s.io/client-go/listers/events/v1beta1
+k8s.io/client-go/informers/discovery
 k8s.io/client-go/informers/events/v1beta1
+k8s.io/client-go/informers/events
 k8s.io/client-go/listers/extensions/v1beta1
 k8s.io/client-go/informers/extensions/v1beta1
-k8s.io/client-go/informers/events
 k8s.io/client-go/listers/flowcontrol/v1
-k8s.io/client-go/informers/extensions
 k8s.io/client-go/informers/flowcontrol/v1
+k8s.io/client-go/informers/extensions
 k8s.io/client-go/listers/flowcontrol/v1beta1
 k8s.io/client-go/informers/flowcontrol/v1beta1
 k8s.io/client-go/listers/flowcontrol/v1beta2
 k8s.io/client-go/informers/flowcontrol/v1beta2
 k8s.io/client-go/listers/flowcontrol/v1beta3
-k8s.io/client-go/informers/flowcontrol/v1beta3
 k8s.io/client-go/listers/networking/v1
+k8s.io/client-go/informers/flowcontrol/v1beta3
 k8s.io/client-go/informers/networking/v1
 k8s.io/client-go/informers/flowcontrol
 k8s.io/client-go/listers/networking/v1alpha1
@@ -1346,10 +1345,10 @@ golang.org/x/text/internal/tag
 golang.org/x/text/internal/language
 golang.org/x/text/internal/language/compact
 golang.org/x/text/language
+github.com/google/cel-go/parser/gen
 golang.org/x/text/internal/catmsg
 golang.org/x/text/internal/stringset
 golang.org/x/text/internal/number
-github.com/google/cel-go/parser/gen
 golang.org/x/text/internal
 golang.org/x/text/message/catalog
 golang.org/x/text/feature/plural
@@ -1380,13 +1379,14 @@ go.opentelemetry.io/otel/trace
 k8s.io/apiserver/pkg/apis/apiserver/v1alpha1
 github.com/google/cel-go/checker
 k8s.io/apiserver/pkg/apis/apiserver/v1beta1
-github.com/google/cel-go/cel
 k8s.io/apiserver/pkg/apis/apiserver/install
+github.com/google/cel-go/cel
 k8s.io/apiserver/pkg/server/egressselector/metrics
 github.com/felixge/httpsnoop
 go.opentelemetry.io/otel/semconv/v1.20.0
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
 github.com/go-logr/logr/funcr
+github.com/go-logr/stdr
 k8s.io/apiserver/pkg/cel
 github.com/google/cel-go/ext
 k8s.io/apiserver/pkg/cel/library
@@ -1395,7 +1395,6 @@ k8s.io/apiserver/pkg/cel/common
 k8s.io/apiserver/pkg/cel/environment
 k8s.io/apiserver/pkg/admission/plugin/cel
 k8s.io/apiserver/pkg/cel/openapi
-github.com/go-logr/stdr
 go.opentelemetry.io/otel/metric
 k8s.io/apiserver/pkg/admission/plugin/webhook/matchconditions
 k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy
@@ -1417,11 +1416,11 @@ go.opentelemetry.io/proto/otlp/resource/v1
 go.opentelemetry.io/proto/otlp/trace/v1
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig
-github.com/cenkalti/backoff/v4
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
+github.com/cenkalti/backoff/v4
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
-google.golang.org/grpc/encoding/gzip
 go.opentelemetry.io/otel/exporters/otlp/otlptrace
+google.golang.org/grpc/encoding/gzip
 github.com/grpc-ecosystem/grpc-gateway/v2/utilities
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
@@ -1435,42 +1434,43 @@ k8s.io/utils/path
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
-go.opentelemetry.io/proto/otlp/collector/trace/v1
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
+go.opentelemetry.io/proto/otlp/collector/trace/v1
 k8s.io/apiserver/pkg/util/x509metrics
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
 k8s.io/utils/lru
-k8s.io/component-base/tracing
 k8s.io/api/admission/v1beta1
-k8s.io/apiserver/pkg/server/egressselector
+k8s.io/component-base/tracing
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1
+k8s.io/apiserver/pkg/server/egressselector
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1
-k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/admission/plugin/webhook/config
 k8s.io/apiserver/pkg/admission/plugin/webhook/errors
 k8s.io/apimachinery/pkg/util/uuid
 k8s.io/apiserver/pkg/authentication/authenticator
 k8s.io/apiserver/pkg/authentication/group
-k8s.io/apiserver/pkg/admission/plugin/webhook
+k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/authentication/request/anonymous
 k8s.io/apiserver/pkg/authentication/request/bearertoken
 k8s.io/apiserver/pkg/authentication/request/x509
-k8s.io/apiserver/pkg/admission/plugin/webhook/generic
 k8s.io/apiserver/pkg/authentication/request/headerrequest
+k8s.io/apiserver/pkg/admission/plugin/webhook
+k8s.io/apiserver/pkg/admission/plugin/webhook/generic
 k8s.io/apiserver/pkg/authentication/request/union
-k8s.io/apiserver/pkg/admission/configuration
-k8s.io/apiserver/pkg/admission/plugin/webhook/request
 golang.org/x/net/websocket
 k8s.io/apimachinery/pkg/util/httpstream
+k8s.io/apiserver/pkg/admission/configuration
+k8s.io/apiserver/pkg/admission/plugin/webhook/request
 k8s.io/apimachinery/pkg/util/remotecommand
 k8s.io/apimachinery/pkg/util/httpstream/wsstream
 k8s.io/apiserver/pkg/authentication/request/websocket
 k8s.io/apiserver/pkg/authentication/token/cache
 k8s.io/apiserver/pkg/authentication/token/tokenfile
+k8s.io/client-go/tools/events
 k8s.io/apiserver/pkg/admission/plugin/webhook/mutating
 k8s.io/apiserver/pkg/admission/plugin/webhook/validating
-k8s.io/client-go/tools/events
+k8s.io/apiserver/pkg/server/dynamiccertificates
 k8s.io/apiserver/plugin/pkg/authenticator/token/webhook
 k8s.io/apiserver/pkg/endpoints/deprecation
 k8s.io/apiserver/pkg/endpoints/handlers/negotiation
@@ -1478,44 +1478,43 @@ k8s.io/apiserver/pkg/endpoints/responsewriter
 k8s.io/apiserver/pkg/endpoints/metrics
 k8s.io/apiserver/pkg/storage/names
 k8s.io/apiserver/pkg/registry/rest
-k8s.io/apiserver/pkg/server/dynamiccertificates
+k8s.io/apiserver/pkg/authentication/authenticatorfactory
 k8s.io/apiserver/pkg/storage
 k8s.io/apiserver/pkg/util/flushwriter
-k8s.io/apiserver/pkg/endpoints/handlers/responsewriters
-k8s.io/apiserver/pkg/endpoints/discovery
 k8s.io/apimachinery/pkg/apis/meta/internalversion/validation
 k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation
 k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager
+k8s.io/apiserver/pkg/endpoints/handlers/responsewriters
 k8s.io/apiserver/pkg/endpoints/handlers/finisher
 k8s.io/apiserver/pkg/endpoints/handlers/metrics
-k8s.io/apiserver/pkg/endpoints/handlers
-k8s.io/apiserver/pkg/authentication/authenticatorfactory
 k8s.io/apiserver/pkg/endpoints/warning
 k8s.io/component-base/metrics/prometheus/workqueue
+k8s.io/apiserver/pkg/endpoints/discovery
+k8s.io/apiserver/pkg/endpoints/handlers
 k8s.io/apiserver/pkg/storageversion
 k8s.io/apiserver/pkg/endpoints/discovery/aggregated
-k8s.io/apiserver/pkg/endpoints
 k8s.io/apiserver/pkg/server/httplog
 k8s.io/apiserver/pkg/endpoints/filterlatency
 k8s.io/apiserver/pkg/endpoints/filters
+k8s.io/apiserver/pkg/endpoints
 go.etcd.io/etcd/api/v3/mvccpb
 go.etcd.io/etcd/api/v3/v3rpc/rpctypes
 go.etcd.io/etcd/api/v3/authpb
 go.etcd.io/etcd/api/v3/membershippb
 google.golang.org/genproto/googleapis/api
-github.com/coreos/go-semver/semver
 google.golang.org/genproto/googleapis/api/annotations
+github.com/coreos/go-semver/semver
 go.etcd.io/etcd/api/v3/version
 github.com/coreos/go-systemd/v22/journal
 go.etcd.io/etcd/client/pkg/v3/systemd
 go.uber.org/multierr
 go.uber.org/zap/internal/pool
 go.uber.org/zap/buffer
+go.etcd.io/etcd/api/v3/etcdserverpb
 go.uber.org/zap/internal/bufferpool
 go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
 go.uber.org/zap/zapcore
-go.etcd.io/etcd/api/v3/etcdserverpb
 go.uber.org/zap/internal
 go.uber.org/zap/internal/stacktrace
 go.uber.org/zap
@@ -1538,8 +1537,8 @@ internal/sysinfo
 testing
 k8s.io/component-base/metrics/testutil
 k8s.io/apiserver/pkg/util/flowcontrol/metrics
-k8s.io/apiserver/pkg/util/flowcontrol/request
 go.etcd.io/etcd/client/v3
+k8s.io/apiserver/pkg/util/flowcontrol/request
 k8s.io/apiserver/pkg/util/flowcontrol/debug
 k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing
 k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock
@@ -1560,17 +1559,17 @@ k8s.io/apiserver/pkg/storage/value/encrypt/identity
 k8s.io/apiserver/pkg/server/filters
 k8s.io/apiserver/pkg/storage/storagebackend
 k8s.io/apiserver/pkg/storage/storagebackend/factory
-k8s.io/apiserver/pkg/registry/generic
 k8s.io/component-base/metrics/prometheus/slis
-k8s.io/apiserver/pkg/storage/cacher/metrics
 k8s.io/apiserver/pkg/server/healthz
+k8s.io/apiserver/pkg/registry/generic
+k8s.io/apiserver/pkg/storage/cacher/metrics
 k8s.io/apiserver/pkg/util/peerproxy/metrics
 k8s.io/kube-openapi/pkg/common/restfuladapter
-k8s.io/kube-openapi/pkg/builder
 k8s.io/kube-openapi/pkg/schemamutation
+k8s.io/kube-openapi/pkg/builder
 k8s.io/kube-openapi/pkg/builder3/util
-github.com/NYTimes/gziphandler
 k8s.io/kube-openapi/pkg/builder3
+github.com/NYTimes/gziphandler
 k8s.io/kube-openapi/pkg/handler
 internal/profile
 runtime/pprof
@@ -1586,8 +1585,8 @@ os/signal
 k8s.io/component-base/logs/api/v1
 go.opentelemetry.io/otel/semconv/internal
 go.opentelemetry.io/otel/semconv/v1.12.0
-gopkg.in/natefinch/lumberjack.v2
 k8s.io/component-base/logs
+gopkg.in/natefinch/lumberjack.v2
 k8s.io/apiserver/pkg/server
 k8s.io/apiserver/pkg/apis/audit/validation
 k8s.io/apiserver/pkg/audit/policy
@@ -1616,17 +1615,17 @@ k8s.io/apiserver/pkg/storage/value/encrypt/envelope
 k8s.io/kms/pkg/service
 golang.org/x/crypto/internal/poly1305
 golang.org/x/crypto/nacl/secretbox
-k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2
 k8s.io/apiserver/pkg/storage/value/encrypt/secretbox
+k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2
 k8s.io/apiserver/pkg/server/resourceconfig
 k8s.io/apiserver/plugin/pkg/audit/buffered
 k8s.io/apiserver/plugin/pkg/audit/log
-k8s.io/apiserver/plugin/pkg/audit/truncate
 k8s.io/apiserver/pkg/server/options/encryptionconfig
+k8s.io/apiserver/plugin/pkg/audit/truncate
 k8s.io/apiserver/pkg/apis/audit/install
 k8s.io/apiserver/plugin/pkg/audit/webhook
-k8s.io/apiserver/pkg/server/options/encryptionconfig/controller
 k8s.io/cloud-provider
+k8s.io/apiserver/pkg/server/options/encryptionconfig/controller
 k8s.io/apiserver/pkg/server/options
 k8s.io/component-base/config
 k8s.io/controller-manager/config
@@ -1635,15 +1634,15 @@ k8s.io/cloud-provider/app/config
 k8s.io/cloud-provider/controllers/node/config/v1alpha1
 k8s.io/cloud-provider/controllers/service/config/v1alpha1
 k8s.io/component-base/config/v1alpha1
-k8s.io/component-base/config/options
 k8s.io/controller-manager/config/v1alpha1
+k8s.io/component-base/config/options
 k8s.io/controller-manager/config/v1
 k8s.io/cloud-provider/config/v1alpha1
 k8s.io/controller-manager/config/v1beta1
-k8s.io/controller-manager/pkg/leadermigration/config
 k8s.io/cloud-provider/config/install
-k8s.io/controller-manager/pkg/leadermigration/options
+k8s.io/controller-manager/pkg/leadermigration/config
 k8s.io/controller-manager/pkg/clientbuilder
+k8s.io/controller-manager/pkg/leadermigration/options
 k8s.io/controller-manager/options
 k8s.io/controller-manager/pkg/features
 k8s.io/controller-manager/pkg/features/register
@@ -1655,8 +1654,8 @@ k8s.io/kubernetes/pkg/kubelet/metrics
 k8s.io/kubernetes/pkg/util/filesystem
 k8s.io/kubernetes/pkg/kubelet/util
 k8s.io/kubernetes/pkg/cluster/ports
-k8s.io/kubernetes/pkg/apis/core/validation
 k8s.io/kubernetes/pkg/kubelet/apis/podresources
+k8s.io/kubernetes/pkg/apis/core/validation
 github.com/evanphx/json-patch/v5
 k8s.io/client-go/metadata
 k8s.io/client-go/restmapper
@@ -1674,9 +1673,9 @@ go.opentelemetry.io/otel/exporters/prometheus
 k8s.io/kubernetes/pkg/controller
 github.com/noironetworks/aci-containers/pkg/hostagent
 github.com/noironetworks/aci-containers/cmd/hostagent
-CGO_ENABLED=1 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:14:29.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:14:29.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:14:29.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:14:29.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -tags ovscni -o dist-static/aci-containers-host-agent-ovscni github.com/noironetworks/aci-containers/cmd/hostagent
-internal/unsafeheader
+CGO_ENABLED=1 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:24:32.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:24:32.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:24:32.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:24:32.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -tags ovscni -o dist-static/aci-containers-host-agent-ovscni github.com/noironetworks/aci-containers/cmd/hostagent
 internal/goarch
+internal/unsafeheader
 internal/cpu
 internal/abi
 internal/bytealg
@@ -1761,11 +1760,11 @@ internal/reflectlite
 sync
 internal/bisect
 errors
-internal/godebug
 io
+internal/godebug
+bytes
 internal/oserror
 syscall
-bytes
 iter
 strconv
 reflect
@@ -1777,23 +1776,23 @@ io/fs
 internal/filepathlite
 internal/syscall/unix
 internal/poll
+encoding/binary
+internal/fmtsort
+encoding/base64
 internal/syscall/execenv
 internal/testlog
 os
-encoding/binary
-encoding/base64
-internal/fmtsort
 strings
-fmt
 vendor/golang.org/x/net/dns/dnsmessage
+fmt
 internal/singleflight
 math/rand/v2
-encoding/json
-flag
 internal/concurrent
 internal/weak
 unique
 net/netip
+encoding/json
+flag
 sort
 hash
 crypto
@@ -1817,19 +1816,19 @@ github.com/safchain/ethtool
 github.com/vishvananda/netns
 log
 github.com/containernetworking/cni/pkg/types
-github.com/coreos/go-iptables/iptables
 github.com/containernetworking/cni/pkg/types/internal
+github.com/coreos/go-iptables/iptables
 github.com/containernetworking/cni/pkg/types/020
 github.com/containernetworking/cni/pkg/types/040
-github.com/vishvananda/netlink/nl
 github.com/containernetworking/cni/pkg/types/100
+github.com/vishvananda/netlink/nl
 io/ioutil
 github.com/containernetworking/cni/pkg/types/create
 github.com/containernetworking/cni/pkg/version
 github.com/containernetworking/cni/pkg/invoke
 github.com/fsnotify/fsnotify
-github.com/vishvananda/netlink
 runtime/debug
+github.com/vishvananda/netlink
 github.com/google/gopacket
 golang.org/x/net/bpf
 github.com/google/gopacket/afpacket
@@ -1856,17 +1855,17 @@ k8s.io/apimachinery/pkg/util/validation/field
 k8s.io/utils/internal/third_party/forked/golang/net
 k8s.io/utils/net
 k8s.io/apimachinery/pkg/util/validation
-k8s.io/apimachinery/pkg/api/resource
 log/slog/internal/buffer
 log/slog
+github.com/go-logr/logr
+k8s.io/apimachinery/pkg/api/resource
 k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock
-github.com/go-logr/logr
 k8s.io/klog/v2/internal/dbg
+k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/sloghandler
 os/user
-k8s.io/klog/v2/internal/serialize
 go/token
 go/scanner
 go/ast
@@ -1874,8 +1873,8 @@ k8s.io/klog/v2
 go/doc/comment
 k8s.io/apimachinery/pkg/labels
 internal/lazyregexp
-go/doc
 go/build/constraint
+go/doc
 go/internal/typeparams
 go/parser
 net/url
@@ -1896,8 +1895,8 @@ crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
-vendor/golang.org/x/crypto/cryptobyte
 crypto/internal/nistec
+vendor/golang.org/x/crypto/cryptobyte
 crypto/internal/edwards25519
 crypto/ecdh
 crypto/elliptic
@@ -1923,8 +1922,8 @@ crypto/x509
 vendor/golang.org/x/text/unicode/bidi
 vendor/golang.org/x/text/secure/bidirule
 vendor/golang.org/x/text/unicode/norm
-vendor/golang.org/x/net/idna
 crypto/tls
+vendor/golang.org/x/net/idna
 net/textproto
 vendor/golang.org/x/net/http/httpguts
 vendor/golang.org/x/net/http/httpproxy
@@ -1938,8 +1937,8 @@ net/http/internal/ascii
 github.com/modern-go/concurrent
 github.com/modern-go/reflect2
 net/http/httptrace
-github.com/json-iterator/go
 net/http
+github.com/json-iterator/go
 gopkg.in/yaml.v2
 sigs.k8s.io/structured-merge-diff/v4/value
 k8s.io/apimachinery/pkg/util/intstr
@@ -1947,26 +1946,26 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/secure/bidirule
 golang.org/x/text/unicode/norm
-golang.org/x/net/idna
 k8s.io/apimachinery/pkg/util/runtime
 k8s.io/apimachinery/pkg/runtime
+golang.org/x/net/idna
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2/hpack
 golang.org/x/net/http2
 k8s.io/apimachinery/pkg/runtime/serializer/recognizer
 k8s.io/apimachinery/pkg/util/framer
 sigs.k8s.io/yaml/goyaml.v2
-k8s.io/apimachinery/pkg/util/net
 sigs.k8s.io/yaml
 k8s.io/apimachinery/pkg/util/yaml
-k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/pkg/runtime/serializer/json
 k8s.io/apimachinery/pkg/runtime/serializer/streaming
-k8s.io/apimachinery/pkg/apis/meta/v1
+k8s.io/apimachinery/pkg/util/net
 k8s.io/apimachinery/pkg/version
 k8s.io/client-go/pkg/version
 golang.org/x/term
 github.com/davecgh/go-spew/spew
+k8s.io/apimachinery/pkg/watch
+k8s.io/apimachinery/pkg/apis/meta/v1
 k8s.io/apimachinery/pkg/util/dump
 k8s.io/client-go/tools/clientcmd/api
 k8s.io/client-go/tools/metrics
@@ -1989,6 +1988,12 @@ google.golang.org/protobuf/internal/errors
 google.golang.org/protobuf/encoding/protowire
 google.golang.org/protobuf/internal/pragma
 google.golang.org/protobuf/reflect/protoreflect
+google.golang.org/protobuf/internal/encoding/messageset
+google.golang.org/protobuf/internal/strs
+google.golang.org/protobuf/internal/encoding/text
+google.golang.org/protobuf/internal/genid
+google.golang.org/protobuf/internal/order
+google.golang.org/protobuf/reflect/protoregistry
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1
 k8s.io/apimachinery/pkg/runtime/serializer/protobuf
 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured
@@ -1999,30 +2004,24 @@ k8s.io/client-go/pkg/apis/clientauthentication/v1
 k8s.io/apimachinery/pkg/runtime/serializer
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/scheme
-k8s.io/client-go/rest/watch
 k8s.io/client-go/pkg/apis/clientauthentication/install
-google.golang.org/protobuf/internal/encoding/messageset
+k8s.io/client-go/rest/watch
 k8s.io/client-go/plugin/pkg/client/auth/exec
-google.golang.org/protobuf/internal/strs
-google.golang.org/protobuf/internal/encoding/text
-k8s.io/client-go/rest
-google.golang.org/protobuf/internal/genid
-google.golang.org/protobuf/internal/order
-google.golang.org/protobuf/reflect/protoregistry
-github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/typed/k8s.cni.cncf.io/v1
 google.golang.org/protobuf/runtime/protoiface
 google.golang.org/protobuf/proto
+k8s.io/client-go/rest
+google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/internal/editiondefaults
 google.golang.org/protobuf/internal/encoding/defval
 google.golang.org/protobuf/internal/descfmt
+github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/client/clientset/versioned/typed/k8s.cni.cncf.io/v1
 google.golang.org/protobuf/internal/descopts
+google.golang.org/protobuf/internal/filedesc
 google.golang.org/protobuf/internal/version
 gopkg.in/yaml.v3
-google.golang.org/protobuf/encoding/prototext
-google.golang.org/protobuf/internal/filedesc
-github.com/google/gnostic-models/jsonschema
 google.golang.org/protobuf/internal/encoding/tag
 google.golang.org/protobuf/internal/impl
+github.com/google/gnostic-models/jsonschema
 k8s.io/api/apidiscovery/v2beta1
 k8s.io/api/admissionregistration/v1
 k8s.io/api/admissionregistration/v1alpha1
@@ -2030,17 +2029,17 @@ k8s.io/api/admissionregistration/v1beta1
 google.golang.org/protobuf/internal/filetype
 google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/descriptorpb
+google.golang.org/protobuf/types/gofeaturespb
+google.golang.org/protobuf/reflect/protodesc
 google.golang.org/protobuf/types/known/anypb
 github.com/golang/protobuf/ptypes/any
 google.golang.org/protobuf/types/known/durationpb
 github.com/golang/protobuf/ptypes/duration
+github.com/golang/protobuf/proto
 google.golang.org/protobuf/types/known/timestamppb
 github.com/golang/protobuf/ptypes/timestamp
 k8s.io/api/apiserverinternal/v1alpha1
-google.golang.org/protobuf/types/gofeaturespb
-google.golang.org/protobuf/reflect/protodesc
 k8s.io/api/core/v1
-github.com/golang/protobuf/proto
 github.com/golang/protobuf/ptypes
 github.com/google/gnostic-models/extensions
 github.com/google/gnostic-models/compiler
@@ -2059,6 +2058,7 @@ k8s.io/api/flowcontrol/v1beta2
 k8s.io/api/flowcontrol/v1beta3
 k8s.io/api/networking/v1alpha1
 k8s.io/api/policy/v1
+k8s.io/api/policy/v1beta1
 k8s.io/api/apps/v1
 k8s.io/api/apps/v1beta1
 k8s.io/api/apps/v1beta2
@@ -2080,7 +2080,6 @@ k8s.io/api/networking/v1beta1
 k8s.io/api/node/v1
 k8s.io/api/node/v1alpha1
 k8s.io/api/node/v1beta1
-k8s.io/api/policy/v1beta1
 k8s.io/api/rbac/v1
 k8s.io/api/rbac/v1alpha1
 k8s.io/api/rbac/v1beta1
@@ -2093,8 +2092,8 @@ k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
 k8s.io/apimachinery/pkg/api/meta
 k8s.io/apimachinery/pkg/api/equality
-k8s.io/apimachinery/pkg/apis/meta/v1/validation
 k8s.io/client-go/kubernetes/scheme
+k8s.io/apimachinery/pkg/apis/meta/v1/validation
 github.com/google/gnostic-models/openapiv3
 k8s.io/apimachinery/pkg/api/validation
 github.com/josharian/intern
@@ -2107,8 +2106,8 @@ github.com/go-openapi/jsonreference/internal
 github.com/go-openapi/jsonreference
 encoding/base32
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
-k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/util/proto
+k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/validation/spec
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
@@ -2118,22 +2117,22 @@ sigs.k8s.io/structured-merge-diff/v4/merge
 github.com/munnerz/goautoneg
 k8s.io/kube-openapi/pkg/cached
 hash/adler32
-k8s.io/apimachinery/pkg/util/managedfields/internal
 compress/zlib
+k8s.io/apimachinery/pkg/util/managedfields/internal
 encoding/xml
 k8s.io/apimachinery/pkg/util/managedfields
 github.com/emicklei/go-restful/v3/log
-github.com/emicklei/go-restful/v3
 k8s.io/kube-openapi/pkg/spec3
+github.com/emicklei/go-restful/v3
 github.com/jaypipes/ghw/pkg/option
-archive/tar
 k8s.io/kube-openapi/pkg/common
+archive/tar
 k8s.io/kube-openapi/pkg/handler3
 k8s.io/client-go/openapi
 github.com/jaypipes/ghw/pkg/pci/address
 github.com/jaypipes/ghw/pkg/snapshot
-k8s.io/client-go/discovery
 github.com/jaypipes/ghw/pkg/context
+k8s.io/client-go/discovery
 github.com/jaypipes/ghw/pkg/linuxpath
 github.com/jaypipes/ghw/pkg/util
 github.com/jaypipes/ghw/pkg/linuxdmi
@@ -2152,16 +2151,16 @@ github.com/jaypipes/ghw/pkg/topology
 github.com/jaypipes/ghw/pkg/net
 github.com/jaypipes/ghw/pkg/pci
 github.com/jaypipes/ghw/pkg/product
-github.com/k8snetworkplumbingwg/govdpa/pkg/kvdpa
 github.com/jaypipes/ghw/pkg/gpu
+github.com/k8snetworkplumbingwg/govdpa/pkg/kvdpa
 github.com/jaypipes/ghw
 github.com/gogo/protobuf/protoc-gen-gogo/descriptor
 golang.org/x/net/internal/timeseries
 html
 text/template/parse
 github.com/gogo/protobuf/gogoproto
-text/tabwriter
 text/template
+text/tabwriter
 google.golang.org/grpc/backoff
 google.golang.org/grpc/internal/grpclog
 google.golang.org/grpc/grpclog
@@ -2171,12 +2170,13 @@ google.golang.org/grpc/internal/credentials
 google.golang.org/grpc/credentials
 google.golang.org/grpc/resolver
 google.golang.org/grpc/internal
-google.golang.org/grpc/internal/channelz
 html/template
+google.golang.org/grpc/internal/channelz
 google.golang.org/grpc/channelz
 google.golang.org/grpc/metadata
 google.golang.org/grpc/balancer
 google.golang.org/grpc/balancer/base
+golang.org/x/net/trace
 google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/balancer/roundrobin
 google.golang.org/grpc/codes
@@ -2185,25 +2185,24 @@ google.golang.org/grpc/internal/envconfig
 google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/encoding
 google.golang.org/grpc/encoding/proto
-golang.org/x/net/trace
 google.golang.org/grpc/internal/backoff
 google.golang.org/grpc/internal/balancer/gracefulswitch
 google.golang.org/grpc/internal/balancerload
 google.golang.org/grpc/binarylog/grpc_binarylog_v1
 google.golang.org/genproto/googleapis/rpc/status
 google.golang.org/grpc/internal/status
+google.golang.org/grpc/status
 google.golang.org/grpc/internal/buffer
 google.golang.org/grpc/internal/grpcsync
-google.golang.org/grpc/status
+google.golang.org/grpc/internal/binarylog
 google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
-google.golang.org/grpc/internal/binarylog
 google.golang.org/protobuf/internal/encoding/json
-google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/serviceconfig
 google.golang.org/grpc/internal/resolver
 google.golang.org/grpc/internal/resolver/passthrough
 google.golang.org/grpc/internal/transport/networktype
+google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/resolver/unix
 google.golang.org/grpc/internal/syscall
 google.golang.org/grpc/keepalive
@@ -2211,37 +2210,37 @@ google.golang.org/grpc/peer
 google.golang.org/grpc/stats
 google.golang.org/grpc/tap
 net/http/httputil
-github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/balancer/grpclb/state
 google.golang.org/grpc/internal/resolver/dns/internal
 google.golang.org/grpc/internal/resolver/dns
+github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/resolver/dns
 github.com/spf13/afero/internal/common
-google.golang.org/grpc/internal/pretty
 github.com/spf13/afero/mem
-google.golang.org/grpc/internal/transport
 golang.org/x/text/runes
 github.com/spf13/afero
+google.golang.org/grpc/internal/pretty
+google.golang.org/grpc/internal/transport
 github.com/k8snetworkplumbingwg/sriovnet/pkg/utils/filesystem
 github.com/k8snetworkplumbingwg/sriovnet/pkg/utils/netlinkops
 github.com/k8snetworkplumbingwg/sriovnet
-google.golang.org/grpc
 internal/saferio
 encoding/gob
+google.golang.org/grpc
 net/rpc
 github.com/natefinch/pie
-k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/apis/aci.fabricattachment/v1
 k8s.io/client-go/applyconfigurations/meta/v1
+k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/applyconfiguration/aci.fabricattachment/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/scheme
-github.com/k8snetworkplumbingwg/sriov-network-device-plugin/pkg/types
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/typed/aci.fabricattachment/v1
-github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
+github.com/k8snetworkplumbingwg/sriov-network-device-plugin/pkg/types
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/scheme
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 github.com/sirupsen/logrus
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/function
@@ -2258,11 +2257,11 @@ k8s.io/utils/trace
 github.com/noironetworks/aci-containers/pkg/ipam
 github.com/noironetworks/aci-containers/pkg/metadata
 github.com/noironetworks/aci-containers/pkg/nodeinfo/apis/aci.snat/v1
+k8s.io/apimachinery/pkg/util/diff
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/scheme
+k8s.io/client-go/tools/cache
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/typed/aci.snat/v1
-k8s.io/apimachinery/pkg/util/diff
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned
-k8s.io/client-go/tools/cache
 github.com/noironetworks/aci-containers/pkg/nodepodif/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/typed/acipolicy/v1
@@ -2274,27 +2273,26 @@ github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/ty
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/qospolicy/apis/aci.qos/v1
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/scheme
-github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/typed/aci.qos/v1
 github.com/noironetworks/aci-containers/pkg/index
+github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/typed/aci.qos/v1
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/rdconfig/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatglobalinfo/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/scheme
-github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/typed/aci.snat/v1
-github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned/typed/aci.snat/v1
+github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned/typed/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatlocalinfo/apis/aci.snat/v1
-github.com/noironetworks/aci-containers/pkg/snatpolicy/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatlocalinfo/clientset/versioned/scheme
+github.com/noironetworks/aci-containers/pkg/snatpolicy/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatlocalinfo/clientset/versioned/typed/aci.snat/v1
+github.com/noironetworks/aci-containers/pkg/snatlocalinfo/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned/typed/aci.snat/v1
-github.com/noironetworks/aci-containers/pkg/snatlocalinfo/clientset/versioned
-github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned
 k8s.io/client-go/applyconfigurations/internal
-k8s.io/client-go/kubernetes/typed/authentication/v1
+github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
 k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
@@ -2305,6 +2303,7 @@ k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
 k8s.io/client-go/applyconfigurations/core/v1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
 k8s.io/client-go/applyconfigurations/autoscaling/v1
+k8s.io/client-go/kubernetes/typed/authentication/v1
 k8s.io/client-go/kubernetes/typed/authentication/v1alpha1
 k8s.io/client-go/kubernetes/typed/authentication/v1beta1
 k8s.io/client-go/kubernetes/typed/authorization/v1
@@ -2315,15 +2314,15 @@ k8s.io/client-go/kubernetes/typed/autoscaling/v2
 k8s.io/client-go/applyconfigurations/autoscaling/v2beta1
 k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1
 k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
-k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
 k8s.io/client-go/applyconfigurations/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta1
-k8s.io/client-go/kubernetes/typed/apps/v1beta1
 k8s.io/client-go/kubernetes/typed/apps/v1
+k8s.io/client-go/kubernetes/typed/apps/v1beta1
 k8s.io/client-go/applyconfigurations/apps/v1beta2
+k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
 k8s.io/client-go/applyconfigurations/batch/v1
-k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/kubernetes/typed/apps/v1beta2
+k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/applyconfigurations/batch/v1beta1
 k8s.io/client-go/applyconfigurations/certificates/v1
 k8s.io/client-go/kubernetes/typed/batch/v1beta1
@@ -2345,12 +2344,12 @@ k8s.io/client-go/kubernetes/typed/discovery/v1beta1
 k8s.io/client-go/applyconfigurations/events/v1
 k8s.io/client-go/kubernetes/typed/events/v1
 k8s.io/client-go/applyconfigurations/events/v1beta1
-k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/events/v1beta1
+k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1
-k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
+k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
@@ -2362,13 +2361,13 @@ k8s.io/client-go/kubernetes/typed/networking/v1alpha1
 k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1beta1
 k8s.io/client-go/applyconfigurations/node/v1
-k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/kubernetes/typed/networking/v1beta1
+k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/applyconfigurations/node/v1alpha1
 k8s.io/client-go/applyconfigurations/node/v1beta1
 k8s.io/client-go/kubernetes/typed/node/v1alpha1
-k8s.io/client-go/applyconfigurations/policy/v1
 k8s.io/client-go/kubernetes/typed/node/v1beta1
+k8s.io/client-go/applyconfigurations/policy/v1
 k8s.io/client-go/applyconfigurations/policy/v1beta1
 k8s.io/client-go/kubernetes/typed/policy/v1
 k8s.io/client-go/kubernetes/typed/policy/v1beta1
@@ -2379,17 +2378,17 @@ k8s.io/client-go/kubernetes/typed/rbac/v1alpha1
 k8s.io/client-go/applyconfigurations/rbac/v1beta1
 k8s.io/client-go/applyconfigurations/resource/v1alpha2
 k8s.io/client-go/kubernetes/typed/rbac/v1beta1
-k8s.io/client-go/applyconfigurations/scheduling/v1
 k8s.io/client-go/kubernetes/typed/resource/v1alpha2
-k8s.io/client-go/kubernetes/typed/scheduling/v1
+k8s.io/client-go/applyconfigurations/scheduling/v1
 k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
-k8s.io/client-go/applyconfigurations/scheduling/v1beta1
+k8s.io/client-go/kubernetes/typed/scheduling/v1
 k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
-k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
+k8s.io/client-go/applyconfigurations/scheduling/v1beta1
 k8s.io/client-go/applyconfigurations/storage/v1
+k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
 k8s.io/client-go/applyconfigurations/storage/v1alpha1
-k8s.io/client-go/kubernetes/typed/storage/v1alpha1
 k8s.io/client-go/kubernetes/typed/storage/v1
+k8s.io/client-go/kubernetes/typed/storage/v1alpha1
 k8s.io/client-go/applyconfigurations/storage/v1beta1
 github.com/openshift/api/config/v1
 k8s.io/client-go/kubernetes/typed/storage/v1beta1
@@ -2398,20 +2397,20 @@ github.com/noironetworks/aci-containers/pkg/util
 github.com/cenkalti/hub
 github.com/cenkalti/rpc2
 github.com/cenkalti/rpc2/jsonrpc
-github.com/ovn-org/libovsdb
 github.com/imdario/mergo
+github.com/ovn-org/libovsdb
 encoding/csv
-k8s.io/client-go/tools/auth
 github.com/spf13/pflag
+k8s.io/client-go/tools/auth
 k8s.io/client-go/tools/clientcmd/api/v1
 k8s.io/client-go/tools/clientcmd/api/latest
 k8s.io/client-go/util/homedir
 k8s.io/apimachinery/pkg/util/mergepatch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/pkg/util/strategicpatch
-k8s.io/client-go/tools/clientcmd
 k8s.io/client-go/tools/internal/events
 k8s.io/client-go/tools/record/util
+k8s.io/client-go/tools/clientcmd
 k8s.io/client-go/tools/record
 k8s.io/kubelet/pkg/apis/podresources/v1alpha1
 k8s.io/apimachinery/pkg/util/rand
@@ -2424,11 +2423,11 @@ github.com/prometheus/common/model
 runtime/metrics
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 google.golang.org/protobuf/encoding/protodelim
-github.com/prometheus/client_golang/prometheus/internal
-github.com/prometheus/common/expfmt
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
 github.com/prometheus/procfs
+github.com/prometheus/client_golang/prometheus/internal
+github.com/prometheus/common/expfmt
 k8s.io/apimachinery/pkg/util/version
 k8s.io/component-base/version
 database/sql
@@ -2438,30 +2437,30 @@ k8s.io/kubernetes/pkg/apis/core
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/promhttp
 k8s.io/component-base/metrics/prometheusextension
+k8s.io/component-base/metrics
 github.com/prometheus/client_golang/prometheus/collectors
 k8s.io/kubernetes/pkg/apis/core/helper
-k8s.io/component-base/metrics
 k8s.io/kubernetes/pkg/api/legacyscheme
 k8s.io/kubernetes/pkg/api/v1/service
 k8s.io/kubernetes/pkg/apis/autoscaling
 k8s.io/kubernetes/pkg/apis/apps
-github.com/opencontainers/go-digest
-github.com/distribution/reference
-k8s.io/kubernetes/pkg/util/parsers
-k8s.io/component-helpers/node/util/sysctl
-k8s.io/component-helpers/scheduling/corev1/nodeaffinity
 k8s.io/component-base/metrics/legacyregistry
-k8s.io/component-helpers/scheduling/corev1
 k8s.io/component-base/metrics/prometheus/feature
 k8s.io/component-base/featuregate
-k8s.io/kubelet/pkg/apis
-k8s.io/kubernetes/pkg/api/service
 k8s.io/apiserver/pkg/util/feature
 k8s.io/apiextensions-apiserver/pkg/features
 k8s.io/apiserver/pkg/features
-k8s.io/kubernetes/pkg/apis/core/helper/qos
+github.com/opencontainers/go-digest
 k8s.io/kubernetes/pkg/features
+k8s.io/component-helpers/node/util/sysctl
+github.com/distribution/reference
+k8s.io/component-helpers/scheduling/corev1/nodeaffinity
+k8s.io/kubernetes/pkg/util/parsers
 k8s.io/kubernetes/pkg/apis/core/v1
+k8s.io/component-helpers/scheduling/corev1
+k8s.io/kubelet/pkg/apis
+k8s.io/kubernetes/pkg/api/service
+k8s.io/kubernetes/pkg/apis/core/helper/qos
 k8s.io/kubernetes/pkg/fieldpath
 k8s.io/kubernetes/pkg/apis/core/pods
 k8s.io/kubernetes/pkg/capabilities
@@ -2480,12 +2479,12 @@ k8s.io/apimachinery/pkg/api/validation/path
 k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme
 k8s.io/apiserver/pkg/endpoints/request
 k8s.io/apiserver/pkg/audit
-k8s.io/apiserver/pkg/admission
+k8s.io/kubernetes/pkg/apis/core/install
 k8s.io/kube-openapi/pkg/util
 k8s.io/apiserver/pkg/endpoints/openapi
-k8s.io/kubernetes/pkg/apis/core/install
-k8s.io/apiserver/pkg/quota/v1
+k8s.io/apiserver/pkg/admission
 k8s.io/apiserver/pkg/cel/openapi/resolver
+k8s.io/apiserver/pkg/quota/v1
 k8s.io/client-go/dynamic
 k8s.io/client-go/informers/internalinterfaces
 k8s.io/client-go/listers/admissionregistration/v1
@@ -2498,8 +2497,8 @@ k8s.io/client-go/informers/admissionregistration/v1
 k8s.io/client-go/informers/admissionregistration/v1alpha1
 k8s.io/client-go/informers/admissionregistration/v1beta1
 k8s.io/client-go/informers/apiserverinternal/v1alpha1
-k8s.io/client-go/informers/admissionregistration
 k8s.io/client-go/informers/apiserverinternal
+k8s.io/client-go/informers/admissionregistration
 k8s.io/client-go/informers/apps/v1
 k8s.io/client-go/informers/apps/v1beta1
 k8s.io/client-go/listers/apps/v1beta2
@@ -2524,8 +2523,8 @@ k8s.io/client-go/informers/batch
 k8s.io/client-go/listers/certificates/v1alpha1
 k8s.io/client-go/informers/certificates/v1alpha1
 k8s.io/client-go/listers/certificates/v1beta1
-k8s.io/client-go/listers/coordination/v1
 k8s.io/client-go/informers/certificates/v1beta1
+k8s.io/client-go/listers/coordination/v1
 k8s.io/client-go/informers/coordination/v1
 k8s.io/client-go/informers/certificates
 k8s.io/client-go/listers/coordination/v1beta1
@@ -2573,65 +2572,65 @@ k8s.io/client-go/listers/policy/v1
 k8s.io/client-go/informers/policy/v1
 k8s.io/client-go/informers/node
 k8s.io/client-go/listers/policy/v1beta1
-k8s.io/client-go/informers/policy/v1beta1
 k8s.io/client-go/listers/rbac/v1
 k8s.io/client-go/informers/rbac/v1
+k8s.io/client-go/informers/policy/v1beta1
 k8s.io/client-go/informers/policy
 k8s.io/client-go/listers/rbac/v1alpha1
-k8s.io/client-go/listers/rbac/v1beta1
 k8s.io/client-go/informers/rbac/v1alpha1
+k8s.io/client-go/listers/rbac/v1beta1
 k8s.io/client-go/informers/rbac/v1beta1
 k8s.io/client-go/listers/resource/v1alpha2
-k8s.io/client-go/informers/rbac
 k8s.io/client-go/informers/resource/v1alpha2
-k8s.io/client-go/listers/scheduling/v1
-k8s.io/client-go/informers/scheduling/v1
+k8s.io/client-go/informers/rbac
 k8s.io/client-go/informers/resource
+k8s.io/client-go/listers/scheduling/v1
 k8s.io/client-go/listers/scheduling/v1alpha1
-k8s.io/client-go/listers/scheduling/v1beta1
-k8s.io/client-go/informers/scheduling/v1beta1
+k8s.io/client-go/informers/scheduling/v1
 k8s.io/client-go/informers/scheduling/v1alpha1
+k8s.io/client-go/listers/scheduling/v1beta1
 k8s.io/client-go/listers/storage/v1
-k8s.io/client-go/informers/scheduling
+k8s.io/client-go/informers/scheduling/v1beta1
 k8s.io/client-go/informers/storage/v1
+k8s.io/client-go/informers/scheduling
 k8s.io/client-go/listers/storage/v1alpha1
 k8s.io/client-go/informers/storage/v1alpha1
 k8s.io/client-go/listers/storage/v1beta1
 k8s.io/client-go/informers/storage/v1beta1
 google.golang.org/protobuf/types/known/emptypb
 google.golang.org/protobuf/types/known/structpb
-k8s.io/client-go/informers/storage
 google.golang.org/genproto/googleapis/api/expr/v1alpha1
 github.com/google/cel-go/checker/decls
 github.com/google/cel-go/common/runes
 golang.org/x/text/width
-k8s.io/client-go/informers
+k8s.io/client-go/informers/storage
 github.com/google/cel-go/common
 google.golang.org/protobuf/types/dynamicpb
 google.golang.org/protobuf/types/known/wrapperspb
 github.com/google/cel-go/common/types/pb
+k8s.io/client-go/informers
 github.com/google/cel-go/common/types/ref
 github.com/google/cel-go/common/types/traits
 github.com/stoewer/go-strcase
 github.com/google/cel-go/common/types
 github.com/google/cel-go/common/ast
-k8s.io/apiserver/pkg/admission/initializer
 github.com/google/cel-go/common/containers
 github.com/google/cel-go/common/debug
 github.com/google/cel-go/common/functions
 github.com/google/cel-go/common/decls
 github.com/google/cel-go/common/stdlib
-k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle
+k8s.io/apiserver/pkg/admission/initializer
 github.com/antlr/antlr4/runtime/Go/antlr/v4
+k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle
 github.com/google/cel-go/interpreter
 k8s.io/apiserver/pkg/admission/cel
 k8s.io/api/admission/v1
 golang.org/x/text/internal/tag
 golang.org/x/text/internal/language
+github.com/google/cel-go/parser/gen
 golang.org/x/text/internal/language/compact
 golang.org/x/text/language
 golang.org/x/text/internal/catmsg
-github.com/google/cel-go/parser/gen
 golang.org/x/text/internal/stringset
 golang.org/x/text/internal/number
 golang.org/x/text/internal
@@ -2649,19 +2648,19 @@ k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules
 k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy/matching
 k8s.io/apiserver/pkg/admission/metrics
 github.com/asaskevich/govalidator
+github.com/google/cel-go/parser
 k8s.io/kube-openapi/pkg/validation/errors
 k8s.io/kube-openapi/pkg/validation/strfmt/bson
 net/mail
 k8s.io/kube-openapi/pkg/validation/strfmt
-github.com/google/cel-go/parser
 k8s.io/apiserver/pkg/warning
 k8s.io/client-go/dynamic/dynamiclister
 k8s.io/client-go/dynamic/dynamicinformer
+github.com/google/cel-go/checker
 go.opentelemetry.io/otel/internal/attribute
 go.opentelemetry.io/otel/attribute
 go.opentelemetry.io/otel/codes
 go.opentelemetry.io/otel/trace
-github.com/google/cel-go/checker
 k8s.io/apiserver/pkg/apis/apiserver/v1alpha1
 github.com/google/cel-go/cel
 k8s.io/apiserver/pkg/apis/apiserver/v1beta1
@@ -2705,12 +2704,12 @@ github.com/cenkalti/backoff/v4
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
 google.golang.org/grpc/encoding/gzip
 github.com/grpc-ecosystem/grpc-gateway/v2/utilities
-github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
-google.golang.org/genproto/googleapis/api/httpbody
+github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 go.opentelemetry.io/otel/exporters/otlp/otlptrace
-google.golang.org/grpc/health/grpc_health_v1
+google.golang.org/genproto/googleapis/api/httpbody
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
+google.golang.org/grpc/health/grpc_health_v1
 google.golang.org/protobuf/types/known/fieldmaskpb
 google.golang.org/genproto/googleapis/rpc/errdetails
 github.com/grpc-ecosystem/grpc-gateway/v2/runtime
@@ -2719,28 +2718,28 @@ k8s.io/utils/path
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
-go.opentelemetry.io/proto/otlp/collector/trace/v1
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
+go.opentelemetry.io/proto/otlp/collector/trace/v1
 k8s.io/apiserver/pkg/util/x509metrics
 k8s.io/utils/lru
 k8s.io/api/admission/v1beta1
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
 k8s.io/component-base/tracing
-k8s.io/apiserver/pkg/server/egressselector
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1
+k8s.io/apiserver/pkg/server/egressselector
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1
-k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/admission/plugin/webhook/config
 k8s.io/apiserver/pkg/admission/plugin/webhook/errors
 k8s.io/apimachinery/pkg/util/uuid
 k8s.io/apiserver/pkg/authentication/authenticator
 k8s.io/apiserver/pkg/authentication/group
 k8s.io/apiserver/pkg/authentication/request/anonymous
+k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/authentication/request/bearertoken
-k8s.io/apiserver/pkg/admission/plugin/webhook
 k8s.io/apiserver/pkg/authentication/request/x509
 k8s.io/apiserver/pkg/authentication/request/headerrequest
+k8s.io/apiserver/pkg/admission/plugin/webhook
 k8s.io/apiserver/pkg/admission/plugin/webhook/generic
 k8s.io/apiserver/pkg/authentication/request/union
 golang.org/x/net/websocket
@@ -2759,9 +2758,9 @@ k8s.io/apiserver/pkg/server/dynamiccertificates
 k8s.io/apiserver/plugin/pkg/authenticator/token/webhook
 k8s.io/apiserver/pkg/endpoints/deprecation
 k8s.io/apiserver/pkg/endpoints/handlers/negotiation
-k8s.io/apiserver/pkg/authentication/authenticatorfactory
 k8s.io/apiserver/pkg/endpoints/responsewriter
 k8s.io/apiserver/pkg/endpoints/metrics
+k8s.io/apiserver/pkg/authentication/authenticatorfactory
 k8s.io/apiserver/pkg/storage/names
 k8s.io/apiserver/pkg/registry/rest
 k8s.io/apiserver/pkg/storage
@@ -2771,8 +2770,8 @@ k8s.io/apiserver/pkg/endpoints/handlers/responsewriters
 k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation
 k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager
 k8s.io/apiserver/pkg/endpoints/handlers/finisher
-k8s.io/apiserver/pkg/endpoints/handlers/metrics
 k8s.io/apiserver/pkg/endpoints/discovery
+k8s.io/apiserver/pkg/endpoints/handlers/metrics
 k8s.io/apiserver/pkg/endpoints/handlers
 k8s.io/apiserver/pkg/endpoints/warning
 k8s.io/component-base/metrics/prometheus/workqueue
@@ -2791,11 +2790,11 @@ google.golang.org/genproto/googleapis/api/annotations
 github.com/coreos/go-semver/semver
 go.etcd.io/etcd/api/v3/version
 github.com/coreos/go-systemd/v22/journal
+go.etcd.io/etcd/api/v3/etcdserverpb
 go.etcd.io/etcd/client/pkg/v3/systemd
 go.uber.org/multierr
 go.uber.org/zap/internal/pool
 go.uber.org/zap/buffer
-go.etcd.io/etcd/api/v3/etcdserverpb
 go.uber.org/zap/internal/bufferpool
 go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
@@ -2820,8 +2819,8 @@ github.com/prometheus/client_golang/prometheus/testutil/promlint
 github.com/prometheus/client_golang/prometheus/testutil
 internal/sysinfo
 testing
-k8s.io/component-base/metrics/testutil
 go.etcd.io/etcd/client/v3
+k8s.io/component-base/metrics/testutil
 k8s.io/apiserver/pkg/util/flowcontrol/metrics
 k8s.io/apiserver/pkg/util/flowcontrol/request
 k8s.io/apiserver/pkg/util/flowcontrol/debug
@@ -2831,27 +2830,27 @@ k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise
 k8s.io/apiserver/pkg/util/shufflesharding
 k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset
 k8s.io/apiserver/pkg/util/flowcontrol/format
-k8s.io/apiserver/pkg/util/flowcontrol
 golang.org/x/net/context
 github.com/grpc-ecosystem/go-grpc-prometheus
+k8s.io/apiserver/pkg/util/flowcontrol
 go.etcd.io/etcd/client/pkg/v3/fileutil
 go.etcd.io/etcd/client/pkg/v3/tlsutil
 go.etcd.io/etcd/client/pkg/v3/transport
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal
-k8s.io/apiserver/pkg/storage/etcd3
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
+k8s.io/apiserver/pkg/storage/etcd3
 k8s.io/apiserver/pkg/storage/value/encrypt/identity
 k8s.io/apiserver/pkg/server/filters
-k8s.io/apiserver/pkg/storage/storagebackend
-k8s.io/apiserver/pkg/storage/storagebackend/factory
 k8s.io/component-base/metrics/prometheus/slis
 k8s.io/apiserver/pkg/server/healthz
+k8s.io/apiserver/pkg/storage/storagebackend
+k8s.io/apiserver/pkg/storage/storagebackend/factory
 k8s.io/apiserver/pkg/storage/cacher/metrics
-k8s.io/apiserver/pkg/registry/generic
 k8s.io/apiserver/pkg/util/peerproxy/metrics
 k8s.io/kube-openapi/pkg/common/restfuladapter
-k8s.io/kube-openapi/pkg/schemamutation
 k8s.io/kube-openapi/pkg/builder
+k8s.io/apiserver/pkg/registry/generic
+k8s.io/kube-openapi/pkg/schemamutation
 k8s.io/kube-openapi/pkg/builder3/util
 github.com/NYTimes/gziphandler
 k8s.io/kube-openapi/pkg/builder3
@@ -2867,13 +2866,13 @@ k8s.io/component-base/logs/internal/setverbositylevel
 k8s.io/component-base/logs/klogflags
 k8s.io/component-base/metrics/features
 os/signal
-k8s.io/component-base/logs/api/v1
 go.opentelemetry.io/otel/semconv/internal
+k8s.io/component-base/logs/api/v1
 go.opentelemetry.io/otel/semconv/v1.12.0
 gopkg.in/natefinch/lumberjack.v2
+k8s.io/apiserver/pkg/apis/audit/validation
 k8s.io/component-base/logs
 k8s.io/apiserver/pkg/server
-k8s.io/apiserver/pkg/apis/audit/validation
 k8s.io/apiserver/pkg/audit/policy
 k8s.io/apiserver/pkg/authentication/cel
 k8s.io/apiserver/pkg/authorization/cel
@@ -2890,8 +2889,8 @@ k8s.io/apiserver/pkg/apis/config/v1
 k8s.io/apiserver/pkg/apis/config/validation
 k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics
 golang.org/x/crypto/hkdf
-k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics
 k8s.io/apiserver/pkg/storage/value/encrypt/aes
+k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics
 k8s.io/kms/apis/v1beta1
 k8s.io/kms/pkg/util
 k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2
@@ -2904,13 +2903,13 @@ k8s.io/apiserver/pkg/storage/value/encrypt/secretbox
 k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2
 k8s.io/apiserver/pkg/server/resourceconfig
 k8s.io/apiserver/plugin/pkg/audit/buffered
-k8s.io/apiserver/plugin/pkg/audit/log
 k8s.io/apiserver/pkg/server/options/encryptionconfig
+k8s.io/apiserver/plugin/pkg/audit/log
 k8s.io/apiserver/plugin/pkg/audit/truncate
 k8s.io/apiserver/pkg/apis/audit/install
 k8s.io/apiserver/plugin/pkg/audit/webhook
-k8s.io/cloud-provider
 k8s.io/apiserver/pkg/server/options/encryptionconfig/controller
+k8s.io/cloud-provider
 k8s.io/apiserver/pkg/server/options
 k8s.io/component-base/config
 k8s.io/controller-manager/config
@@ -2920,11 +2919,11 @@ k8s.io/cloud-provider/controllers/node/config/v1alpha1
 k8s.io/cloud-provider/controllers/service/config/v1alpha1
 k8s.io/component-base/config/v1alpha1
 k8s.io/controller-manager/config/v1alpha1
-k8s.io/cloud-provider/config/v1alpha1
 k8s.io/component-base/config/options
 k8s.io/controller-manager/config/v1
-k8s.io/cloud-provider/config/install
+k8s.io/cloud-provider/config/v1alpha1
 k8s.io/controller-manager/config/v1beta1
+k8s.io/cloud-provider/config/install
 k8s.io/controller-manager/pkg/clientbuilder
 k8s.io/controller-manager/pkg/leadermigration/config
 k8s.io/controller-manager/pkg/leadermigration/options
@@ -2958,7 +2957,7 @@ go.opentelemetry.io/otel/exporters/prometheus
 k8s.io/kubernetes/pkg/controller
 github.com/noironetworks/aci-containers/pkg/hostagent
 github.com/noironetworks/aci-containers/cmd/hostagent
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:17:50.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:17:50.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:17:50.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:17:50.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/opflex-agent-cni github.com/noironetworks/aci-containers/cmd/opflexagentcni
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:27:54.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:27:54.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:27:54.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:27:54.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/opflex-agent-cni github.com/noironetworks/aci-containers/cmd/opflexagentcni
 internal/unsafeheader
 internal/goarch
 internal/cpu
@@ -3049,8 +3048,8 @@ crypto/cipher
 crypto/internal/boring
 crypto/internal/randutil
 math/rand
-math/big
 github.com/containernetworking/cni/pkg/types
+math/big
 github.com/containernetworking/cni/pkg/utils
 github.com/containernetworking/cni/pkg/types/internal
 github.com/containernetworking/cni/pkg/types/020
@@ -3073,12 +3072,12 @@ encoding/gob
 github.com/containernetworking/plugins/pkg/ns
 github.com/safchain/ethtool
 github.com/vishvananda/netns
-go/token
 github.com/vishvananda/netlink/nl
+go/token
 html
+github.com/vishvananda/netlink
 net/url
 text/template/parse
-github.com/vishvananda/netlink
 text/template
 html/template
 compress/flate
@@ -3088,30 +3087,30 @@ crypto/aes
 crypto/des
 crypto/internal/edwards25519/field
 crypto/internal/nistec/fiat
-embed
-crypto/internal/nistec
-crypto/ecdh
 github.com/containernetworking/plugins/pkg/ip
-crypto/elliptic
+embed
 github.com/containernetworking/plugins/pkg/ipam
+crypto/internal/nistec
 crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
+crypto/ecdh
+crypto/elliptic
 crypto/internal/edwards25519
+vendor/golang.org/x/crypto/cryptobyte
 crypto/ed25519
 crypto/hmac
+crypto/ecdsa
 vendor/golang.org/x/crypto/chacha20
-vendor/golang.org/x/crypto/cryptobyte
 vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
-crypto/ecdsa
-vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/hkdf
-crypto/internal/hpke
+vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/sha3
-crypto/md5
+crypto/internal/hpke
 crypto/internal/mlkem768
+crypto/md5
 crypto/rc4
 crypto/rsa
 crypto/sha1
@@ -3120,8 +3119,8 @@ crypto/dsa
 crypto/x509/pkix
 encoding/pem
 vendor/golang.org/x/text/transform
-crypto/x509
 vendor/golang.org/x/text/unicode/bidi
+crypto/x509
 vendor/golang.org/x/text/secure/bidirule
 vendor/golang.org/x/text/unicode/norm
 vendor/golang.org/x/net/idna
@@ -3139,18 +3138,18 @@ net/http/internal/ascii
 github.com/sirupsen/logrus
 golang.org/x/net/internal/socket
 golang.org/x/net/bpf
-golang.org/x/net/ipv4
 net/http/httptrace
 net/http
+golang.org/x/net/ipv4
 golang.org/x/net/ipv6
 golang.org/x/net/icmp
 github.com/tatsushid/go-fastping
 net/rpc
 github.com/noironetworks/aci-containers/pkg/eprpcclient
 github.com/noironetworks/aci-containers/cmd/opflexagentcni
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:18:17.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:18:17.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:18:17.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:18:17.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/netop-cni github.com/noironetworks/aci-containers/cmd/opflexagentcni
-internal/unsafeheader
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:28:21.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:28:21.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:28:21.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:28:21.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/netop-cni github.com/noironetworks/aci-containers/cmd/opflexagentcni
 internal/goarch
+internal/unsafeheader
 internal/cpu
 internal/abi
 internal/bytealg
@@ -3162,8 +3161,8 @@ internal/goexperiment
 internal/goos
 internal/profilerecord
 internal/runtime/atomic
-internal/runtime/syscall
 internal/runtime/exithook
+internal/runtime/syscall
 internal/stringslite
 runtime/internal/math
 runtime/internal/sys
@@ -3208,14 +3207,14 @@ io/fs
 encoding/binary
 internal/fmtsort
 internal/filepathlite
+encoding/base64
 internal/syscall/unix
 internal/poll
-encoding/base64
 internal/syscall/execenv
 internal/testlog
 strings
-os
 context
+os
 vendor/golang.org/x/net/dns/dnsmessage
 internal/singleflight
 math/rand/v2
@@ -3236,17 +3235,17 @@ os/exec
 hash
 crypto
 crypto/cipher
-github.com/containernetworking/cni/pkg/types
 crypto/internal/boring
 crypto/internal/randutil
 math/rand
+github.com/containernetworking/cni/pkg/types
 github.com/containernetworking/cni/pkg/utils
 github.com/containernetworking/cni/pkg/types/internal
+math/big
 github.com/containernetworking/cni/pkg/types/020
-github.com/containernetworking/cni/pkg/types/create
 github.com/containernetworking/cni/pkg/types/040
-math/big
 github.com/containernetworking/cni/pkg/types/100
+github.com/containernetworking/cni/pkg/types/create
 github.com/containernetworking/cni/pkg/version
 github.com/containernetworking/cni/pkg/skel
 github.com/containernetworking/cni/pkg/invoke
@@ -3278,21 +3277,21 @@ crypto/aes
 crypto/des
 crypto/internal/edwards25519/field
 crypto/internal/nistec/fiat
-github.com/containernetworking/plugins/pkg/ip
 embed
 crypto/internal/nistec
+github.com/containernetworking/plugins/pkg/ip
 github.com/containernetworking/plugins/pkg/ipam
 crypto/internal/bigmod
-crypto/internal/boring/bbig
-crypto/sha512
 crypto/ecdh
 crypto/elliptic
+crypto/internal/boring/bbig
+crypto/sha512
 encoding/asn1
 crypto/internal/edwards25519
 crypto/ed25519
 crypto/hmac
-vendor/golang.org/x/crypto/cryptobyte
 vendor/golang.org/x/crypto/chacha20
+vendor/golang.org/x/crypto/cryptobyte
 vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
@@ -3301,9 +3300,9 @@ vendor/golang.org/x/crypto/hkdf
 crypto/internal/hpke
 vendor/golang.org/x/crypto/sha3
 crypto/md5
-crypto/internal/mlkem768
 crypto/rc4
 crypto/rsa
+crypto/internal/mlkem768
 crypto/sha1
 crypto/sha256
 crypto/dsa
@@ -3338,11 +3337,11 @@ github.com/tatsushid/go-fastping
 net/rpc
 github.com/noironetworks/aci-containers/pkg/eprpcclient
 github.com/noironetworks/aci-containers/cmd/opflexagentcni
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:18:44.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:18:44.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:18:44.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:18:44.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-controller github.com/noironetworks/aci-containers/cmd/controller
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:28:49.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:28:49.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:28:49.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:28:49.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-controller github.com/noironetworks/aci-containers/cmd/controller
 internal/goarch
 internal/unsafeheader
-internal/abi
 internal/cpu
+internal/abi
 internal/bytealg
 internal/byteorder
 internal/chacha8rand
@@ -3352,9 +3351,9 @@ internal/goexperiment
 internal/goos
 internal/profilerecord
 internal/runtime/atomic
-internal/runtime/exithook
 internal/runtime/syscall
 internal/stringslite
+internal/runtime/exithook
 runtime/internal/math
 runtime/internal/sys
 internal/race
@@ -3444,8 +3443,8 @@ internal/reflectlite
 sync
 iter
 slices
-internal/bisect
 errors
+internal/bisect
 io
 strconv
 bytes
@@ -3474,16 +3473,16 @@ crypto/internal/boring
 crypto/internal/randutil
 math/rand
 crypto/md5
-fmt
 crypto/sha1
+fmt
 vendor/golang.org/x/net/dns/dnsmessage
+internal/singleflight
+math/rand/v2
 encoding/json
 flag
 math/big
 database/sql/driver
 encoding/hex
-internal/singleflight
-math/rand/v2
 internal/concurrent
 internal/weak
 unique
@@ -3491,8 +3490,8 @@ net/netip
 crypto/rand
 sort
 bufio
-net
 log
+net
 github.com/gogo/protobuf/proto
 github.com/google/uuid
 github.com/gogo/protobuf/sortkeys
@@ -3511,14 +3510,14 @@ k8s.io/utils/net
 log/slog/internal/buffer
 log/slog
 github.com/go-logr/logr
-k8s.io/apimachinery/pkg/util/errors
-k8s.io/apimachinery/pkg/util/validation/field
 k8s.io/klog/v2/internal/severity
+k8s.io/apimachinery/pkg/util/errors
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock
-k8s.io/apimachinery/pkg/util/validation
+k8s.io/apimachinery/pkg/util/validation/field
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
+k8s.io/apimachinery/pkg/util/validation
 k8s.io/klog/v2/internal/sloghandler
 os/user
 path/filepath
@@ -3544,8 +3543,8 @@ hash/crc32
 compress/gzip
 crypto/aes
 sigs.k8s.io/json
-k8s.io/apimachinery/pkg/util/json
 crypto/des
+k8s.io/apimachinery/pkg/util/json
 crypto/internal/edwards25519/field
 crypto/internal/nistec/fiat
 embed
@@ -3561,8 +3560,8 @@ crypto/elliptic
 crypto/ed25519
 crypto/hmac
 vendor/golang.org/x/crypto/chacha20
-crypto/ecdsa
 vendor/golang.org/x/crypto/internal/poly1305
+crypto/ecdsa
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/hkdf
@@ -3595,8 +3594,8 @@ net/http/internal/ascii
 io/ioutil
 github.com/modern-go/concurrent
 github.com/modern-go/reflect2
-github.com/json-iterator/go
 net/http/httptrace
+github.com/json-iterator/go
 net/http
 gopkg.in/yaml.v2
 sigs.k8s.io/structured-merge-diff/v4/value
@@ -3620,8 +3619,8 @@ k8s.io/apimachinery/pkg/runtime/serializer/json
 k8s.io/apimachinery/pkg/runtime/serializer/streaming
 k8s.io/apimachinery/pkg/version
 k8s.io/client-go/pkg/version
-k8s.io/apimachinery/pkg/util/net
 golang.org/x/sys/unix
+k8s.io/apimachinery/pkg/util/net
 k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/pkg/apis/meta/v1
 golang.org/x/term
@@ -3637,19 +3636,19 @@ k8s.io/client-go/util/connrotation
 container/heap
 golang.org/x/time/rate
 k8s.io/client-go/util/workqueue
-k8s.io/client-go/transport
 github.com/noironetworks/aci-containers/pkg/accprovisioninput/apis/aci.ctrl/v1alpha1
 k8s.io/apimachinery/pkg/runtime/serializer/protobuf
 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured
 k8s.io/apimachinery/pkg/api/errors
 k8s.io/client-go/pkg/apis/clientauthentication
-k8s.io/apimachinery/pkg/runtime/serializer/versioning
 k8s.io/client-go/pkg/apis/clientauthentication/v1
-k8s.io/apimachinery/pkg/runtime/serializer
+k8s.io/apimachinery/pkg/runtime/serializer/versioning
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
+k8s.io/apimachinery/pkg/runtime/serializer
 github.com/noironetworks/aci-containers/pkg/accprovisioninput/clientset/versioned/scheme
-os/exec
 k8s.io/client-go/pkg/apis/clientauthentication/install
+k8s.io/client-go/transport
+os/exec
 k8s.io/client-go/rest/watch
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/cert
@@ -3663,11 +3662,11 @@ google.golang.org/protobuf/internal/errors
 google.golang.org/protobuf/encoding/protowire
 google.golang.org/protobuf/internal/pragma
 google.golang.org/protobuf/reflect/protoreflect
-github.com/noironetworks/aci-containers/pkg/accprovisioninput/clientset/versioned/typed/aci.ctrl/v1alpha1
 google.golang.org/protobuf/internal/encoding/messageset
+github.com/noironetworks/aci-containers/pkg/accprovisioninput/clientset/versioned/typed/aci.ctrl/v1alpha1
 google.golang.org/protobuf/internal/strs
-google.golang.org/protobuf/internal/genid
 google.golang.org/protobuf/internal/encoding/text
+google.golang.org/protobuf/internal/genid
 google.golang.org/protobuf/internal/order
 google.golang.org/protobuf/reflect/protoregistry
 google.golang.org/protobuf/runtime/protoiface
@@ -3681,8 +3680,8 @@ gopkg.in/yaml.v3
 google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/internal/filedesc
 google.golang.org/protobuf/internal/encoding/tag
-google.golang.org/protobuf/internal/impl
 github.com/google/gnostic-models/jsonschema
+google.golang.org/protobuf/internal/impl
 k8s.io/api/apidiscovery/v2beta1
 k8s.io/api/admissionregistration/v1
 k8s.io/api/admissionregistration/v1alpha1
@@ -3690,17 +3689,17 @@ k8s.io/api/admissionregistration/v1beta1
 google.golang.org/protobuf/internal/filetype
 google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/descriptorpb
-google.golang.org/protobuf/types/gofeaturespb
-google.golang.org/protobuf/reflect/protodesc
 google.golang.org/protobuf/types/known/anypb
 github.com/golang/protobuf/ptypes/any
 google.golang.org/protobuf/types/known/durationpb
 github.com/golang/protobuf/ptypes/duration
 google.golang.org/protobuf/types/known/timestamppb
+google.golang.org/protobuf/types/gofeaturespb
 github.com/golang/protobuf/ptypes/timestamp
+google.golang.org/protobuf/reflect/protodesc
 k8s.io/api/apiserverinternal/v1alpha1
-github.com/golang/protobuf/proto
 k8s.io/api/core/v1
+github.com/golang/protobuf/proto
 github.com/golang/protobuf/ptypes
 github.com/google/gnostic-models/extensions
 github.com/google/gnostic-models/compiler
@@ -3718,8 +3717,6 @@ k8s.io/api/flowcontrol/v1beta1
 k8s.io/api/flowcontrol/v1beta2
 k8s.io/api/flowcontrol/v1beta3
 k8s.io/api/networking/v1alpha1
-k8s.io/api/policy/v1
-k8s.io/api/policy/v1beta1
 k8s.io/api/apps/v1
 k8s.io/api/apps/v1beta1
 k8s.io/api/apps/v1beta2
@@ -3741,6 +3738,8 @@ k8s.io/api/networking/v1beta1
 k8s.io/api/node/v1
 k8s.io/api/node/v1alpha1
 k8s.io/api/node/v1beta1
+k8s.io/api/policy/v1
+k8s.io/api/policy/v1beta1
 k8s.io/api/rbac/v1
 k8s.io/api/rbac/v1alpha1
 k8s.io/api/rbac/v1beta1
@@ -3753,10 +3752,10 @@ k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
 k8s.io/apimachinery/pkg/api/meta
 k8s.io/apimachinery/pkg/api/equality
-k8s.io/apimachinery/pkg/apis/meta/v1/validation
-k8s.io/apimachinery/pkg/api/validation
 k8s.io/client-go/kubernetes/scheme
+k8s.io/apimachinery/pkg/apis/meta/v1/validation
 github.com/google/gnostic-models/openapiv3
+k8s.io/apimachinery/pkg/api/validation
 github.com/josharian/intern
 github.com/mailru/easyjson/jlexer
 github.com/mailru/easyjson/buffer
@@ -3767,19 +3766,19 @@ github.com/go-openapi/jsonreference/internal
 github.com/go-openapi/jsonreference
 encoding/base32
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
+k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/validation/spec
-k8s.io/kube-openapi/pkg/util/proto
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 sigs.k8s.io/structured-merge-diff/v4/typed
 k8s.io/kube-openapi/pkg/schemaconv
 sigs.k8s.io/structured-merge-diff/v4/merge
 github.com/munnerz/goautoneg
+k8s.io/apimachinery/pkg/util/managedfields/internal
 k8s.io/kube-openapi/pkg/cached
 hash/adler32
 compress/zlib
-k8s.io/apimachinery/pkg/util/managedfields/internal
 encoding/xml
 k8s.io/apimachinery/pkg/util/managedfields
 github.com/emicklei/go-restful/v3/log
@@ -3809,18 +3808,18 @@ k8s.io/client-go/applyconfigurations/meta/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/applyconfiguration/aci.fabricattachment/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/typed/aci.fabricattachment/v1
-github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
-github.com/gorilla/mux
+github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/scheme
-github.com/eapache/go-resiliency/breaker
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
+github.com/gorilla/mux
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
+github.com/eapache/go-resiliency/breaker
 github.com/golang/snappy
 github.com/eapache/go-xerial-snappy
 github.com/hashicorp/errwrap
-github.com/hashicorp/go-multierror
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
 github.com/jcmturner/gofork/encoding/asn1
+github.com/hashicorp/go-multierror
 github.com/jcmturner/dnsutils/v2
 internal/saferio
 encoding/gob
@@ -3840,22 +3839,22 @@ github.com/jcmturner/gokrb5/v8/crypto/rfc8009
 github.com/jcmturner/gokrb5/v8/types
 github.com/jcmturner/gokrb5/v8/crypto
 github.com/jcmturner/gokrb5/v8/iana/errorcode
+github.com/jcmturner/gokrb5/v8/keytab
 github.com/jcmturner/gokrb5/v8/krberror
 github.com/jcmturner/rpc/v2/ndr
-github.com/jcmturner/gokrb5/v8/keytab
 github.com/jcmturner/gokrb5/v8/credentials
-github.com/jcmturner/rpc/v2/mstypes
 github.com/jcmturner/gokrb5/v8/gssapi
-github.com/jcmturner/gokrb5/v8/pac
 github.com/klauspost/compress/fse
-github.com/jcmturner/gokrb5/v8/messages
+github.com/jcmturner/rpc/v2/mstypes
 github.com/klauspost/compress/huff0
-github.com/jcmturner/gokrb5/v8/kadmin
-github.com/jcmturner/gokrb5/v8/client
+github.com/jcmturner/gokrb5/v8/pac
+github.com/jcmturner/gokrb5/v8/messages
 github.com/klauspost/compress/internal/snapref
 github.com/klauspost/compress/zstd/internal/xxhash
-github.com/pierrec/lz4/v4/internal/lz4block
+github.com/jcmturner/gokrb5/v8/kadmin
 github.com/klauspost/compress/zstd
+github.com/jcmturner/gokrb5/v8/client
+github.com/pierrec/lz4/v4/internal/lz4block
 github.com/pierrec/lz4/v4/internal/xxh32
 github.com/pierrec/lz4/v4/internal/lz4stream
 github.com/pierrec/lz4/v4
@@ -3884,35 +3883,35 @@ google.golang.org/grpc/connectivity
 google.golang.org/grpc/attributes
 google.golang.org/grpc/internal/credentials
 google.golang.org/grpc/credentials
-github.com/noironetworks/aci-containers/pkg/gbpserver/kafkac
 google.golang.org/grpc/resolver
 google.golang.org/grpc/internal
-google.golang.org/grpc/internal/grpcrand
-google.golang.org/grpc/credentials/insecure
 google.golang.org/grpc/internal/channelz
+google.golang.org/grpc/channelz
 google.golang.org/grpc/metadata
+google.golang.org/grpc/balancer
+google.golang.org/grpc/balancer/base
+google.golang.org/grpc/internal/grpcrand
+google.golang.org/grpc/balancer/roundrobin
 google.golang.org/grpc/codes
+google.golang.org/grpc/credentials/insecure
 google.golang.org/grpc/internal/envconfig
 google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/encoding
 google.golang.org/grpc/encoding/proto
 google.golang.org/grpc/internal/backoff
+google.golang.org/grpc/internal/balancer/gracefulswitch
+github.com/noironetworks/aci-containers/pkg/gbpserver/kafkac
 google.golang.org/grpc/internal/balancerload
 google.golang.org/grpc/binarylog/grpc_binarylog_v1
-google.golang.org/grpc/channelz
-google.golang.org/grpc/balancer
-google.golang.org/grpc/balancer/base
-google.golang.org/grpc/balancer/roundrobin
-google.golang.org/grpc/internal/balancer/gracefulswitch
 google.golang.org/genproto/googleapis/rpc/status
 google.golang.org/grpc/internal/buffer
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/status
-google.golang.org/grpc/status
 google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
-google.golang.org/grpc/internal/binarylog
+google.golang.org/grpc/status
 google.golang.org/protobuf/internal/encoding/json
+google.golang.org/grpc/internal/binarylog
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/serviceconfig
 google.golang.org/grpc/internal/resolver
@@ -3923,16 +3922,16 @@ google.golang.org/grpc/internal/syscall
 google.golang.org/grpc/keepalive
 google.golang.org/grpc/peer
 google.golang.org/grpc/stats
-github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/tap
 net/http/httputil
+github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/balancer/grpclb/state
 google.golang.org/grpc/internal/resolver/dns/internal
 google.golang.org/grpc/internal/resolver/dns
 google.golang.org/grpc/internal/pretty
-google.golang.org/grpc/internal/transport
 google.golang.org/grpc/resolver/dns
 go.etcd.io/etcd/api/v3/v3rpc/rpctypes
+google.golang.org/grpc/internal/transport
 github.com/coreos/go-semver/semver
 go.etcd.io/etcd/api/v3/version
 github.com/coreos/go-systemd/v22/journal
@@ -3944,10 +3943,10 @@ go.uber.org/zap/internal/bufferpool
 go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
 go.uber.org/zap/zapcore
+google.golang.org/grpc
 go.uber.org/zap/internal
 go.uber.org/zap/internal/stacktrace
 go.uber.org/zap
-google.golang.org/grpc
 go.etcd.io/etcd/client/pkg/v3/logutil
 go.etcd.io/etcd/client/pkg/v3/types
 go.etcd.io/etcd/client/v3/credentials
@@ -3956,9 +3955,9 @@ google.golang.org/grpc/resolver/manual
 go.etcd.io/etcd/client/v3/internal/resolver
 go.uber.org/zap/zapgrpc
 github.com/noironetworks/aci-containers/pkg/netflowpolicy/apis/aci.netflow/v1alpha
-go.etcd.io/etcd/api/v3/etcdserverpb
 github.com/noironetworks/aci-containers/pkg/netflowpolicy/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/netflowpolicy/clientset/versioned/typed/aci.netflow/v1alpha
+go.etcd.io/etcd/api/v3/etcdserverpb
 github.com/noironetworks/aci-containers/pkg/netflowpolicy/clientset/versioned
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/function
@@ -3980,11 +3979,11 @@ github.com/noironetworks/aci-containers/pkg/istiocrd/apis/aci.istio/v1
 github.com/noironetworks/aci-containers/pkg/istiocrd/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/istiocrd/clientset/versioned/typed/aci.istio/v1
 github.com/noironetworks/aci-containers/pkg/istiocrd/clientset/versioned
-go.etcd.io/etcd/client/v3
 github.com/noironetworks/aci-containers/pkg/metadata
 github.com/noironetworks/aci-containers/pkg/nodeinfo/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/typed/aci.snat/v1
+go.etcd.io/etcd/client/v3
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/nodepodif/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/scheme
@@ -3995,14 +3994,14 @@ github.com/noironetworks/aci-containers/pkg/proactiveconf/applyconfiguration/aci
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/typed/aci.pc/v1
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned
-github.com/noironetworks/aci-containers/pkg/objdb
 github.com/noironetworks/aci-containers/pkg/qospolicy/apis/aci.qos/v1
-github.com/noironetworks/aci-containers/pkg/gbpserver
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/typed/aci.qos/v1
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/objdb
 github.com/noironetworks/aci-containers/pkg/rdconfig/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/scheme
+github.com/noironetworks/aci-containers/pkg/gbpserver
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/typed/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatglobalinfo/apis/aci.snat/v1
@@ -4017,11 +4016,11 @@ k8s.io/client-go/applyconfigurations/internal
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
-github.com/noironetworks/aci-containers/pkg/gbpserver/watchers
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
-k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
+k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
+github.com/noironetworks/aci-containers/pkg/gbpserver/watchers
 k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
 k8s.io/client-go/applyconfigurations/core/v1
 k8s.io/client-go/applyconfigurations/autoscaling/v1
@@ -4037,8 +4036,6 @@ k8s.io/client-go/applyconfigurations/autoscaling/v2beta1
 k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1
 k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
 k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
-k8s.io/client-go/applyconfigurations/certificates/v1
-k8s.io/client-go/kubernetes/typed/certificates/v1
 k8s.io/client-go/applyconfigurations/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta1
 k8s.io/client-go/kubernetes/typed/apps/v1beta1
@@ -4048,43 +4045,45 @@ k8s.io/client-go/applyconfigurations/batch/v1
 k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/kubernetes/typed/apps/v1beta2
 k8s.io/client-go/applyconfigurations/batch/v1beta1
-k8s.io/client-go/applyconfigurations/certificates/v1alpha1
+k8s.io/client-go/applyconfigurations/certificates/v1
 k8s.io/client-go/kubernetes/typed/batch/v1beta1
-k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
+k8s.io/client-go/kubernetes/typed/certificates/v1
+k8s.io/client-go/applyconfigurations/certificates/v1alpha1
 k8s.io/client-go/applyconfigurations/certificates/v1beta1
-k8s.io/client-go/applyconfigurations/coordination/v1
-k8s.io/client-go/kubernetes/typed/coordination/v1
+k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
 k8s.io/client-go/kubernetes/typed/certificates/v1beta1
+k8s.io/client-go/applyconfigurations/coordination/v1
 k8s.io/client-go/applyconfigurations/coordination/v1beta1
-k8s.io/client-go/tools/reference
-k8s.io/client-go/kubernetes/typed/core/v1
+k8s.io/client-go/kubernetes/typed/coordination/v1
 k8s.io/client-go/kubernetes/typed/coordination/v1beta1
+k8s.io/client-go/tools/reference
 k8s.io/client-go/applyconfigurations/discovery/v1
+k8s.io/client-go/kubernetes/typed/core/v1
 k8s.io/client-go/kubernetes/typed/discovery/v1
 k8s.io/client-go/applyconfigurations/discovery/v1beta1
 k8s.io/client-go/kubernetes/typed/discovery/v1beta1
 k8s.io/client-go/applyconfigurations/events/v1
 k8s.io/client-go/kubernetes/typed/events/v1
 k8s.io/client-go/applyconfigurations/events/v1beta1
-k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/events/v1beta1
+k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1
-k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
+k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2
-k8s.io/client-go/applyconfigurations/networking/v1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3
+k8s.io/client-go/applyconfigurations/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1alpha1
-k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/kubernetes/typed/networking/v1alpha1
+k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1beta1
 k8s.io/client-go/applyconfigurations/node/v1
-k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/kubernetes/typed/networking/v1beta1
+k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/applyconfigurations/node/v1alpha1
 k8s.io/client-go/applyconfigurations/node/v1beta1
 k8s.io/client-go/kubernetes/typed/node/v1alpha1
@@ -4102,15 +4101,15 @@ k8s.io/client-go/applyconfigurations/resource/v1alpha2
 k8s.io/client-go/kubernetes/typed/rbac/v1beta1
 k8s.io/client-go/kubernetes/typed/resource/v1alpha2
 k8s.io/client-go/applyconfigurations/scheduling/v1
-k8s.io/client-go/kubernetes/typed/scheduling/v1
 k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
-k8s.io/client-go/applyconfigurations/scheduling/v1beta1
+k8s.io/client-go/kubernetes/typed/scheduling/v1
 k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
-k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
+k8s.io/client-go/applyconfigurations/scheduling/v1beta1
 k8s.io/client-go/applyconfigurations/storage/v1
+k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
 k8s.io/client-go/applyconfigurations/storage/v1alpha1
-k8s.io/client-go/kubernetes/typed/storage/v1alpha1
 k8s.io/client-go/kubernetes/typed/storage/v1
+k8s.io/client-go/kubernetes/typed/storage/v1alpha1
 k8s.io/client-go/applyconfigurations/storage/v1beta1
 github.com/openshift/api/config/v1
 k8s.io/client-go/kubernetes/typed/storage/v1beta1
@@ -4127,13 +4126,13 @@ k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1
 k8s.io/apiextensions-apiserver/pkg/client/applyconfiguration/apiextensions/v1
-github.com/imdario/mergo
-encoding/csv
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
+github.com/imdario/mergo
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1
-github.com/spf13/pflag
+encoding/csv
 k8s.io/client-go/tools/auth
 k8s.io/client-go/tools/clientcmd/api/v1
+github.com/spf13/pflag
 k8s.io/client-go/tools/clientcmd/api/latest
 k8s.io/client-go/util/homedir
 k8s.io/kubectl/pkg/util
@@ -4169,26 +4168,26 @@ github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/promhttp
 k8s.io/component-base/metrics/prometheusextension
 github.com/prometheus/client_golang/prometheus/collectors
-k8s.io/component-base/metrics
 k8s.io/kubernetes/pkg/apis/core/helper
+k8s.io/component-base/metrics
 k8s.io/kubernetes/pkg/api/legacyscheme
 k8s.io/kubernetes/pkg/api/v1/service
 k8s.io/kubernetes/pkg/apis/autoscaling
 k8s.io/kubernetes/pkg/apis/apps
+github.com/opencontainers/go-digest
+github.com/distribution/reference
 k8s.io/component-base/metrics/legacyregistry
 k8s.io/component-base/metrics/prometheus/feature
-github.com/opencontainers/go-digest
+k8s.io/kubernetes/pkg/util/parsers
+k8s.io/component-helpers/node/util/sysctl
+k8s.io/component-helpers/scheduling/corev1/nodeaffinity
 k8s.io/component-base/featuregate
-github.com/distribution/reference
 k8s.io/apiserver/pkg/util/feature
 k8s.io/apiextensions-apiserver/pkg/features
 k8s.io/apiserver/pkg/features
+k8s.io/component-helpers/scheduling/corev1
 k8s.io/kubernetes/pkg/features
-k8s.io/kubernetes/pkg/util/parsers
-k8s.io/component-helpers/node/util/sysctl
 k8s.io/kubernetes/pkg/apis/core/v1
-k8s.io/component-helpers/scheduling/corev1/nodeaffinity
-k8s.io/component-helpers/scheduling/corev1
 k8s.io/kubelet/pkg/apis
 k8s.io/kubernetes/pkg/api/service
 k8s.io/kubernetes/pkg/apis/core/helper/qos
@@ -4214,8 +4213,8 @@ k8s.io/apiserver/pkg/admission
 k8s.io/kubernetes/pkg/apis/core/install
 k8s.io/kube-openapi/pkg/util
 k8s.io/apiserver/pkg/endpoints/openapi
-k8s.io/apiserver/pkg/cel/openapi/resolver
 k8s.io/apiserver/pkg/quota/v1
+k8s.io/apiserver/pkg/cel/openapi/resolver
 k8s.io/client-go/dynamic
 k8s.io/client-go/informers/internalinterfaces
 k8s.io/client-go/listers/admissionregistration/v1
@@ -4240,8 +4239,8 @@ k8s.io/client-go/listers/autoscaling/v2
 k8s.io/client-go/informers/autoscaling/v2
 k8s.io/client-go/informers/apps
 k8s.io/client-go/listers/autoscaling/v2beta1
-k8s.io/client-go/listers/autoscaling/v2beta2
 k8s.io/client-go/informers/autoscaling/v2beta1
+k8s.io/client-go/listers/autoscaling/v2beta2
 k8s.io/client-go/informers/autoscaling/v2beta2
 k8s.io/client-go/listers/batch/v1
 k8s.io/client-go/informers/autoscaling
@@ -4251,14 +4250,14 @@ k8s.io/client-go/listers/certificates/v1
 k8s.io/client-go/informers/certificates/v1
 k8s.io/client-go/informers/batch/v1beta1
 k8s.io/client-go/listers/certificates/v1alpha1
-k8s.io/client-go/informers/certificates/v1alpha1
 k8s.io/client-go/informers/batch
+k8s.io/client-go/informers/certificates/v1alpha1
 k8s.io/client-go/listers/certificates/v1beta1
-k8s.io/client-go/listers/coordination/v1
 k8s.io/client-go/informers/certificates/v1beta1
+k8s.io/client-go/listers/coordination/v1
 k8s.io/client-go/informers/coordination/v1
-k8s.io/client-go/listers/coordination/v1beta1
 k8s.io/client-go/informers/certificates
+k8s.io/client-go/listers/coordination/v1beta1
 k8s.io/client-go/informers/coordination/v1beta1
 k8s.io/client-go/listers/core/v1
 k8s.io/client-go/informers/coordination
@@ -4303,9 +4302,9 @@ k8s.io/client-go/listers/policy/v1
 k8s.io/client-go/informers/policy/v1
 k8s.io/client-go/informers/node
 k8s.io/client-go/listers/policy/v1beta1
+k8s.io/client-go/informers/policy/v1beta1
 k8s.io/client-go/listers/rbac/v1
 k8s.io/client-go/informers/rbac/v1
-k8s.io/client-go/informers/policy/v1beta1
 k8s.io/client-go/informers/policy
 k8s.io/client-go/listers/rbac/v1alpha1
 k8s.io/client-go/informers/rbac/v1alpha1
@@ -4330,14 +4329,14 @@ k8s.io/client-go/listers/storage/v1beta1
 k8s.io/client-go/informers/storage/v1beta1
 google.golang.org/protobuf/types/known/emptypb
 google.golang.org/protobuf/types/known/structpb
-k8s.io/client-go/informers/storage
 google.golang.org/genproto/googleapis/api/expr/v1alpha1
+k8s.io/client-go/informers/storage
 github.com/google/cel-go/checker/decls
 github.com/google/cel-go/common/runes
 golang.org/x/text/width
 github.com/google/cel-go/common
-k8s.io/client-go/informers
 google.golang.org/protobuf/types/dynamicpb
+k8s.io/client-go/informers
 google.golang.org/protobuf/types/known/wrapperspb
 github.com/google/cel-go/common/types/pb
 github.com/google/cel-go/common/types/ref
@@ -4345,9 +4344,9 @@ github.com/google/cel-go/common/types/traits
 github.com/stoewer/go-strcase
 github.com/google/cel-go/common/types
 github.com/google/cel-go/common/ast
-k8s.io/apiserver/pkg/admission/initializer
 github.com/google/cel-go/common/containers
 github.com/google/cel-go/common/debug
+k8s.io/apiserver/pkg/admission/initializer
 github.com/google/cel-go/common/functions
 github.com/google/cel-go/common/decls
 github.com/google/cel-go/common/stdlib
@@ -4360,12 +4359,12 @@ golang.org/x/text/internal/tag
 golang.org/x/text/internal/language
 golang.org/x/text/internal/language/compact
 golang.org/x/text/language
+github.com/google/cel-go/parser/gen
 golang.org/x/text/internal/catmsg
 golang.org/x/text/internal/stringset
 golang.org/x/text/internal/number
 golang.org/x/text/internal
 golang.org/x/text/message/catalog
-github.com/google/cel-go/parser/gen
 golang.org/x/text/feature/plural
 golang.org/x/text/internal/format
 golang.org/x/text/message
@@ -4382,27 +4381,23 @@ github.com/asaskevich/govalidator
 k8s.io/kube-openapi/pkg/validation/errors
 k8s.io/kube-openapi/pkg/validation/strfmt/bson
 net/mail
+github.com/google/cel-go/parser
 k8s.io/kube-openapi/pkg/validation/strfmt
 k8s.io/apiserver/pkg/warning
 k8s.io/client-go/dynamic/dynamiclister
 k8s.io/client-go/dynamic/dynamicinformer
-github.com/google/cel-go/parser
 go.opentelemetry.io/otel/internal/attribute
 go.opentelemetry.io/otel/attribute
+github.com/google/cel-go/checker
 go.opentelemetry.io/otel/codes
 go.opentelemetry.io/otel/trace
 k8s.io/apiserver/pkg/apis/apiserver/v1alpha1
+github.com/google/cel-go/cel
 k8s.io/apiserver/pkg/apis/apiserver/v1beta1
-github.com/google/cel-go/checker
 k8s.io/apiserver/pkg/apis/apiserver/install
 k8s.io/apiserver/pkg/server/egressselector/metrics
 github.com/felixge/httpsnoop
 go.opentelemetry.io/otel/semconv/v1.20.0
-github.com/google/cel-go/cel
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
-github.com/go-logr/logr/funcr
-github.com/go-logr/stdr
-go.opentelemetry.io/otel/metric
 k8s.io/apiserver/pkg/cel
 github.com/google/cel-go/ext
 k8s.io/apiserver/pkg/cel/library
@@ -4412,38 +4407,42 @@ k8s.io/apiserver/pkg/cel/environment
 k8s.io/apiserver/pkg/admission/plugin/cel
 k8s.io/apiserver/pkg/cel/openapi
 k8s.io/apiserver/pkg/admission/plugin/webhook/matchconditions
-go.opentelemetry.io/otel/internal/baggage
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
 k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy
+github.com/go-logr/logr/funcr
+github.com/go-logr/stdr
+go.opentelemetry.io/otel/metric
+go.opentelemetry.io/otel/internal/baggage
 go.opentelemetry.io/otel/baggage
 go.opentelemetry.io/otel/propagation
 go.opentelemetry.io/otel/internal/global
 go.opentelemetry.io/otel
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
 go.opentelemetry.io/otel/semconv/v1.24.0
-go.opentelemetry.io/otel/sdk/resource
 go.opentelemetry.io/otel/sdk/internal
 go.opentelemetry.io/otel/sdk/internal/env
 go.opentelemetry.io/otel/trace/noop
+go.opentelemetry.io/otel/sdk/resource
 runtime/trace
-go.opentelemetry.io/otel/sdk/trace
 go.opentelemetry.io/proto/otlp/common/v1
 go.opentelemetry.io/proto/otlp/resource/v1
 go.opentelemetry.io/proto/otlp/trace/v1
+go.opentelemetry.io/otel/sdk/trace
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
 github.com/cenkalti/backoff/v4
-go.opentelemetry.io/otel/exporters/otlp/otlptrace
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
 google.golang.org/grpc/encoding/gzip
 github.com/grpc-ecosystem/grpc-gateway/v2/utilities
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
 google.golang.org/genproto/googleapis/api/httpbody
 google.golang.org/grpc/health/grpc_health_v1
+go.opentelemetry.io/otel/exporters/otlp/otlptrace
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
 google.golang.org/protobuf/types/known/fieldmaskpb
-google.golang.org/genproto/googleapis/rpc/errdetails
 github.com/grpc-ecosystem/grpc-gateway/v2/runtime
+google.golang.org/genproto/googleapis/rpc/errdetails
 go.opentelemetry.io/otel/semconv/v1.17.0
 k8s.io/utils/path
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
@@ -4461,8 +4460,8 @@ k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1
 k8s.io/apiserver/pkg/admission/plugin/webhook/config
-k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/admission/plugin/webhook/errors
+k8s.io/apiserver/pkg/util/webhook
 k8s.io/apimachinery/pkg/util/uuid
 k8s.io/apiserver/pkg/authentication/authenticator
 k8s.io/apiserver/pkg/authentication/group
@@ -4522,28 +4521,28 @@ github.com/prometheus/client_golang/prometheus/testutil/promlint/validations
 github.com/prometheus/client_golang/prometheus/testutil/promlint
 github.com/prometheus/client_golang/prometheus/testutil
 internal/sysinfo
-k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock
 testing
+k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/eventclock
 k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/promise
 k8s.io/apiserver/pkg/util/shufflesharding
 k8s.io/apiserver/pkg/util/flowcontrol/format
 golang.org/x/net/context
 github.com/grpc-ecosystem/go-grpc-prometheus
 go.etcd.io/etcd/client/pkg/v3/fileutil
-k8s.io/component-base/metrics/testutil
 go.etcd.io/etcd/client/pkg/v3/tlsutil
 go.etcd.io/etcd/client/pkg/v3/transport
+k8s.io/component-base/metrics/testutil
 k8s.io/apiserver/pkg/util/flowcontrol/metrics
 k8s.io/apiserver/pkg/util/flowcontrol/request
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
 k8s.io/apiserver/pkg/util/flowcontrol/debug
 k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal
 k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
 k8s.io/apiserver/pkg/storage/value/encrypt/identity
 k8s.io/component-base/metrics/prometheus/slis
-k8s.io/apiserver/pkg/util/flowcontrol
 k8s.io/apiserver/pkg/server/healthz
+k8s.io/apiserver/pkg/util/flowcontrol
 k8s.io/apiserver/pkg/storage/cacher/metrics
 k8s.io/apiserver/pkg/util/peerproxy/metrics
 k8s.io/kube-openapi/pkg/common/restfuladapter
@@ -4552,29 +4551,29 @@ k8s.io/kube-openapi/pkg/schemamutation
 k8s.io/kube-openapi/pkg/builder3/util
 k8s.io/kube-openapi/pkg/builder3
 github.com/NYTimes/gziphandler
+k8s.io/kube-openapi/pkg/handler
 k8s.io/apiserver/pkg/storage/etcd3
 k8s.io/apiserver/pkg/server/filters
-k8s.io/kube-openapi/pkg/handler
+internal/profile
 k8s.io/apiserver/pkg/storage/storagebackend
 k8s.io/apiserver/pkg/storage/storagebackend/factory
-internal/profile
 k8s.io/apiserver/pkg/registry/generic
 k8s.io/apiserver/pkg/server/storage
-github.com/spf13/cobra
 net/http/pprof
+github.com/spf13/cobra
 k8s.io/apiserver/pkg/server/routes
-k8s.io/component-base/cli/flag
 k8s.io/component-base/logs/internal/setverbositylevel
 k8s.io/component-base/logs/klogflags
+k8s.io/component-base/cli/flag
 k8s.io/component-base/metrics/features
-k8s.io/component-base/logs/api/v1
 os/signal
 go.opentelemetry.io/otel/semconv/internal
+k8s.io/component-base/logs/api/v1
 go.opentelemetry.io/otel/semconv/v1.12.0
 gopkg.in/natefinch/lumberjack.v2
 k8s.io/component-base/logs
-k8s.io/apiserver/pkg/server
 k8s.io/apiserver/pkg/apis/audit/validation
+k8s.io/apiserver/pkg/server
 k8s.io/apiserver/pkg/audit/policy
 k8s.io/apiserver/pkg/authentication/cel
 k8s.io/apiserver/pkg/authorization/cel
@@ -4591,8 +4590,8 @@ k8s.io/apiserver/pkg/apis/config/v1
 k8s.io/apiserver/pkg/apis/config/validation
 k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics
 golang.org/x/crypto/hkdf
-k8s.io/apiserver/pkg/storage/value/encrypt/aes
 k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics
+k8s.io/apiserver/pkg/storage/value/encrypt/aes
 k8s.io/kms/apis/v1beta1
 k8s.io/kms/pkg/util
 k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2
@@ -4621,13 +4620,13 @@ k8s.io/cloud-provider/controllers/node/config/v1alpha1
 k8s.io/cloud-provider/controllers/service/config/v1alpha1
 k8s.io/component-base/config/v1alpha1
 k8s.io/controller-manager/config/v1alpha1
-k8s.io/component-base/config/options
 k8s.io/cloud-provider/config/v1alpha1
+k8s.io/component-base/config/options
 k8s.io/controller-manager/config/v1
-k8s.io/controller-manager/config/v1beta1
 k8s.io/cloud-provider/config/install
-k8s.io/controller-manager/pkg/leadermigration/config
+k8s.io/controller-manager/config/v1beta1
 k8s.io/controller-manager/pkg/clientbuilder
+k8s.io/controller-manager/pkg/leadermigration/config
 k8s.io/controller-manager/pkg/leadermigration/options
 k8s.io/controller-manager/options
 k8s.io/controller-manager/pkg/features
@@ -4636,16 +4635,16 @@ k8s.io/kubernetes/pkg/util/hash
 k8s.io/kubernetes/pkg/util/taints
 github.com/evanphx/json-patch/v5
 k8s.io/client-go/metadata
-k8s.io/client-go/restmapper
 k8s.io/cloud-provider/options
+k8s.io/client-go/restmapper
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
 sigs.k8s.io/controller-runtime/pkg/log
 sigs.k8s.io/controller-runtime/pkg/client
+k8s.io/kubernetes/pkg/cluster/ports
+k8s.io/kubernetes/pkg/apis/core/validation
 sigs.k8s.io/controller-runtime/pkg/internal/log
 sigs.k8s.io/controller-runtime/pkg/client/config
-k8s.io/kubernetes/pkg/cluster/ports
 github.com/aws/aws-sdk-go/aws/awserr
-k8s.io/kubernetes/pkg/apis/core/validation
 github.com/aws/aws-sdk-go/internal/ini
 github.com/aws/aws-sdk-go/internal/shareddefaults
 github.com/aws/aws-sdk-go/internal/sync/singleflight
@@ -4683,12 +4682,12 @@ github.com/aws/aws-sdk-go/aws/credentials/stscreds
 github.com/aws/aws-sdk-go/aws/csm
 github.com/aws/aws-sdk-go/internal/sdkuri
 github.com/aws/aws-sdk-go/aws/ec2metadata
-github.com/aws/aws-sdk-go/aws/credentials/endpointcreds
 github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds
-github.com/aws/aws-sdk-go/private/protocol/ec2query
+github.com/aws/aws-sdk-go/aws/credentials/endpointcreds
 github.com/aws/aws-sdk-go/aws/defaults
-github.com/aws/aws-sdk-go/service/ec2
 github.com/aws/aws-sdk-go/aws/session
+github.com/aws/aws-sdk-go/private/protocol/ec2query
+github.com/aws/aws-sdk-go/service/ec2
 github.com/aws/aws-sdk-go/service/elbv2
 go.opentelemetry.io/otel/metric/noop
 go.opentelemetry.io/otel/sdk/metric/metricdata
@@ -4698,9 +4697,9 @@ go.opentelemetry.io/otel/sdk/metric
 go.opentelemetry.io/otel/exporters/prometheus
 github.com/noironetworks/aci-containers/pkg/loadbalancer
 github.com/noironetworks/aci-containers/cmd/controller
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:22:33.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:22:33.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:22:33.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:22:33.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/ovsresync github.com/noironetworks/aci-containers/cmd/ovsresync
-internal/goarch
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:32:41.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:32:41.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:32:41.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:32:41.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/ovsresync github.com/noironetworks/aci-containers/cmd/ovsresync
 internal/unsafeheader
+internal/goarch
 internal/cpu
 internal/abi
 internal/bytealg
@@ -4713,8 +4712,8 @@ internal/goos
 internal/profilerecord
 internal/runtime/atomic
 internal/runtime/syscall
-internal/runtime/exithook
 internal/stringslite
+internal/runtime/exithook
 runtime/internal/math
 runtime/internal/sys
 cmp
@@ -4742,8 +4741,8 @@ iter
 internal/reflectlite
 sync
 slices
-errors
 internal/bisect
+errors
 strconv
 io
 internal/oserror
@@ -4755,13 +4754,13 @@ time
 io/fs
 internal/filepathlite
 internal/syscall/unix
-internal/fmtsort
 internal/poll
+internal/fmtsort
 internal/syscall/execenv
 internal/testlog
 bytes
-os
 encoding/binary
+os
 encoding/base64
 strings
 context
@@ -4784,12 +4783,12 @@ internal/saferio
 encoding/gob
 github.com/containernetworking/cni/pkg/types
 github.com/containernetworking/cni/pkg/types/internal
+github.com/noironetworks/aci-containers/pkg/ipam
 github.com/containernetworking/cni/pkg/types/020
 github.com/containernetworking/cni/pkg/types/040
-github.com/containernetworking/cni/pkg/types/100
-github.com/noironetworks/aci-containers/pkg/ipam
-go/token
 github.com/noironetworks/aci-containers/pkg/metadata
+go/token
+github.com/containernetworking/cni/pkg/types/100
 html
 regexp/syntax
 net/url
@@ -4800,8 +4799,8 @@ log
 compress/flate
 hash
 hash/crc32
-html/template
 compress/gzip
+html/template
 crypto
 crypto/cipher
 crypto/internal/boring
@@ -4816,16 +4815,16 @@ crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
-crypto/internal/nistec
 vendor/golang.org/x/crypto/cryptobyte
+crypto/internal/nistec
 crypto/internal/edwards25519
 crypto/ecdh
 crypto/elliptic
 crypto/ed25519
 crypto/hmac
 vendor/golang.org/x/crypto/chacha20
-vendor/golang.org/x/crypto/internal/poly1305
 crypto/ecdsa
+vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/hkdf
@@ -4839,15 +4838,15 @@ crypto/sha1
 crypto/sha256
 crypto/dsa
 encoding/hex
-encoding/pem
 crypto/x509/pkix
+encoding/pem
 vendor/golang.org/x/text/transform
 crypto/x509
 vendor/golang.org/x/text/unicode/bidi
 vendor/golang.org/x/text/secure/bidirule
 vendor/golang.org/x/text/unicode/norm
-vendor/golang.org/x/net/idna
 crypto/tls
+vendor/golang.org/x/net/idna
 net/textproto
 vendor/golang.org/x/net/http/httpguts
 vendor/golang.org/x/net/http/httpproxy
@@ -4863,9 +4862,9 @@ net/http
 net/rpc
 github.com/noironetworks/aci-containers/pkg/eprpcclient
 github.com/noironetworks/aci-containers/cmd/ovsresync
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:22:55.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:22:55.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:22:56.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:22:56.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/gbpserver github.com/noironetworks/aci-containers/cmd/gbpserver
-internal/unsafeheader
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:33:04.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:33:04.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:33:04.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:33:04.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/gbpserver github.com/noironetworks/aci-containers/cmd/gbpserver
 internal/goarch
+internal/unsafeheader
 internal/cpu
 internal/abi
 internal/bytealg
@@ -4973,12 +4972,12 @@ crypto
 crypto/cipher
 crypto/internal/boring
 crypto/hmac
+crypto/sha256
+crypto/sha512
 encoding/json
 flag
 compress/flate
 compress/gzip
-crypto/sha256
-crypto/sha512
 crypto/aes
 crypto/des
 crypto/internal/edwards25519/field
@@ -4997,18 +4996,18 @@ crypto/internal/edwards25519
 crypto/rand
 crypto/ed25519
 vendor/golang.org/x/crypto/chacha20
-vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/crypto/cryptobyte
+vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
-vendor/golang.org/x/crypto/hkdf
 crypto/ecdsa
+vendor/golang.org/x/crypto/hkdf
 crypto/internal/hpke
 vendor/golang.org/x/crypto/sha3
 crypto/md5
-crypto/internal/mlkem768
 crypto/rc4
 crypto/rsa
+crypto/internal/mlkem768
 crypto/sha1
 crypto/dsa
 encoding/hex
@@ -5040,10 +5039,10 @@ encoding/gob
 crypto/x509
 github.com/jcmturner/dnsutils/v2
 github.com/jcmturner/gokrb5/v8/config
+crypto/tls
 github.com/hashicorp/go-uuid
 github.com/jcmturner/gokrb5/v8/crypto/etype
 github.com/jcmturner/gokrb5/v8/crypto/common
-crypto/tls
 github.com/jcmturner/gokrb5/v8/crypto/rfc3961
 github.com/jcmturner/aescts/v2
 github.com/jcmturner/gofork/x/crypto/pbkdf2
@@ -5068,14 +5067,14 @@ github.com/jcmturner/gokrb5/v8/kadmin
 github.com/jcmturner/gokrb5/v8/client
 github.com/jcmturner/gokrb5/v8/gssapi
 github.com/klauspost/compress/fse
-github.com/klauspost/compress/huff0
 github.com/klauspost/compress/internal/snapref
 github.com/klauspost/compress/zstd/internal/xxhash
+github.com/klauspost/compress/huff0
 runtime/debug
 github.com/pierrec/lz4/v4/internal/lz4block
-github.com/klauspost/compress/zstd
 github.com/pierrec/lz4/v4/internal/xxh32
 io/ioutil
+github.com/klauspost/compress/zstd
 github.com/pierrec/lz4/v4/internal/lz4stream
 github.com/pierrec/lz4/v4
 log/syslog
@@ -5083,8 +5082,8 @@ text/tabwriter
 runtime/pprof
 github.com/rcrowley/go-metrics
 golang.org/x/net/internal/socks
-golang.org/x/net/proxy
 hash/fnv
+golang.org/x/net/proxy
 vendor/golang.org/x/text/transform
 github.com/Shopify/sarama
 vendor/golang.org/x/text/unicode/bidi
@@ -5106,21 +5105,21 @@ net/http
 golang.org/x/sys/unix
 github.com/sirupsen/logrus
 golang.org/x/time/rate
-log/slog/internal/buffer
-log/slog
 github.com/gorilla/mux
 github.com/gorilla/websocket
-github.com/go-logr/logr
+log/slog/internal/buffer
+log/slog
 k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock
 k8s.io/klog/v2/internal/dbg
-k8s.io/klog/v2/internal/serialize
-k8s.io/klog/v2/internal/sloghandler
 k8s.io/utils/clock
-k8s.io/klog/v2
 net/http/cookiejar
 github.com/gogo/protobuf/proto
+github.com/go-logr/logr
+k8s.io/klog/v2/internal/serialize
+k8s.io/klog/v2/internal/sloghandler
+k8s.io/klog/v2
 k8s.io/apimachinery/pkg/util/runtime
 k8s.io/apimachinery/pkg/util/wait
 k8s.io/client-go/util/workqueue
@@ -5132,31 +5131,31 @@ gopkg.in/inf.v0
 k8s.io/apimachinery/third_party/forked/golang/reflect
 k8s.io/apimachinery/pkg/conversion
 k8s.io/apimachinery/pkg/fields
-k8s.io/apimachinery/pkg/util/sets
-k8s.io/apimachinery/pkg/util/errors
-k8s.io/apimachinery/pkg/util/validation/field
 k8s.io/apimachinery/pkg/api/resource
+k8s.io/apimachinery/pkg/util/sets
 k8s.io/utils/internal/third_party/forked/golang/net
 k8s.io/utils/net
-k8s.io/apimachinery/pkg/util/validation
-k8s.io/apimachinery/pkg/labels
 go/token
 go/scanner
-go/doc/comment
 go/ast
+k8s.io/apimachinery/pkg/util/errors
+k8s.io/apimachinery/pkg/util/validation/field
+k8s.io/apimachinery/pkg/util/validation
+k8s.io/apimachinery/pkg/labels
+go/doc/comment
 internal/lazyregexp
 go/build/constraint
-k8s.io/apimachinery/pkg/conversion/queryparams
-k8s.io/apimachinery/pkg/runtime/schema
-sigs.k8s.io/json/internal/golang/encoding/json
-go/doc
 go/internal/typeparams
 go/parser
-sigs.k8s.io/json
-k8s.io/apimachinery/pkg/util/json
+go/doc
+k8s.io/apimachinery/pkg/conversion/queryparams
+k8s.io/apimachinery/pkg/runtime/schema
 k8s.io/apimachinery/pkg/util/naming
+sigs.k8s.io/json/internal/golang/encoding/json
 github.com/modern-go/concurrent
 github.com/modern-go/reflect2
+sigs.k8s.io/json
+k8s.io/apimachinery/pkg/util/json
 gopkg.in/yaml.v2
 github.com/json-iterator/go
 k8s.io/apimachinery/pkg/util/intstr
@@ -5164,20 +5163,20 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/secure/bidirule
 golang.org/x/text/unicode/norm
-golang.org/x/net/idna
 sigs.k8s.io/structured-merge-diff/v4/value
+golang.org/x/net/idna
+k8s.io/apimachinery/pkg/runtime
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2
-k8s.io/apimachinery/pkg/runtime
 k8s.io/apimachinery/pkg/runtime/serializer/recognizer
 k8s.io/apimachinery/pkg/util/framer
 sigs.k8s.io/yaml/goyaml.v2
 k8s.io/apimachinery/pkg/util/net
-k8s.io/apimachinery/pkg/watch
-k8s.io/apimachinery/pkg/apis/meta/v1
 sigs.k8s.io/yaml
+k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/pkg/util/yaml
 k8s.io/apimachinery/pkg/runtime/serializer/json
+k8s.io/apimachinery/pkg/apis/meta/v1
 k8s.io/apimachinery/pkg/runtime/serializer/streaming
 k8s.io/apimachinery/pkg/version
 k8s.io/client-go/pkg/version
@@ -5202,6 +5201,11 @@ google.golang.org/protobuf/reflect/protoreflect
 google.golang.org/protobuf/internal/encoding/messageset
 google.golang.org/protobuf/internal/strs
 google.golang.org/protobuf/internal/encoding/text
+google.golang.org/protobuf/internal/genid
+google.golang.org/protobuf/internal/order
+google.golang.org/protobuf/reflect/protoregistry
+google.golang.org/protobuf/runtime/protoiface
+google.golang.org/protobuf/proto
 github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
 k8s.io/apimachinery/pkg/runtime/serializer/protobuf
 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured
@@ -5212,47 +5216,42 @@ k8s.io/client-go/pkg/apis/clientauthentication/v1
 k8s.io/apimachinery/pkg/runtime/serializer
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/scheme
-k8s.io/client-go/pkg/apis/clientauthentication/install
 k8s.io/client-go/rest/watch
+google.golang.org/protobuf/encoding/prototext
+k8s.io/client-go/pkg/apis/clientauthentication/install
 k8s.io/client-go/plugin/pkg/client/auth/exec
-google.golang.org/protobuf/internal/genid
-google.golang.org/protobuf/internal/order
-google.golang.org/protobuf/reflect/protoregistry
 k8s.io/client-go/rest
-google.golang.org/protobuf/runtime/protoiface
-google.golang.org/protobuf/proto
-google.golang.org/protobuf/encoding/prototext
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 google.golang.org/protobuf/internal/editiondefaults
 google.golang.org/protobuf/internal/encoding/defval
 google.golang.org/protobuf/internal/descfmt
 google.golang.org/protobuf/internal/descopts
+google.golang.org/protobuf/internal/filedesc
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 google.golang.org/protobuf/internal/version
 gopkg.in/yaml.v3
-google.golang.org/protobuf/internal/filedesc
 google.golang.org/protobuf/internal/encoding/tag
 google.golang.org/protobuf/internal/impl
 github.com/google/gnostic-models/jsonschema
 k8s.io/api/apidiscovery/v2beta1
 k8s.io/api/admissionregistration/v1
 k8s.io/api/admissionregistration/v1alpha1
-k8s.io/api/admissionregistration/v1beta1
 google.golang.org/protobuf/internal/filetype
+k8s.io/api/admissionregistration/v1beta1
 google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/descriptorpb
+google.golang.org/protobuf/types/gofeaturespb
+google.golang.org/protobuf/reflect/protodesc
 google.golang.org/protobuf/types/known/anypb
+github.com/golang/protobuf/proto
 github.com/golang/protobuf/ptypes/any
 google.golang.org/protobuf/types/known/durationpb
 github.com/golang/protobuf/ptypes/duration
 google.golang.org/protobuf/types/known/timestamppb
-google.golang.org/protobuf/types/gofeaturespb
-google.golang.org/protobuf/reflect/protodesc
 github.com/golang/protobuf/ptypes/timestamp
 k8s.io/api/apiserverinternal/v1alpha1
-k8s.io/api/core/v1
-github.com/golang/protobuf/proto
 github.com/golang/protobuf/ptypes
 github.com/google/gnostic-models/extensions
+k8s.io/api/core/v1
 github.com/google/gnostic-models/compiler
 github.com/google/gnostic-models/openapiv2
 k8s.io/api/authentication/v1
@@ -5268,6 +5267,8 @@ k8s.io/api/flowcontrol/v1beta1
 k8s.io/api/flowcontrol/v1beta2
 k8s.io/api/flowcontrol/v1beta3
 k8s.io/api/networking/v1alpha1
+k8s.io/api/policy/v1
+k8s.io/api/policy/v1beta1
 k8s.io/api/apps/v1
 k8s.io/api/apps/v1beta1
 k8s.io/api/apps/v1beta2
@@ -5277,8 +5278,8 @@ k8s.io/api/autoscaling/v2beta1
 k8s.io/api/autoscaling/v2beta2
 k8s.io/api/batch/v1
 k8s.io/api/certificates/v1
-k8s.io/api/certificates/v1beta1
 k8s.io/api/batch/v1beta1
+k8s.io/api/certificates/v1beta1
 k8s.io/api/discovery/v1
 k8s.io/api/discovery/v1beta1
 k8s.io/api/events/v1
@@ -5289,8 +5290,6 @@ k8s.io/api/networking/v1beta1
 k8s.io/api/node/v1
 k8s.io/api/node/v1alpha1
 k8s.io/api/node/v1beta1
-k8s.io/api/policy/v1
-k8s.io/api/policy/v1beta1
 k8s.io/api/rbac/v1
 k8s.io/api/rbac/v1alpha1
 k8s.io/api/rbac/v1beta1
@@ -5317,10 +5316,10 @@ github.com/go-openapi/jsonreference/internal
 github.com/go-openapi/jsonreference
 encoding/base32
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
-k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/util/proto
-k8s.io/kube-openapi/pkg/validation/spec
+k8s.io/kube-openapi/pkg/internal
 sigs.k8s.io/structured-merge-diff/v4/schema
+k8s.io/kube-openapi/pkg/validation/spec
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 sigs.k8s.io/structured-merge-diff/v4/typed
 k8s.io/kube-openapi/pkg/schemaconv
@@ -5341,10 +5340,10 @@ github.com/gogo/protobuf/protoc-gen-gogo/descriptor
 k8s.io/kube-openapi/pkg/common
 k8s.io/kube-openapi/pkg/handler3
 github.com/gogo/protobuf/gogoproto
-k8s.io/client-go/openapi
 go.etcd.io/etcd/api/v3/authpb
-k8s.io/client-go/discovery
+k8s.io/client-go/openapi
 go.etcd.io/etcd/api/v3/membershippb
+k8s.io/client-go/discovery
 go.etcd.io/etcd/api/v3/mvccpb
 google.golang.org/genproto/googleapis/api
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
@@ -5369,9 +5368,9 @@ google.golang.org/grpc/metadata
 google.golang.org/grpc/balancer
 google.golang.org/grpc/balancer/base
 google.golang.org/grpc/internal/grpcrand
+html/template
 google.golang.org/grpc/balancer/roundrobin
 google.golang.org/grpc/codes
-html/template
 google.golang.org/grpc/credentials/insecure
 google.golang.org/grpc/internal/envconfig
 google.golang.org/grpc/internal/grpcutil
@@ -5382,8 +5381,8 @@ google.golang.org/grpc/internal/balancer/gracefulswitch
 google.golang.org/grpc/internal/balancerload
 google.golang.org/grpc/binarylog/grpc_binarylog_v1
 google.golang.org/genproto/googleapis/rpc/status
-google.golang.org/grpc/internal/status
 golang.org/x/net/trace
+google.golang.org/grpc/internal/status
 google.golang.org/grpc/status
 google.golang.org/grpc/internal/binarylog
 google.golang.org/grpc/internal/buffer
@@ -5395,24 +5394,24 @@ google.golang.org/grpc/internal/serviceconfig
 google.golang.org/grpc/internal/resolver
 google.golang.org/grpc/internal/resolver/passthrough
 google.golang.org/grpc/internal/transport/networktype
-google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/resolver/unix
 google.golang.org/grpc/internal/syscall
+google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/keepalive
 google.golang.org/grpc/peer
 google.golang.org/grpc/stats
 google.golang.org/grpc/tap
 net/http/httputil
 google.golang.org/grpc/balancer/grpclb/state
+github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/internal/resolver/dns/internal
 google.golang.org/grpc/internal/resolver/dns
-github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/resolver/dns
 go.etcd.io/etcd/api/v3/v3rpc/rpctypes
 github.com/coreos/go-semver/semver
+google.golang.org/grpc/internal/pretty
 go.etcd.io/etcd/api/v3/version
 github.com/coreos/go-systemd/v22/journal
-google.golang.org/grpc/internal/pretty
 google.golang.org/grpc/internal/transport
 go.etcd.io/etcd/client/pkg/v3/systemd
 go.uber.org/multierr
@@ -5440,8 +5439,8 @@ github.com/noironetworks/aci-containers/pkg/netflowpolicy/clientset/versioned
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/function
 github.com/google/go-cmp/cmp/internal/value
-github.com/google/go-cmp/cmp
 go.etcd.io/etcd/api/v3/etcdserverpb
+github.com/google/go-cmp/cmp
 k8s.io/apimachinery/pkg/util/cache
 k8s.io/apimachinery/pkg/util/diff
 k8s.io/client-go/tools/cache/synctrack
@@ -5473,19 +5472,19 @@ github.com/prometheus/client_golang/prometheus/promhttp
 github.com/noironetworks/aci-containers/pkg/gbpserver/watchers
 golang.org/x/net/context
 github.com/grpc-ecosystem/go-grpc-prometheus
-github.com/golang/protobuf/protoc-gen-go/descriptor
-github.com/golang/protobuf/descriptor
 github.com/noironetworks/aci-containers/pkg/gbpserver/stateinit
+github.com/golang/protobuf/protoc-gen-go/descriptor
 google.golang.org/protobuf/types/known/wrapperspb
+github.com/golang/protobuf/descriptor
 github.com/grpc-ecosystem/grpc-gateway/internal
-github.com/grpc-ecosystem/grpc-gateway/utilities
 github.com/golang/protobuf/ptypes/wrappers
+github.com/grpc-ecosystem/grpc-gateway/utilities
 google.golang.org/genproto/googleapis/api/httpbody
 google.golang.org/protobuf/types/known/fieldmaskpb
 github.com/soheilhy/cmux
 google.golang.org/genproto/protobuf/field_mask
-github.com/grpc-ecosystem/grpc-gateway/runtime
 github.com/tmc/grpc-websocket-proxy/wsproxy
+github.com/grpc-ecosystem/grpc-gateway/runtime
 go.etcd.io/bbolt
 go.etcd.io/etcd/api/v3/etcdserverpb/gw
 go.etcd.io/etcd/client/pkg/v3/srv
@@ -5507,21 +5506,21 @@ go.opentelemetry.io/otel/internal/attribute
 go.opentelemetry.io/otel/attribute
 go.opentelemetry.io/otel/semconv/v1.17.0
 go.etcd.io/etcd/pkg/v3/flags
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal
 github.com/go-logr/logr/funcr
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/internal
 go.opentelemetry.io/otel/codes
 go.opentelemetry.io/otel/metric
 github.com/go-logr/stdr
 go.opentelemetry.io/otel/internal/baggage
-go.opentelemetry.io/otel/trace
 go.opentelemetry.io/otel/baggage
+go.opentelemetry.io/otel/trace
 github.com/dustin/go-humanize
 go.opentelemetry.io/otel/propagation
 go.etcd.io/etcd/pkg/v3/contention
 go.etcd.io/etcd/pkg/v3/idutil
 go.etcd.io/etcd/pkg/v3/pbutil
-go.etcd.io/etcd/pkg/v3/schedule
 go.opentelemetry.io/otel/internal/global
+go.etcd.io/etcd/pkg/v3/schedule
 go.etcd.io/etcd/pkg/v3/traceutil
 go.etcd.io/etcd/pkg/v3/wait
 go.etcd.io/etcd/raft/v3/quorum
@@ -5529,19 +5528,19 @@ go.etcd.io/etcd/raft/v3/raftpb
 go.opentelemetry.io/otel
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
 go.etcd.io/etcd/raft/v3/tracker
-go.etcd.io/etcd/raft/v3/confchange
 go.etcd.io/etcd/server/v3/config
-go.etcd.io/etcd/raft/v3
+go.etcd.io/etcd/raft/v3/confchange
 github.com/golang-jwt/jwt/v4
+go.etcd.io/etcd/raft/v3
 go.etcd.io/etcd/pkg/v3/adt
 go.etcd.io/etcd/server/v3/mvcc/backend
 golang.org/x/crypto/blowfish
 golang.org/x/crypto/bcrypt
 go.etcd.io/etcd/server/v3/etcdserver/api/v2error
 github.com/jonboulle/clockwork
+go.etcd.io/etcd/server/v3/etcdserver/api/v2store
 go.etcd.io/etcd/server/v3/mvcc/buckets
 go.etcd.io/etcd/server/v3/auth
-go.etcd.io/etcd/server/v3/etcdserver/api/v2store
 go.etcd.io/etcd/server/v3/etcdserver/api/membership
 github.com/xiang90/probing
 go.etcd.io/etcd/pkg/v3/ioutil
@@ -5558,19 +5557,19 @@ go.etcd.io/etcd/server/v3/etcdserver/api/v2http/httptypes
 go.etcd.io/etcd/server/v3/etcdserver/api/v3alarm
 github.com/google/btree
 go.etcd.io/etcd/server/v3/lease/leasepb
-go.etcd.io/etcd/server/v3/etcdserver/cindex
 go.etcd.io/etcd/server/v3/lease
+go.etcd.io/etcd/server/v3/etcdserver/cindex
 go.etcd.io/etcd/pkg/v3/crc
 go.etcd.io/etcd/server/v3/wal
 go.etcd.io/etcd/server/v3/mvcc
 go.etcd.io/etcd/server/v3/lease/leasehttp
 go.etcd.io/etcd/client/v3/concurrency
 github.com/grpc-ecosystem/go-grpc-middleware
+go.etcd.io/etcd/server/v3/etcdserver/api/v3compactor
 google.golang.org/grpc/health/grpc_health_v1
+go.etcd.io/etcd/server/v3/etcdserver
 google.golang.org/grpc/health
 go.etcd.io/etcd/server/v3/etcdserver/api/v3election/v3electionpb
-go.etcd.io/etcd/server/v3/etcdserver/api/v3compactor
-go.etcd.io/etcd/server/v3/etcdserver
 go.etcd.io/etcd/server/v3/etcdserver/api/v3lock/v3lockpb
 go.etcd.io/etcd/server/v3/proxy/grpcproxy/adapter
 go.etcd.io/etcd/server/v3/etcdserver/api/v3election
@@ -5580,32 +5579,32 @@ go.etcd.io/etcd/server/v3/etcdserver/api/v3lock/v3lockpb/gw
 go.etcd.io/etcd/server/v3/verify
 go.opentelemetry.io/otel/semconv/v1.24.0
 go.opentelemetry.io/otel/sdk/resource
+go.opentelemetry.io/otel/sdk/internal
+go.opentelemetry.io/otel/sdk/internal/env
+go.opentelemetry.io/otel/trace/noop
+go.opentelemetry.io/otel/sdk/trace
 go.etcd.io/etcd/server/v3/etcdserver/api/etcdhttp
 go.etcd.io/etcd/server/v3/etcdserver/api/v2auth
 go.etcd.io/etcd/server/v3/etcdserver/api/v2v3
 go.etcd.io/etcd/server/v3/etcdserver/api/v2http
 go.etcd.io/etcd/server/v3/etcdserver/api/v3rpc
-go.opentelemetry.io/otel/sdk/internal
-go.opentelemetry.io/otel/sdk/internal/env
-go.opentelemetry.io/otel/trace/noop
-go.opentelemetry.io/otel/sdk/trace
 go.opentelemetry.io/proto/otlp/common/v1
-go.etcd.io/etcd/server/v3/etcdserver/api/v3client
 go.opentelemetry.io/proto/otlp/resource/v1
 go.opentelemetry.io/proto/otlp/trace/v1
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
+go.opentelemetry.io/otel/exporters/otlp/otlptrace
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig
 github.com/cenkalti/backoff/v4
-go.opentelemetry.io/otel/exporters/otlp/otlptrace
+go.etcd.io/etcd/server/v3/etcdserver/api/v3client
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
 google.golang.org/grpc/encoding/gzip
-github.com/grpc-ecosystem/grpc-gateway/v2/utilities
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
+github.com/grpc-ecosystem/grpc-gateway/v2/utilities
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 google.golang.org/protobuf/types/known/structpb
-github.com/grpc-ecosystem/grpc-gateway/v2/runtime
 google.golang.org/genproto/googleapis/rpc/errdetails
+github.com/grpc-ecosystem/grpc-gateway/v2/runtime
 go.opentelemetry.io/otel/semconv/internal
 go.opentelemetry.io/otel/semconv/v1.4.0
 gopkg.in/natefinch/lumberjack.v2
@@ -5619,9 +5618,9 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
 go.etcd.io/etcd/server/v3/embed
 go.opentelemetry.io/otel/exporters/prometheus
 github.com/noironetworks/aci-containers/cmd/gbpserver
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:24:52.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:24:52.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:24:52.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:24:52.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-operator github.com/noironetworks/aci-containers/cmd/acicontainersoperator
-internal/goarch
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:35:01.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:35:01.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:35:01.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:35:01.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-operator github.com/noironetworks/aci-containers/cmd/acicontainersoperator
 internal/unsafeheader
+internal/goarch
 internal/cpu
 internal/abi
 internal/bytealg
@@ -5634,8 +5633,8 @@ internal/goos
 internal/profilerecord
 internal/runtime/atomic
 internal/runtime/syscall
-internal/runtime/exithook
 internal/stringslite
+internal/runtime/exithook
 runtime/internal/math
 runtime/internal/sys
 cmp
@@ -5733,11 +5732,11 @@ syscall
 reflect
 time
 io/fs
-internal/fmtsort
 internal/filepathlite
 internal/syscall/unix
-internal/syscall/execenv
+internal/fmtsort
 internal/poll
+internal/syscall/execenv
 internal/testlog
 context
 bytes
@@ -5745,8 +5744,8 @@ os
 encoding/binary
 encoding/base64
 strings
-bufio
 fmt
+bufio
 sort
 github.com/gogo/protobuf/sortkeys
 math/rand
@@ -5754,8 +5753,8 @@ encoding/json
 log
 github.com/google/gofuzz/bytesource
 regexp/syntax
-regexp
 github.com/gogo/protobuf/proto
+regexp
 github.com/google/gofuzz
 math/big
 gopkg.in/inf.v0
@@ -5769,11 +5768,11 @@ vendor/golang.org/x/net/dns/dnsmessage
 k8s.io/apimachinery/pkg/api/resource
 internal/singleflight
 math/rand/v2
-internal/concurrent
 internal/weak
+flag
+internal/concurrent
 unique
 net/netip
-flag
 log/slog/internal/buffer
 log/slog
 net
@@ -5796,8 +5795,8 @@ k8s.io/apimachinery/pkg/util/validation
 go/doc/comment
 k8s.io/apimachinery/pkg/labels
 internal/lazyregexp
-go/build/constraint
 go/doc
+go/build/constraint
 go/internal/typeparams
 go/parser
 net/url
@@ -5811,46 +5810,46 @@ hash
 hash/crc32
 compress/gzip
 crypto
-sigs.k8s.io/json
 crypto/cipher
+sigs.k8s.io/json
 k8s.io/apimachinery/pkg/util/json
 crypto/internal/randutil
-crypto/internal/edwards25519/field
 crypto/internal/boring
+crypto/des
 crypto/rand
 crypto/aes
-crypto/des
+crypto/internal/edwards25519/field
 crypto/internal/nistec/fiat
 embed
 crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
-crypto/internal/nistec
 vendor/golang.org/x/crypto/cryptobyte
+crypto/internal/nistec
 crypto/internal/edwards25519
-crypto/ecdh
-crypto/elliptic
 crypto/ed25519
 crypto/hmac
+crypto/ecdh
+crypto/elliptic
 vendor/golang.org/x/crypto/chacha20
-crypto/ecdsa
 vendor/golang.org/x/crypto/internal/poly1305
+crypto/ecdsa
 vendor/golang.org/x/sys/cpu
-vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/chacha20poly1305
+vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/sha3
-crypto/internal/mlkem768
 crypto/internal/hpke
 crypto/md5
+crypto/internal/mlkem768
 crypto/rc4
 crypto/rsa
 crypto/sha1
 crypto/sha256
 crypto/dsa
 encoding/hex
-crypto/x509/pkix
 encoding/pem
+crypto/x509/pkix
 vendor/golang.org/x/text/transform
 crypto/x509
 vendor/golang.org/x/text/unicode/bidi
@@ -5884,8 +5883,8 @@ k8s.io/apimachinery/pkg/runtime
 golang.org/x/text/secure/bidirule
 golang.org/x/text/unicode/norm
 golang.org/x/net/idna
-golang.org/x/net/http/httpguts
 golang.org/x/net/http2/hpack
+golang.org/x/net/http/httpguts
 k8s.io/apimachinery/pkg/runtime/serializer/recognizer
 k8s.io/apimachinery/pkg/util/framer
 golang.org/x/net/http2
@@ -5925,18 +5924,18 @@ k8s.io/client-go/pkg/apis/clientauthentication/v1
 k8s.io/apimachinery/pkg/runtime/serializer
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
 github.com/noironetworks/aci-containers/pkg/accprovisioninput/clientset/versioned/scheme
+k8s.io/client-go/pkg/apis/clientauthentication/install
 k8s.io/client-go/rest/watch
+k8s.io/client-go/plugin/pkg/client/auth/exec
 k8s.io/client-go/util/keyutil
-k8s.io/client-go/pkg/apis/clientauthentication/install
 k8s.io/client-go/util/cert
-k8s.io/client-go/plugin/pkg/client/auth/exec
 k8s.io/utils/clock/testing
-k8s.io/client-go/util/flowcontrol
 hash/fnv
-k8s.io/client-go/rest
 google.golang.org/protobuf/internal/detrand
+k8s.io/client-go/util/flowcontrol
 google.golang.org/protobuf/internal/errors
 google.golang.org/protobuf/encoding/protowire
+k8s.io/client-go/rest
 google.golang.org/protobuf/internal/pragma
 google.golang.org/protobuf/reflect/protoreflect
 google.golang.org/protobuf/internal/encoding/messageset
@@ -5993,6 +5992,8 @@ k8s.io/api/flowcontrol/v1
 k8s.io/api/flowcontrol/v1beta1
 k8s.io/api/flowcontrol/v1beta2
 k8s.io/api/flowcontrol/v1beta3
+k8s.io/api/networking/v1alpha1
+k8s.io/api/policy/v1
 k8s.io/api/apps/v1
 k8s.io/api/apps/v1beta1
 k8s.io/api/apps/v1beta2
@@ -6001,21 +6002,19 @@ k8s.io/api/autoscaling/v2
 k8s.io/api/autoscaling/v2beta1
 k8s.io/api/autoscaling/v2beta2
 k8s.io/api/batch/v1
+k8s.io/api/batch/v1beta1
 k8s.io/api/certificates/v1
 k8s.io/api/certificates/v1beta1
-k8s.io/api/batch/v1beta1
 k8s.io/api/discovery/v1
 k8s.io/api/discovery/v1beta1
 k8s.io/api/events/v1
 k8s.io/api/events/v1beta1
 k8s.io/api/extensions/v1beta1
 k8s.io/api/networking/v1
-k8s.io/api/networking/v1alpha1
 k8s.io/api/networking/v1beta1
 k8s.io/api/node/v1
 k8s.io/api/node/v1alpha1
 k8s.io/api/node/v1beta1
-k8s.io/api/policy/v1
 k8s.io/api/policy/v1beta1
 k8s.io/api/rbac/v1
 k8s.io/api/rbac/v1alpha1
@@ -6031,8 +6030,8 @@ k8s.io/apimachinery/pkg/api/meta
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/apis/meta/v1/validation
 k8s.io/apimachinery/pkg/api/validation
-github.com/google/gnostic-models/openapiv3
 k8s.io/client-go/kubernetes/scheme
+github.com/google/gnostic-models/openapiv3
 github.com/josharian/intern
 github.com/mailru/easyjson/jlexer
 github.com/mailru/easyjson/buffer
@@ -6045,15 +6044,15 @@ encoding/base32
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
 k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/internal
-sigs.k8s.io/structured-merge-diff/v4/schema
 k8s.io/kube-openapi/pkg/validation/spec
+sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 sigs.k8s.io/structured-merge-diff/v4/typed
 k8s.io/kube-openapi/pkg/schemaconv
 sigs.k8s.io/structured-merge-diff/v4/merge
 database/sql/driver
-k8s.io/apimachinery/pkg/util/managedfields/internal
 github.com/google/uuid
+k8s.io/apimachinery/pkg/util/managedfields/internal
 github.com/munnerz/goautoneg
 k8s.io/kube-openapi/pkg/cached
 hash/adler32
@@ -6073,32 +6072,32 @@ golang.org/x/net/proxy
 github.com/gorilla/websocket
 k8s.io/client-go/openapi
 k8s.io/client-go/discovery
-github.com/sirupsen/logrus
 github.com/noironetworks/aci-containers/pkg/accprovisioninput/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/acicontainersoperator/clientset/versioned
+github.com/sirupsen/logrus
 net/http/cookiejar
 github.com/noironetworks/aci-containers/pkg/erspanpolicy/apis/aci.erspan/v1alpha
 github.com/noironetworks/aci-containers/pkg/erspanpolicy/clientset/versioned/scheme
-github.com/noironetworks/aci-containers/pkg/apicapi
 github.com/noironetworks/aci-containers/pkg/erspanpolicy/clientset/versioned/typed/aci.erspan/v1alpha
+github.com/noironetworks/aci-containers/pkg/apicapi
 github.com/noironetworks/aci-containers/pkg/erspanpolicy/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/fabricattachment/apis/aci.fabricattachment/v1
 k8s.io/client-go/applyconfigurations/meta/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/applyconfiguration/aci.fabricattachment/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned/typed/aci.fabricattachment/v1
-github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/fabricattachment/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/gbpcrd/apis/acipolicy/v1
 github.com/gorilla/mux
 github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/scheme
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 github.com/eapache/go-resiliency/breaker
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned/typed/acipolicy/v1
 github.com/golang/snappy
 github.com/eapache/go-xerial-snappy
 github.com/hashicorp/errwrap
-github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
 github.com/hashicorp/go-multierror
 github.com/jcmturner/gofork/encoding/asn1
+github.com/noironetworks/aci-containers/pkg/gbpcrd/clientset/versioned
 github.com/jcmturner/dnsutils/v2
 internal/saferio
 encoding/gob
@@ -6116,24 +6115,24 @@ github.com/jcmturner/gokrb5/v8/crypto/rfc4757
 golang.org/x/crypto/pbkdf2
 github.com/jcmturner/gokrb5/v8/crypto/rfc8009
 github.com/jcmturner/gokrb5/v8/types
+github.com/jcmturner/gokrb5/v8/crypto
 github.com/jcmturner/gokrb5/v8/iana/errorcode
 github.com/jcmturner/gokrb5/v8/krberror
 github.com/jcmturner/rpc/v2/ndr
-github.com/jcmturner/gokrb5/v8/crypto
 github.com/jcmturner/gokrb5/v8/keytab
-github.com/jcmturner/rpc/v2/mstypes
 github.com/jcmturner/gokrb5/v8/credentials
-github.com/jcmturner/gokrb5/v8/pac
+github.com/jcmturner/rpc/v2/mstypes
 github.com/jcmturner/gokrb5/v8/gssapi
-github.com/jcmturner/gokrb5/v8/messages
+github.com/jcmturner/gokrb5/v8/pac
 github.com/klauspost/compress/fse
+github.com/jcmturner/gokrb5/v8/messages
 github.com/klauspost/compress/huff0
 github.com/jcmturner/gokrb5/v8/kadmin
 github.com/jcmturner/gokrb5/v8/client
 github.com/klauspost/compress/internal/snapref
 github.com/klauspost/compress/zstd/internal/xxhash
-github.com/pierrec/lz4/v4/internal/lz4block
 github.com/klauspost/compress/zstd
+github.com/pierrec/lz4/v4/internal/lz4block
 github.com/pierrec/lz4/v4/internal/xxh32
 github.com/pierrec/lz4/v4/internal/lz4stream
 github.com/pierrec/lz4/v4
@@ -6165,20 +6164,20 @@ google.golang.org/grpc/credentials
 google.golang.org/grpc/resolver
 google.golang.org/grpc/internal
 google.golang.org/grpc/internal/channelz
+github.com/noironetworks/aci-containers/pkg/gbpserver/kafkac
 google.golang.org/grpc/channelz
 google.golang.org/grpc/metadata
 google.golang.org/grpc/balancer
 google.golang.org/grpc/balancer/base
-github.com/noironetworks/aci-containers/pkg/gbpserver/kafkac
 google.golang.org/grpc/internal/grpcrand
-google.golang.org/grpc/balancer/roundrobin
 google.golang.org/grpc/codes
+google.golang.org/grpc/balancer/roundrobin
 google.golang.org/grpc/credentials/insecure
 google.golang.org/grpc/internal/envconfig
-google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/internal/backoff
-google.golang.org/grpc/encoding
+google.golang.org/grpc/internal/grpcutil
 google.golang.org/grpc/internal/balancer/gracefulswitch
+google.golang.org/grpc/encoding
 google.golang.org/grpc/encoding/proto
 google.golang.org/grpc/internal/balancerload
 google.golang.org/grpc/binarylog/grpc_binarylog_v1
@@ -6186,27 +6185,27 @@ google.golang.org/genproto/googleapis/rpc/status
 google.golang.org/grpc/internal/status
 google.golang.org/grpc/status
 google.golang.org/grpc/internal/buffer
-google.golang.org/grpc/internal/binarylog
 google.golang.org/grpc/internal/grpcsync
+google.golang.org/grpc/internal/binarylog
 google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
 google.golang.org/protobuf/internal/encoding/json
 google.golang.org/grpc/internal/serviceconfig
 google.golang.org/grpc/internal/resolver
+google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/internal/resolver/passthrough
 google.golang.org/grpc/internal/transport/networktype
 google.golang.org/grpc/internal/resolver/unix
 google.golang.org/grpc/internal/syscall
-google.golang.org/protobuf/encoding/protojson
 google.golang.org/grpc/keepalive
 google.golang.org/grpc/peer
 google.golang.org/grpc/stats
 google.golang.org/grpc/tap
 net/http/httputil
+github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/balancer/grpclb/state
 google.golang.org/grpc/internal/resolver/dns/internal
 google.golang.org/grpc/internal/resolver/dns
-github.com/golang/protobuf/jsonpb
 google.golang.org/grpc/resolver/dns
 go.etcd.io/etcd/api/v3/v3rpc/rpctypes
 github.com/coreos/go-semver/semver
@@ -6240,8 +6239,8 @@ github.com/noironetworks/aci-containers/pkg/netflowpolicy/clientset/versioned
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/function
 github.com/google/go-cmp/cmp/internal/value
-go.etcd.io/etcd/api/v3/etcdserverpb
 github.com/google/go-cmp/cmp
+go.etcd.io/etcd/api/v3/etcdserverpb
 k8s.io/apimachinery/pkg/util/cache
 k8s.io/apimachinery/pkg/util/diff
 k8s.io/client-go/tools/cache/synctrack
@@ -6263,6 +6262,7 @@ github.com/noironetworks/aci-containers/pkg/nodeinfo/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned/typed/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/nodeinfo/clientset/versioned
+go.etcd.io/etcd/client/v3
 github.com/noironetworks/aci-containers/pkg/nodepodif/apis/acipolicy/v1
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/nodepodif/clientset/versioned/typed/acipolicy/v1
@@ -6272,13 +6272,14 @@ github.com/noironetworks/aci-containers/pkg/proactiveconf/applyconfiguration/aci
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned/typed/aci.pc/v1
 github.com/noironetworks/aci-containers/pkg/proactiveconf/clientset/versioned
-go.etcd.io/etcd/client/v3
 github.com/noironetworks/aci-containers/pkg/qospolicy/apis/aci.qos/v1
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned/typed/aci.qos/v1
 github.com/noironetworks/aci-containers/pkg/qospolicy/clientset/versioned
+github.com/noironetworks/aci-containers/pkg/objdb
 github.com/noironetworks/aci-containers/pkg/rdconfig/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/scheme
+github.com/noironetworks/aci-containers/pkg/gbpserver
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned/typed/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/rdconfig/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatglobalinfo/apis/aci.snat/v1
@@ -6288,9 +6289,7 @@ github.com/noironetworks/aci-containers/pkg/snatglobalinfo/clientset/versioned
 github.com/noironetworks/aci-containers/pkg/snatpolicy/apis/aci.snat/v1
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned/scheme
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned/typed/aci.snat/v1
-github.com/noironetworks/aci-containers/pkg/objdb
 github.com/noironetworks/aci-containers/pkg/snatpolicy/clientset/versioned
-github.com/noironetworks/aci-containers/pkg/gbpserver
 k8s.io/client-go/applyconfigurations/internal
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1
@@ -6298,10 +6297,10 @@ k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
+github.com/noironetworks/aci-containers/pkg/gbpserver/watchers
 k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
 k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
 k8s.io/client-go/applyconfigurations/core/v1
-github.com/noironetworks/aci-containers/pkg/gbpserver/watchers
 k8s.io/client-go/applyconfigurations/autoscaling/v1
 k8s.io/client-go/kubernetes/typed/authentication/v1
 k8s.io/client-go/kubernetes/typed/authentication/v1alpha1
@@ -6312,31 +6311,31 @@ k8s.io/client-go/kubernetes/typed/autoscaling/v1
 k8s.io/client-go/applyconfigurations/autoscaling/v2
 k8s.io/client-go/kubernetes/typed/autoscaling/v2
 k8s.io/client-go/applyconfigurations/autoscaling/v2beta1
+k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1
+k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
+k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
 k8s.io/client-go/applyconfigurations/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta1
-k8s.io/client-go/kubernetes/typed/apps/v1
 k8s.io/client-go/kubernetes/typed/apps/v1beta1
+k8s.io/client-go/kubernetes/typed/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta2
-k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1
-k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
-k8s.io/client-go/kubernetes/typed/apps/v1beta2
-k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
 k8s.io/client-go/applyconfigurations/batch/v1
-k8s.io/client-go/applyconfigurations/certificates/v1
+k8s.io/client-go/kubernetes/typed/apps/v1beta2
 k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/applyconfigurations/batch/v1beta1
-k8s.io/client-go/kubernetes/typed/certificates/v1
+k8s.io/client-go/applyconfigurations/certificates/v1
 k8s.io/client-go/kubernetes/typed/batch/v1beta1
+k8s.io/client-go/kubernetes/typed/certificates/v1
 k8s.io/client-go/applyconfigurations/certificates/v1alpha1
-k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
 k8s.io/client-go/applyconfigurations/certificates/v1beta1
-k8s.io/client-go/applyconfigurations/coordination/v1
+k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
 k8s.io/client-go/kubernetes/typed/certificates/v1beta1
-k8s.io/client-go/kubernetes/typed/coordination/v1
+k8s.io/client-go/applyconfigurations/coordination/v1
 k8s.io/client-go/applyconfigurations/coordination/v1beta1
+k8s.io/client-go/kubernetes/typed/coordination/v1
+k8s.io/client-go/kubernetes/typed/coordination/v1beta1
 k8s.io/client-go/tools/reference
 k8s.io/client-go/kubernetes/typed/core/v1
-k8s.io/client-go/kubernetes/typed/coordination/v1beta1
 k8s.io/client-go/applyconfigurations/discovery/v1
 k8s.io/client-go/kubernetes/typed/discovery/v1
 k8s.io/client-go/applyconfigurations/discovery/v1beta1
@@ -6344,12 +6343,12 @@ k8s.io/client-go/kubernetes/typed/discovery/v1beta1
 k8s.io/client-go/applyconfigurations/events/v1
 k8s.io/client-go/kubernetes/typed/events/v1
 k8s.io/client-go/applyconfigurations/events/v1beta1
-k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/events/v1beta1
+k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1
-k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
+k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
@@ -6361,8 +6360,8 @@ k8s.io/client-go/kubernetes/typed/networking/v1alpha1
 k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1beta1
 k8s.io/client-go/applyconfigurations/node/v1
-k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/kubernetes/typed/networking/v1beta1
+k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/applyconfigurations/node/v1alpha1
 k8s.io/client-go/applyconfigurations/node/v1beta1
 k8s.io/client-go/kubernetes/typed/node/v1alpha1
@@ -6373,8 +6372,8 @@ k8s.io/client-go/kubernetes/typed/policy/v1
 k8s.io/client-go/kubernetes/typed/policy/v1beta1
 k8s.io/client-go/applyconfigurations/rbac/v1
 k8s.io/client-go/applyconfigurations/rbac/v1alpha1
-k8s.io/client-go/kubernetes/typed/rbac/v1
 k8s.io/client-go/kubernetes/typed/rbac/v1alpha1
+k8s.io/client-go/kubernetes/typed/rbac/v1
 k8s.io/client-go/applyconfigurations/rbac/v1beta1
 k8s.io/client-go/applyconfigurations/resource/v1alpha2
 k8s.io/client-go/kubernetes/typed/rbac/v1beta1
@@ -6394,8 +6393,8 @@ github.com/openshift/api/config/v1
 k8s.io/client-go/kubernetes/typed/storage/v1beta1
 k8s.io/client-go/kubernetes
 github.com/noironetworks/aci-containers/pkg/util
-github.com/openshift/api/route/v1
 github.com/openshift/api/operator/v1
+github.com/openshift/api/route/v1
 github.com/openshift/client-go/route/clientset/versioned/scheme
 github.com/openshift/client-go/route/clientset/versioned/typed/route/v1
 github.com/openshift/client-go/route/clientset/versioned
@@ -6407,8 +6406,8 @@ k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1
 k8s.io/apiextensions-apiserver/pkg/client/applyconfiguration/apiextensions/v1
 github.com/imdario/mergo
 encoding/csv
-k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
 github.com/spf13/pflag
+k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1
 k8s.io/client-go/tools/auth
 k8s.io/client-go/tools/clientcmd/api/v1
@@ -6429,10 +6428,10 @@ github.com/prometheus/common/model
 runtime/metrics
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 google.golang.org/protobuf/encoding/protodelim
-github.com/prometheus/procfs/internal/fs
-github.com/prometheus/procfs/internal/util
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/common/expfmt
+github.com/prometheus/procfs/internal/fs
+github.com/prometheus/procfs/internal/util
 github.com/prometheus/procfs
 k8s.io/apimachinery/pkg/util/version
 k8s.io/component-base/version
@@ -6454,19 +6453,19 @@ k8s.io/kubernetes/pkg/api/v1/service
 k8s.io/kubernetes/pkg/apis/autoscaling
 k8s.io/kubernetes/pkg/apis/apps
 github.com/opencontainers/go-digest
-k8s.io/component-base/metrics/legacyregistry
 github.com/distribution/reference
-k8s.io/component-base/metrics/prometheus/feature
-k8s.io/component-base/featuregate
+k8s.io/component-base/metrics/legacyregistry
 k8s.io/kubernetes/pkg/util/parsers
 k8s.io/component-helpers/node/util/sysctl
-k8s.io/apiserver/pkg/util/feature
+k8s.io/component-base/metrics/prometheus/feature
 k8s.io/component-helpers/scheduling/corev1/nodeaffinity
+k8s.io/component-base/featuregate
+k8s.io/apiserver/pkg/util/feature
 k8s.io/apiextensions-apiserver/pkg/features
 k8s.io/apiserver/pkg/features
+k8s.io/component-helpers/scheduling/corev1
 k8s.io/kubernetes/pkg/features
 k8s.io/kubernetes/pkg/apis/core/v1
-k8s.io/component-helpers/scheduling/corev1
 k8s.io/kubelet/pkg/apis
 k8s.io/kubernetes/pkg/api/service
 k8s.io/kubernetes/pkg/apis/core/helper/qos
@@ -6491,9 +6490,9 @@ k8s.io/apiserver/pkg/audit
 k8s.io/apiserver/pkg/admission
 k8s.io/kubernetes/pkg/apis/core/install
 k8s.io/kube-openapi/pkg/util
+k8s.io/apiserver/pkg/quota/v1
 k8s.io/apiserver/pkg/endpoints/openapi
 k8s.io/apiserver/pkg/cel/openapi/resolver
-k8s.io/apiserver/pkg/quota/v1
 k8s.io/client-go/dynamic
 k8s.io/client-go/informers/internalinterfaces
 k8s.io/client-go/listers/admissionregistration/v1
@@ -6501,25 +6500,25 @@ k8s.io/client-go/listers/admissionregistration/v1alpha1
 k8s.io/client-go/listers/admissionregistration/v1beta1
 k8s.io/client-go/listers/apiserverinternal/v1alpha1
 k8s.io/client-go/listers/apps/v1
+k8s.io/client-go/listers/apps/v1beta1
+k8s.io/client-go/listers/apps/v1beta2
 k8s.io/client-go/informers/admissionregistration/v1
 k8s.io/client-go/informers/admissionregistration/v1alpha1
 k8s.io/client-go/informers/admissionregistration/v1beta1
 k8s.io/client-go/informers/apiserverinternal/v1alpha1
-k8s.io/client-go/informers/admissionregistration
 k8s.io/client-go/informers/apiserverinternal
+k8s.io/client-go/informers/admissionregistration
 k8s.io/client-go/informers/apps/v1
-k8s.io/client-go/listers/apps/v1beta1
 k8s.io/client-go/informers/apps/v1beta1
-k8s.io/client-go/listers/apps/v1beta2
-k8s.io/client-go/listers/autoscaling/v1
 k8s.io/client-go/informers/apps/v1beta2
+k8s.io/client-go/listers/autoscaling/v1
 k8s.io/client-go/informers/autoscaling/v1
 k8s.io/client-go/listers/autoscaling/v2
 k8s.io/client-go/informers/apps
 k8s.io/client-go/informers/autoscaling/v2
 k8s.io/client-go/listers/autoscaling/v2beta1
-k8s.io/client-go/listers/autoscaling/v2beta2
 k8s.io/client-go/informers/autoscaling/v2beta1
+k8s.io/client-go/listers/autoscaling/v2beta2
 k8s.io/client-go/informers/autoscaling/v2beta2
 k8s.io/client-go/listers/batch/v1
 k8s.io/client-go/informers/autoscaling
@@ -6529,8 +6528,8 @@ k8s.io/client-go/listers/certificates/v1
 k8s.io/client-go/informers/certificates/v1
 k8s.io/client-go/informers/batch/v1beta1
 k8s.io/client-go/listers/certificates/v1alpha1
-k8s.io/client-go/informers/certificates/v1alpha1
 k8s.io/client-go/informers/batch
+k8s.io/client-go/informers/certificates/v1alpha1
 k8s.io/client-go/listers/certificates/v1beta1
 k8s.io/client-go/listers/coordination/v1
 k8s.io/client-go/informers/certificates/v1beta1
@@ -6550,8 +6549,8 @@ k8s.io/client-go/listers/events/v1
 k8s.io/client-go/informers/events/v1
 k8s.io/client-go/informers/discovery
 k8s.io/client-go/listers/events/v1beta1
-k8s.io/client-go/informers/events/v1beta1
 k8s.io/client-go/listers/extensions/v1beta1
+k8s.io/client-go/informers/events/v1beta1
 k8s.io/client-go/informers/extensions/v1beta1
 k8s.io/client-go/informers/events
 k8s.io/client-go/informers/extensions
@@ -6564,8 +6563,8 @@ k8s.io/client-go/informers/flowcontrol/v1beta2
 k8s.io/client-go/listers/flowcontrol/v1beta3
 k8s.io/client-go/informers/flowcontrol/v1beta3
 k8s.io/client-go/listers/networking/v1
-k8s.io/client-go/informers/networking/v1
 k8s.io/client-go/informers/flowcontrol
+k8s.io/client-go/informers/networking/v1
 k8s.io/client-go/listers/networking/v1alpha1
 k8s.io/client-go/informers/networking/v1alpha1
 k8s.io/client-go/listers/networking/v1beta1
@@ -6574,12 +6573,12 @@ k8s.io/client-go/listers/node/v1
 k8s.io/client-go/informers/node/v1
 k8s.io/client-go/informers/networking
 k8s.io/client-go/listers/node/v1alpha1
-k8s.io/client-go/informers/node/v1alpha1
 k8s.io/client-go/listers/node/v1beta1
+k8s.io/client-go/informers/node/v1alpha1
 k8s.io/client-go/informers/node/v1beta1
 k8s.io/client-go/listers/policy/v1
-k8s.io/client-go/informers/policy/v1
 k8s.io/client-go/informers/node
+k8s.io/client-go/informers/policy/v1
 k8s.io/client-go/listers/policy/v1beta1
 k8s.io/client-go/listers/rbac/v1
 k8s.io/client-go/informers/rbac/v1
@@ -6598,8 +6597,8 @@ k8s.io/client-go/informers/scheduling/v1
 k8s.io/client-go/listers/scheduling/v1alpha1
 k8s.io/client-go/informers/scheduling/v1alpha1
 k8s.io/client-go/listers/scheduling/v1beta1
-k8s.io/client-go/listers/storage/v1
 k8s.io/client-go/informers/scheduling/v1beta1
+k8s.io/client-go/listers/storage/v1
 k8s.io/client-go/informers/storage/v1
 k8s.io/client-go/informers/scheduling
 k8s.io/client-go/listers/storage/v1alpha1
@@ -6609,15 +6608,15 @@ k8s.io/client-go/informers/storage/v1beta1
 google.golang.org/protobuf/types/known/emptypb
 google.golang.org/protobuf/types/known/structpb
 google.golang.org/genproto/googleapis/api/expr/v1alpha1
-github.com/google/cel-go/checker/decls
 k8s.io/client-go/informers/storage
+github.com/google/cel-go/checker/decls
 github.com/google/cel-go/common/runes
 golang.org/x/text/width
 github.com/google/cel-go/common
 google.golang.org/protobuf/types/dynamicpb
+k8s.io/client-go/informers
 google.golang.org/protobuf/types/known/wrapperspb
 github.com/google/cel-go/common/types/pb
-k8s.io/client-go/informers
 github.com/google/cel-go/common/types/ref
 github.com/google/cel-go/common/types/traits
 github.com/stoewer/go-strcase
@@ -6625,21 +6624,21 @@ github.com/google/cel-go/common/types
 github.com/google/cel-go/common/ast
 github.com/google/cel-go/common/containers
 github.com/google/cel-go/common/debug
+k8s.io/apiserver/pkg/admission/initializer
 github.com/google/cel-go/common/functions
 github.com/google/cel-go/common/decls
 github.com/google/cel-go/common/stdlib
-k8s.io/apiserver/pkg/admission/initializer
-github.com/antlr/antlr4/runtime/Go/antlr/v4
 k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle
+github.com/antlr/antlr4/runtime/Go/antlr/v4
 github.com/google/cel-go/interpreter
 k8s.io/apiserver/pkg/admission/cel
 k8s.io/api/admission/v1
 golang.org/x/text/internal/tag
 golang.org/x/text/internal/language
 golang.org/x/text/internal/language/compact
-github.com/google/cel-go/parser/gen
 golang.org/x/text/language
 golang.org/x/text/internal/catmsg
+github.com/google/cel-go/parser/gen
 golang.org/x/text/internal/stringset
 golang.org/x/text/internal/number
 golang.org/x/text/internal
@@ -6678,18 +6677,18 @@ github.com/google/cel-go/cel
 github.com/felixge/httpsnoop
 go.opentelemetry.io/otel/semconv/v1.20.0
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
+github.com/go-logr/logr/funcr
 k8s.io/apiserver/pkg/cel
 github.com/google/cel-go/ext
 k8s.io/apiserver/pkg/cel/library
 k8s.io/apiserver/pkg/cel/lazy
 k8s.io/apiserver/pkg/cel/common
 k8s.io/apiserver/pkg/cel/environment
-k8s.io/apiserver/pkg/cel/openapi
 k8s.io/apiserver/pkg/admission/plugin/cel
-github.com/go-logr/logr/funcr
+k8s.io/apiserver/pkg/cel/openapi
 github.com/go-logr/stdr
-k8s.io/apiserver/pkg/admission/plugin/webhook/matchconditions
 go.opentelemetry.io/otel/metric
+k8s.io/apiserver/pkg/admission/plugin/webhook/matchconditions
 k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy
 go.opentelemetry.io/otel/internal/baggage
 go.opentelemetry.io/otel/baggage
@@ -6705,19 +6704,19 @@ go.opentelemetry.io/otel/trace/noop
 runtime/trace
 go.opentelemetry.io/otel/sdk/trace
 go.opentelemetry.io/proto/otlp/common/v1
-go.opentelemetry.io/proto/otlp/resource/v1
-go.opentelemetry.io/proto/otlp/trace/v1
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
+go.opentelemetry.io/proto/otlp/resource/v1
 github.com/cenkalti/backoff/v4
-go.opentelemetry.io/otel/exporters/otlp/otlptrace
+go.opentelemetry.io/proto/otlp/trace/v1
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry
 google.golang.org/grpc/encoding/gzip
 github.com/grpc-ecosystem/grpc-gateway/v2/utilities
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/tracetransform
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
+go.opentelemetry.io/otel/exporters/otlp/otlptrace
 google.golang.org/genproto/googleapis/api/httpbody
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig
 google.golang.org/grpc/health/grpc_health_v1
 google.golang.org/protobuf/types/known/fieldmaskpb
 google.golang.org/genproto/googleapis/rpc/errdetails
@@ -6730,25 +6729,25 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
 go.opentelemetry.io/proto/otlp/collector/trace/v1
 k8s.io/apiserver/pkg/util/x509metrics
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
 k8s.io/utils/lru
 k8s.io/api/admission/v1beta1
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
 k8s.io/component-base/tracing
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission
-k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1
 k8s.io/apiserver/pkg/server/egressselector
+k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1
 k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1
 k8s.io/apiserver/pkg/admission/plugin/webhook/config
 k8s.io/apiserver/pkg/admission/plugin/webhook/errors
 k8s.io/apimachinery/pkg/util/uuid
 k8s.io/apiserver/pkg/authentication/authenticator
+k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/authentication/group
 k8s.io/apiserver/pkg/authentication/request/anonymous
-k8s.io/apiserver/pkg/util/webhook
 k8s.io/apiserver/pkg/authentication/request/bearertoken
 k8s.io/apiserver/pkg/authentication/request/x509
-k8s.io/apiserver/pkg/authentication/request/headerrequest
 k8s.io/apiserver/pkg/admission/plugin/webhook
+k8s.io/apiserver/pkg/authentication/request/headerrequest
 k8s.io/apiserver/pkg/admission/plugin/webhook/generic
 k8s.io/apiserver/pkg/authentication/request/union
 golang.org/x/net/websocket
@@ -6776,9 +6775,9 @@ k8s.io/apiserver/pkg/registry/rest
 k8s.io/apiserver/pkg/storage
 k8s.io/apiserver/pkg/util/flushwriter
 k8s.io/apimachinery/pkg/apis/meta/internalversion/validation
-k8s.io/apiserver/pkg/endpoints/handlers/responsewriters
 k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation
 k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager
+k8s.io/apiserver/pkg/endpoints/handlers/responsewriters
 k8s.io/apiserver/pkg/endpoints/handlers/finisher
 k8s.io/apiserver/pkg/endpoints/handlers/metrics
 k8s.io/apiserver/pkg/endpoints/discovery
@@ -6789,8 +6788,8 @@ k8s.io/apiserver/pkg/storageversion
 k8s.io/apiserver/pkg/endpoints/discovery/aggregated
 k8s.io/apiserver/pkg/server/httplog
 k8s.io/apiserver/pkg/endpoints/filterlatency
-k8s.io/apiserver/pkg/endpoints
 k8s.io/apiserver/pkg/endpoints/filters
+k8s.io/apiserver/pkg/endpoints
 k8s.io/apiserver/pkg/storage/etcd3/metrics
 k8s.io/apiserver/pkg/storage/value
 k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap
@@ -6808,8 +6807,8 @@ k8s.io/apiserver/pkg/util/flowcontrol/format
 golang.org/x/net/context
 github.com/grpc-ecosystem/go-grpc-prometheus
 go.etcd.io/etcd/client/pkg/v3/fileutil
-go.etcd.io/etcd/client/pkg/v3/tlsutil
 k8s.io/component-base/metrics/testutil
+go.etcd.io/etcd/client/pkg/v3/tlsutil
 go.etcd.io/etcd/client/pkg/v3/transport
 k8s.io/apiserver/pkg/util/flowcontrol/metrics
 k8s.io/apiserver/pkg/util/flowcontrol/request
@@ -6833,28 +6832,28 @@ github.com/NYTimes/gziphandler
 k8s.io/kube-openapi/pkg/handler
 k8s.io/apiserver/pkg/storage/etcd3
 k8s.io/apiserver/pkg/server/filters
-internal/profile
 k8s.io/apiserver/pkg/storage/storagebackend
+internal/profile
 k8s.io/apiserver/pkg/storage/storagebackend/factory
 k8s.io/apiserver/pkg/registry/generic
-net/http/pprof
 k8s.io/apiserver/pkg/server/storage
-k8s.io/apiserver/pkg/server/routes
+net/http/pprof
 github.com/spf13/cobra
+k8s.io/apiserver/pkg/server/routes
 k8s.io/component-base/logs/internal/setverbositylevel
 k8s.io/component-base/logs/klogflags
 k8s.io/component-base/metrics/features
 os/signal
-go.opentelemetry.io/otel/semconv/internal
 k8s.io/component-base/cli/flag
+go.opentelemetry.io/otel/semconv/internal
 go.opentelemetry.io/otel/semconv/v1.12.0
-gopkg.in/natefinch/lumberjack.v2
 k8s.io/component-base/logs/api/v1
+gopkg.in/natefinch/lumberjack.v2
 k8s.io/apiserver/pkg/apis/audit/validation
 k8s.io/apiserver/pkg/audit/policy
 k8s.io/component-base/logs
-k8s.io/apiserver/pkg/authentication/cel
 k8s.io/apiserver/pkg/server
+k8s.io/apiserver/pkg/authentication/cel
 k8s.io/apiserver/pkg/authorization/cel
 k8s.io/apiserver/pkg/apis/apiserver/validation
 k8s.io/apiserver/plugin/pkg/authorizer/webhook
@@ -6869,27 +6868,27 @@ k8s.io/apiserver/pkg/apis/config/v1
 k8s.io/apiserver/pkg/apis/config/validation
 k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics
 golang.org/x/crypto/hkdf
-k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics
 k8s.io/apiserver/pkg/storage/value/encrypt/aes
+k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics
 k8s.io/kms/apis/v1beta1
 k8s.io/kms/pkg/util
 k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2
-k8s.io/kms/apis/v2
 k8s.io/apiserver/pkg/storage/value/encrypt/envelope
-k8s.io/kms/pkg/service
+k8s.io/kms/apis/v2
 golang.org/x/crypto/internal/poly1305
+k8s.io/kms/pkg/service
 golang.org/x/crypto/nacl/secretbox
-k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2
 k8s.io/apiserver/pkg/storage/value/encrypt/secretbox
 k8s.io/apiserver/pkg/server/resourceconfig
+k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2
 k8s.io/apiserver/plugin/pkg/audit/buffered
 k8s.io/apiserver/plugin/pkg/audit/log
-k8s.io/apiserver/pkg/server/options/encryptionconfig
 k8s.io/apiserver/plugin/pkg/audit/truncate
+k8s.io/apiserver/pkg/server/options/encryptionconfig
 k8s.io/apiserver/pkg/apis/audit/install
 k8s.io/apiserver/plugin/pkg/audit/webhook
-k8s.io/apiserver/pkg/server/options/encryptionconfig/controller
 k8s.io/cloud-provider
+k8s.io/apiserver/pkg/server/options/encryptionconfig/controller
 k8s.io/apiserver/pkg/server/options
 k8s.io/component-base/config
 k8s.io/controller-manager/config
@@ -6898,15 +6897,15 @@ k8s.io/cloud-provider/app/config
 k8s.io/cloud-provider/controllers/node/config/v1alpha1
 k8s.io/cloud-provider/controllers/service/config/v1alpha1
 k8s.io/component-base/config/v1alpha1
-k8s.io/component-base/config/options
 k8s.io/controller-manager/config/v1alpha1
-k8s.io/controller-manager/config/v1
 k8s.io/cloud-provider/config/v1alpha1
+k8s.io/component-base/config/options
+k8s.io/controller-manager/config/v1
+k8s.io/cloud-provider/config/install
 k8s.io/controller-manager/config/v1beta1
+k8s.io/controller-manager/pkg/clientbuilder
 k8s.io/controller-manager/pkg/leadermigration/config
-k8s.io/cloud-provider/config/install
 k8s.io/controller-manager/pkg/leadermigration/options
-k8s.io/controller-manager/pkg/clientbuilder
 k8s.io/controller-manager/options
 k8s.io/controller-manager/pkg/features
 k8s.io/controller-manager/pkg/features/register
@@ -6914,8 +6913,8 @@ k8s.io/kubernetes/pkg/util/hash
 k8s.io/kubernetes/pkg/util/taints
 github.com/evanphx/json-patch/v5
 k8s.io/client-go/metadata
-k8s.io/client-go/restmapper
 k8s.io/cloud-provider/options
+k8s.io/client-go/restmapper
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
 sigs.k8s.io/controller-runtime/pkg/log
 sigs.k8s.io/controller-runtime/pkg/client
@@ -6926,9 +6925,9 @@ sigs.k8s.io/controller-runtime/pkg/client/config
 k8s.io/kubernetes/pkg/controller
 github.com/noironetworks/aci-containers/pkg/controller
 github.com/noironetworks/aci-containers/cmd/acicontainersoperator
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:28:15.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:28:15.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:28:15.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:28:15.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-webhook github.com/noironetworks/aci-containers/cmd/webhook
-internal/goarch
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:38:26.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:38:26.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:38:26.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:38:26.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-webhook github.com/noironetworks/aci-containers/cmd/webhook
 encoding
+internal/goarch
 internal/unsafeheader
 internal/abi
 internal/cpu
@@ -6948,8 +6947,8 @@ internal/runtime/exithook
 runtime/internal/sys
 cmp
 internal/itoa
-internal/race
 runtime
+internal/race
 math/bits
 math
 unicode/utf8
@@ -6993,10 +6992,10 @@ reflect
 syscall
 time
 io/fs
-internal/filepathlite
+internal/fmtsort
 internal/syscall/unix
+internal/filepathlite
 internal/poll
-internal/fmtsort
 internal/syscall/execenv
 internal/testlog
 strings
@@ -7004,19 +7003,19 @@ os
 bytes
 encoding/binary
 encoding/base64
-fmt
 bufio
 sort
+fmt
 github.com/gogo/protobuf/sortkeys
 math/rand
+github.com/google/gofuzz/bytesource
+regexp/syntax
 flag
 encoding/json
 log
-github.com/google/gofuzz/bytesource
-regexp/syntax
 regexp
-github.com/gogo/protobuf/proto
 github.com/google/gofuzz
+github.com/gogo/protobuf/proto
 math/big
 gopkg.in/inf.v0
 k8s.io/apimachinery/third_party/forked/golang/reflect
@@ -7027,17 +7026,17 @@ k8s.io/apimachinery/pkg/util/errors
 k8s.io/apimachinery/pkg/util/validation/field
 context
 vendor/golang.org/x/net/dns/dnsmessage
-k8s.io/apimachinery/pkg/api/resource
 internal/singleflight
 math/rand/v2
 internal/concurrent
 internal/weak
 unique
+k8s.io/apimachinery/pkg/api/resource
+net/netip
 log/slog/internal/buffer
 log/slog
-net/netip
-github.com/go-logr/logr
 net
+github.com/go-logr/logr
 k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock
@@ -7049,33 +7048,33 @@ path/filepath
 k8s.io/klog/v2
 go/token
 go/scanner
-go/ast
-go/doc/comment
 k8s.io/utils/internal/third_party/forked/golang/net
+go/ast
 k8s.io/utils/net
 k8s.io/apimachinery/pkg/util/validation
-internal/lazyregexp
-go/doc
 k8s.io/apimachinery/pkg/labels
+go/doc/comment
+internal/lazyregexp
 go/build/constraint
+go/doc
 go/internal/typeparams
 go/parser
 net/url
-k8s.io/apimachinery/pkg/conversion/queryparams
 k8s.io/apimachinery/pkg/runtime/schema
 sigs.k8s.io/json/internal/golang/encoding/json
+k8s.io/apimachinery/pkg/conversion/queryparams
 runtime/debug
 k8s.io/apimachinery/pkg/util/naming
 compress/flate
-sigs.k8s.io/json
-k8s.io/apimachinery/pkg/util/json
 hash
-crypto/cipher
 hash/crc32
 compress/gzip
 crypto
-crypto/internal/randutil
+crypto/cipher
+sigs.k8s.io/json
+k8s.io/apimachinery/pkg/util/json
 crypto/internal/boring
+crypto/internal/randutil
 crypto/des
 crypto/rand
 crypto/aes
@@ -7086,23 +7085,23 @@ crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
-vendor/golang.org/x/crypto/cryptobyte
 crypto/internal/nistec
+vendor/golang.org/x/crypto/cryptobyte
 crypto/internal/edwards25519
 crypto/ecdh
 crypto/elliptic
 crypto/ed25519
 crypto/hmac
 vendor/golang.org/x/crypto/chacha20
-vendor/golang.org/x/crypto/internal/poly1305
 crypto/ecdsa
+vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/sha3
 crypto/internal/hpke
-crypto/md5
 crypto/internal/mlkem768
+crypto/md5
 crypto/rc4
 crypto/rsa
 crypto/sha1
@@ -7116,8 +7115,8 @@ crypto/x509
 vendor/golang.org/x/text/unicode/bidi
 vendor/golang.org/x/text/secure/bidirule
 vendor/golang.org/x/text/unicode/norm
-crypto/tls
 vendor/golang.org/x/net/idna
+crypto/tls
 net/textproto
 vendor/golang.org/x/net/http/httpguts
 vendor/golang.org/x/net/http/httpproxy
@@ -7131,9 +7130,9 @@ net/http/internal/ascii
 io/ioutil
 github.com/modern-go/concurrent
 github.com/modern-go/reflect2
+github.com/json-iterator/go
 net/http/httptrace
 net/http
-github.com/json-iterator/go
 gopkg.in/yaml.v2
 sigs.k8s.io/structured-merge-diff/v4/value
 k8s.io/apimachinery/pkg/util/intstr
@@ -7152,12 +7151,12 @@ k8s.io/apimachinery/pkg/version
 k8s.io/client-go/pkg/version
 golang.org/x/sys/unix
 k8s.io/apimachinery/pkg/util/net
-k8s.io/apimachinery/pkg/watch
-k8s.io/apimachinery/pkg/apis/meta/v1
 golang.org/x/term
+k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/pkg/runtime/serializer/recognizer
 k8s.io/apimachinery/pkg/util/framer
 sigs.k8s.io/yaml/goyaml.v2
+k8s.io/apimachinery/pkg/apis/meta/v1
 sigs.k8s.io/yaml
 k8s.io/apimachinery/pkg/util/yaml
 k8s.io/apimachinery/pkg/runtime/serializer/json
@@ -7172,6 +7171,7 @@ k8s.io/apimachinery/pkg/util/wait
 k8s.io/client-go/util/connrotation
 container/heap
 golang.org/x/time/rate
+k8s.io/client-go/util/workqueue
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1
 k8s.io/api/coordination/v1
 k8s.io/api/core/v1
@@ -7185,7 +7185,6 @@ k8s.io/apimachinery/pkg/runtime/serializer
 k8s.io/client-go/pkg/apis/clientauthentication/v1
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
 k8s.io/client-go/pkg/apis/clientauthentication/install
-k8s.io/client-go/util/workqueue
 k8s.io/client-go/transport
 os/exec
 k8s.io/client-go/plugin/pkg/client/auth/exec
@@ -7227,19 +7226,19 @@ github.com/golang/protobuf/proto
 google.golang.org/protobuf/types/known/anypb
 github.com/golang/protobuf/ptypes/any
 google.golang.org/protobuf/types/known/durationpb
-github.com/golang/protobuf/ptypes/duration
 google.golang.org/protobuf/types/known/timestamppb
+github.com/golang/protobuf/ptypes/duration
 github.com/golang/protobuf/ptypes/timestamp
+gopkg.in/yaml.v3
 github.com/golang/protobuf/ptypes
 github.com/google/gnostic-models/extensions
-gopkg.in/yaml.v3
 k8s.io/api/apidiscovery/v2beta1
 k8s.io/api/admissionregistration/v1
 k8s.io/api/admissionregistration/v1alpha1
 github.com/google/gnostic-models/jsonschema
 github.com/google/gnostic-models/compiler
-github.com/google/gnostic-models/openapiv2
 k8s.io/api/admissionregistration/v1beta1
+github.com/google/gnostic-models/openapiv2
 k8s.io/api/apiserverinternal/v1alpha1
 k8s.io/api/apps/v1
 k8s.io/api/apps/v1beta1
@@ -7255,9 +7254,9 @@ k8s.io/api/autoscaling/v2beta1
 k8s.io/api/autoscaling/v2beta2
 k8s.io/api/batch/v1
 k8s.io/api/certificates/v1
-k8s.io/api/batch/v1beta1
 k8s.io/api/certificates/v1alpha1
 k8s.io/api/certificates/v1beta1
+k8s.io/api/batch/v1beta1
 k8s.io/api/coordination/v1beta1
 k8s.io/api/discovery/v1
 k8s.io/api/discovery/v1beta1
@@ -7305,46 +7304,47 @@ k8s.io/kube-openapi/pkg/util/proto
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 k8s.io/kube-openapi/pkg/internal
-sigs.k8s.io/structured-merge-diff/v4/typed
 k8s.io/kube-openapi/pkg/validation/spec
+sigs.k8s.io/structured-merge-diff/v4/typed
 sigs.k8s.io/structured-merge-diff/v4/merge
+k8s.io/kube-openapi/pkg/schemaconv
 database/sql/driver
+k8s.io/apimachinery/pkg/util/managedfields/internal
 github.com/google/uuid
 github.com/munnerz/goautoneg
-k8s.io/kube-openapi/pkg/schemaconv
 k8s.io/kube-openapi/pkg/cached
 hash/adler32
 compress/zlib
 encoding/xml
-k8s.io/apimachinery/pkg/util/managedfields/internal
 k8s.io/apimachinery/pkg/util/managedfields
 github.com/emicklei/go-restful/v3/log
-github.com/emicklei/go-restful/v3
 k8s.io/kube-openapi/pkg/spec3
+github.com/emicklei/go-restful/v3
 k8s.io/client-go/applyconfigurations/internal
-k8s.io/kube-openapi/pkg/common
 k8s.io/client-go/kubernetes/typed/authentication/v1
-k8s.io/kube-openapi/pkg/handler3
 k8s.io/client-go/kubernetes/typed/authentication/v1alpha1
 k8s.io/client-go/kubernetes/typed/authentication/v1beta1
+k8s.io/kube-openapi/pkg/common
 k8s.io/client-go/kubernetes/typed/authorization/v1
-k8s.io/client-go/openapi
+k8s.io/kube-openapi/pkg/handler3
 k8s.io/client-go/kubernetes/typed/authorization/v1beta1
 k8s.io/client-go/tools/reference
-k8s.io/client-go/discovery
 k8s.io/apimachinery/pkg/util/mergepatch
 k8s.io/apimachinery/third_party/forked/golang/json
+k8s.io/client-go/openapi
 k8s.io/apimachinery/pkg/util/strategicpatch
+k8s.io/client-go/discovery
 k8s.io/client-go/applyconfigurations/meta/v1
+k8s.io/client-go/tools/internal/events
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
+k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
-k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
-k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
 k8s.io/client-go/applyconfigurations/core/v1
+k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
 k8s.io/client-go/applyconfigurations/autoscaling/v1
 k8s.io/client-go/kubernetes/typed/autoscaling/v1
 k8s.io/client-go/applyconfigurations/autoscaling/v2
@@ -7356,8 +7356,6 @@ k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
 k8s.io/client-go/applyconfigurations/certificates/v1
 k8s.io/client-go/kubernetes/typed/certificates/v1
 k8s.io/client-go/applyconfigurations/certificates/v1alpha1
-k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
-k8s.io/client-go/applyconfigurations/certificates/v1beta1
 k8s.io/client-go/applyconfigurations/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta1
 k8s.io/client-go/kubernetes/typed/apps/v1beta1
@@ -7367,13 +7365,15 @@ k8s.io/client-go/applyconfigurations/batch/v1
 k8s.io/client-go/kubernetes/typed/apps/v1beta2
 k8s.io/client-go/kubernetes/typed/batch/v1
 k8s.io/client-go/applyconfigurations/batch/v1beta1
-k8s.io/client-go/kubernetes/typed/certificates/v1beta1
+k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
 k8s.io/client-go/kubernetes/typed/batch/v1beta1
+k8s.io/client-go/applyconfigurations/certificates/v1beta1
 k8s.io/client-go/applyconfigurations/coordination/v1
-k8s.io/client-go/applyconfigurations/coordination/v1beta1
+k8s.io/client-go/kubernetes/typed/certificates/v1beta1
 k8s.io/client-go/kubernetes/typed/coordination/v1
-k8s.io/client-go/kubernetes/typed/coordination/v1beta1
+k8s.io/client-go/applyconfigurations/coordination/v1beta1
 k8s.io/client-go/kubernetes/typed/core/v1
+k8s.io/client-go/kubernetes/typed/coordination/v1beta1
 k8s.io/client-go/applyconfigurations/discovery/v1
 k8s.io/client-go/kubernetes/typed/discovery/v1
 k8s.io/client-go/applyconfigurations/discovery/v1beta1
@@ -7381,12 +7381,12 @@ k8s.io/client-go/kubernetes/typed/discovery/v1beta1
 k8s.io/client-go/applyconfigurations/events/v1
 k8s.io/client-go/kubernetes/typed/events/v1
 k8s.io/client-go/applyconfigurations/events/v1beta1
-k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/events/v1beta1
+k8s.io/client-go/applyconfigurations/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1
-k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1
+k8s.io/client-go/kubernetes/typed/extensions/v1beta1
 k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2
 k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3
@@ -7398,8 +7398,8 @@ k8s.io/client-go/kubernetes/typed/networking/v1alpha1
 k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1beta1
 k8s.io/client-go/applyconfigurations/node/v1
-k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/kubernetes/typed/networking/v1beta1
+k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/applyconfigurations/node/v1alpha1
 k8s.io/client-go/applyconfigurations/node/v1beta1
 k8s.io/client-go/kubernetes/typed/node/v1alpha1
@@ -7417,25 +7417,24 @@ k8s.io/client-go/applyconfigurations/resource/v1alpha2
 k8s.io/client-go/kubernetes/typed/rbac/v1beta1
 k8s.io/client-go/kubernetes/typed/resource/v1alpha2
 k8s.io/client-go/applyconfigurations/scheduling/v1
-k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
 k8s.io/client-go/kubernetes/typed/scheduling/v1
-k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
+k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
 k8s.io/client-go/applyconfigurations/scheduling/v1beta1
-k8s.io/client-go/applyconfigurations/storage/v1
+k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
 k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
+k8s.io/client-go/applyconfigurations/storage/v1
 k8s.io/client-go/applyconfigurations/storage/v1alpha1
-k8s.io/client-go/kubernetes/typed/storage/v1
 k8s.io/client-go/kubernetes/typed/storage/v1alpha1
+k8s.io/client-go/kubernetes/typed/storage/v1
 k8s.io/client-go/applyconfigurations/storage/v1beta1
-k8s.io/client-go/tools/internal/events
 k8s.io/client-go/tools/record/util
 k8s.io/client-go/tools/record
 k8s.io/client-go/kubernetes/typed/storage/v1beta1
 k8s.io/utils/ptr
 k8s.io/utils/pointer
+k8s.io/client-go/kubernetes
 html
 internal/profile
-k8s.io/client-go/kubernetes
 text/tabwriter
 runtime/pprof
 k8s.io/client-go/tools/leaderelection/resourcelock
@@ -7443,8 +7442,8 @@ runtime/trace
 net/http/pprof
 github.com/google/go-cmp/cmp/internal/diff
 github.com/google/go-cmp/cmp/internal/function
-github.com/google/go-cmp/cmp/internal/value
 k8s.io/client-go/tools/leaderelection
+github.com/google/go-cmp/cmp/internal/value
 github.com/google/go-cmp/cmp
 k8s.io/apimachinery/pkg/util/cache
 k8s.io/client-go/tools/cache/synctrack
@@ -7455,10 +7454,10 @@ k8s.io/utils/trace
 k8s.io/client-go/dynamic
 k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme
 k8s.io/client-go/metadata
-k8s.io/apimachinery/pkg/util/diff
-k8s.io/client-go/tools/cache
 github.com/pkg/errors
 github.com/evanphx/json-patch/v5
+k8s.io/apimachinery/pkg/util/diff
+k8s.io/client-go/tools/cache
 k8s.io/client-go/restmapper
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
 sigs.k8s.io/controller-runtime/pkg/log
@@ -7470,16 +7469,16 @@ sigs.k8s.io/controller-runtime/pkg/cache/internal
 k8s.io/component-base/config
 k8s.io/component-base/config/v1alpha1
 sigs.k8s.io/controller-runtime/pkg/scheme
-sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
 sigs.k8s.io/controller-runtime/pkg/cache
+sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
 sigs.k8s.io/controller-runtime/pkg/config
 sigs.k8s.io/controller-runtime/pkg/healthz
 sigs.k8s.io/controller-runtime/pkg/cluster
 sigs.k8s.io/controller-runtime/pkg/internal/httpserver
 k8s.io/apimachinery/pkg/util/uuid
 sigs.k8s.io/controller-runtime/pkg/recorder
-sigs.k8s.io/controller-runtime/pkg/leaderelection
 expvar
+sigs.k8s.io/controller-runtime/pkg/leaderelection
 github.com/beorn7/perks/quantile
 github.com/cespare/xxhash/v2
 github.com/prometheus/client_model/go
@@ -7488,10 +7487,10 @@ runtime/metrics
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 google.golang.org/protobuf/encoding/protodelim
 github.com/prometheus/procfs/internal/fs
-github.com/prometheus/procfs/internal/util
-github.com/prometheus/procfs
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/common/expfmt
+github.com/prometheus/procfs/internal/util
+github.com/prometheus/procfs
 github.com/fsnotify/fsnotify
 gomodules.xyz/jsonpatch/v2
 k8s.io/api/admission/v1
@@ -7515,17 +7514,17 @@ sigs.k8s.io/controller-runtime/pkg/metrics/server
 sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
 sigs.k8s.io/controller-runtime/pkg/webhook/admission
 github.com/prometheus/client_golang/prometheus/collectors
-sigs.k8s.io/controller-runtime/pkg/webhook
 sigs.k8s.io/controller-runtime/pkg/internal/controller/metrics
 sigs.k8s.io/controller-runtime/pkg/internal/controller
-sigs.k8s.io/controller-runtime/pkg/manager
+sigs.k8s.io/controller-runtime/pkg/webhook
 sigs.k8s.io/controller-runtime/pkg/conversion
 sigs.k8s.io/controller-runtime/pkg/webhook/conversion
+sigs.k8s.io/controller-runtime/pkg/manager
 github.com/imdario/mergo
-github.com/noironetworks/aci-containers/pkg/webhook/types
-sigs.k8s.io/controller-runtime/pkg/controller
 encoding/csv
 github.com/spf13/pflag
+github.com/noironetworks/aci-containers/pkg/webhook/types
+sigs.k8s.io/controller-runtime/pkg/controller
 sigs.k8s.io/controller-runtime/pkg/builder
 k8s.io/client-go/tools/auth
 k8s.io/client-go/tools/clientcmd/api/v1
@@ -7537,9 +7536,9 @@ sigs.k8s.io/controller-runtime/pkg/manager/signals
 k8s.io/client-go/plugin/pkg/client/auth/azure
 k8s.io/client-go/plugin/pkg/client/auth/gcp
 k8s.io/client-go/plugin/pkg/client/auth/oidc
+k8s.io/client-go/tools/clientcmd
 k8s.io/client-go/plugin/pkg/client/auth
 go.uber.org/multierr
-k8s.io/client-go/tools/clientcmd
 go.uber.org/zap/internal/pool
 go.uber.org/zap/buffer
 go.uber.org/zap/internal/bufferpool
@@ -7556,9 +7555,9 @@ go.uber.org/zap
 github.com/go-logr/zapr
 sigs.k8s.io/controller-runtime/pkg/log/zap
 github.com/noironetworks/aci-containers/cmd/webhook
-CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-06-2024.09:29:56.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-06-2024.09:29:56.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-06-2024.09:29:56.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-06-2024.09:29:56.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-certmanager github.com/noironetworks/aci-containers/cmd/certmanager
-encoding
+CGO_ENABLED=0 GOOS=linux go build -v -trimpath -ldflags=" -X github.com/noironetworks/aci-containers/pkg/controller.buildTime=11-11-2024.09:40:07.UTC -X github.com/noironetworks/aci-containers/pkg/controller.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/gbpserver.buildTime=11-11-2024.09:40:07.UTC -X github.com/noironetworks/aci-containers/pkg/gbpserver.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/hostagent.buildTime=11-11-2024.09:40:07.UTC -X github.com/noironetworks/aci-containers/pkg/hostagent.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.buildTime=11-11-2024.09:40:07.UTC -X github.com/noironetworks/aci-containers/pkg/acicontainersoperator.gitCommit=d090ca19b2ebe458b0f15e91dc685e6ba807e693 -s -w" -a -installsuffix cgo -o dist-static/aci-containers-certmanager github.com/noironetworks/aci-containers/cmd/certmanager
 internal/goarch
+encoding
 internal/unsafeheader
 internal/abi
 internal/cpu
@@ -7573,8 +7572,8 @@ internal/profilerecord
 internal/runtime/atomic
 internal/runtime/syscall
 internal/stringslite
-runtime/internal/math
 internal/runtime/exithook
+runtime/internal/math
 runtime/internal/sys
 cmp
 internal/itoa
@@ -7619,35 +7618,35 @@ io
 internal/oserror
 path
 internal/godebug
-reflect
 syscall
+reflect
 time
 io/fs
 internal/filepathlite
 internal/fmtsort
 internal/syscall/unix
-internal/poll
 internal/syscall/execenv
 internal/testlog
+internal/poll
 strings
-os
 bytes
+os
 encoding/binary
 encoding/base64
 bufio
-fmt
 sort
+fmt
 github.com/gogo/protobuf/sortkeys
 math/rand
+github.com/google/gofuzz/bytesource
+regexp/syntax
 flag
 encoding/json
 log
-github.com/google/gofuzz/bytesource
-regexp/syntax
-github.com/gogo/protobuf/proto
 regexp
 github.com/google/gofuzz
 math/big
+github.com/gogo/protobuf/proto
 gopkg.in/inf.v0
 k8s.io/apimachinery/third_party/forked/golang/reflect
 k8s.io/apimachinery/pkg/conversion
@@ -7657,20 +7656,20 @@ k8s.io/apimachinery/pkg/util/errors
 k8s.io/apimachinery/pkg/util/validation/field
 context
 vendor/golang.org/x/net/dns/dnsmessage
-k8s.io/apimachinery/pkg/api/resource
 internal/singleflight
 math/rand/v2
-internal/weak
-log/slog/internal/buffer
-log/slog
 internal/concurrent
+internal/weak
 unique
 net/netip
+k8s.io/apimachinery/pkg/api/resource
+log/slog/internal/buffer
+log/slog
+net
 github.com/go-logr/logr
 k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/internal/buffer
 k8s.io/klog/v2/internal/clock
-net
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/sloghandler
@@ -7680,59 +7679,59 @@ k8s.io/klog/v2
 go/token
 go/scanner
 go/ast
-go/doc/comment
-internal/lazyregexp
 k8s.io/utils/internal/third_party/forked/golang/net
-go/doc
 k8s.io/utils/net
 k8s.io/apimachinery/pkg/util/validation
 k8s.io/apimachinery/pkg/labels
+go/doc/comment
+internal/lazyregexp
 go/build/constraint
 go/internal/typeparams
-net/url
 go/parser
-k8s.io/apimachinery/pkg/conversion/queryparams
+go/doc
+net/url
 k8s.io/apimachinery/pkg/runtime/schema
 sigs.k8s.io/json/internal/golang/encoding/json
+k8s.io/apimachinery/pkg/conversion/queryparams
 runtime/debug
 k8s.io/apimachinery/pkg/util/naming
 compress/flate
-sigs.k8s.io/json
 hash
-k8s.io/apimachinery/pkg/util/json
 hash/crc32
+compress/gzip
+sigs.k8s.io/json
 crypto
 crypto/cipher
-compress/gzip
-crypto/internal/boring
+k8s.io/apimachinery/pkg/util/json
 crypto/internal/randutil
+crypto/internal/edwards25519/field
+crypto/internal/boring
 crypto/des
 crypto/rand
 crypto/aes
-crypto/internal/edwards25519/field
 crypto/internal/nistec/fiat
 embed
 crypto/internal/bigmod
 crypto/internal/boring/bbig
 crypto/sha512
 encoding/asn1
-vendor/golang.org/x/crypto/cryptobyte
 crypto/internal/nistec
+vendor/golang.org/x/crypto/cryptobyte
 crypto/internal/edwards25519
 crypto/ecdh
 crypto/elliptic
 crypto/ed25519
 crypto/hmac
 vendor/golang.org/x/crypto/chacha20
-vendor/golang.org/x/crypto/internal/poly1305
 crypto/ecdsa
+vendor/golang.org/x/crypto/internal/poly1305
 vendor/golang.org/x/sys/cpu
 vendor/golang.org/x/crypto/chacha20poly1305
 vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/sha3
 crypto/internal/hpke
-crypto/md5
 crypto/internal/mlkem768
+crypto/md5
 crypto/rc4
 crypto/rsa
 crypto/sha1
@@ -7746,8 +7745,8 @@ crypto/x509
 vendor/golang.org/x/text/unicode/bidi
 vendor/golang.org/x/text/secure/bidirule
 vendor/golang.org/x/text/unicode/norm
-vendor/golang.org/x/net/idna
 crypto/tls
+vendor/golang.org/x/net/idna
 net/textproto
 vendor/golang.org/x/net/http/httpguts
 vendor/golang.org/x/net/http/httpproxy
@@ -7761,9 +7760,9 @@ net/http/internal/ascii
 io/ioutil
 github.com/modern-go/concurrent
 github.com/modern-go/reflect2
-github.com/json-iterator/go
 net/http/httptrace
 net/http
+github.com/json-iterator/go
 gopkg.in/yaml.v2
 sigs.k8s.io/structured-merge-diff/v4/value
 k8s.io/apimachinery/pkg/util/intstr
@@ -7771,9 +7770,9 @@ golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/secure/bidirule
 golang.org/x/text/unicode/norm
-golang.org/x/net/idna
 k8s.io/apimachinery/pkg/util/runtime
 k8s.io/apimachinery/pkg/runtime
+golang.org/x/net/idna
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2/hpack
 golang.org/x/net/http2
@@ -7786,15 +7785,15 @@ k8s.io/apimachinery/pkg/runtime/serializer/recognizer
 k8s.io/apimachinery/pkg/util/framer
 sigs.k8s.io/yaml/goyaml.v2
 k8s.io/apimachinery/pkg/util/net
-k8s.io/apimachinery/pkg/watch
 sigs.k8s.io/yaml
-k8s.io/apimachinery/pkg/apis/meta/v1
 k8s.io/apimachinery/pkg/util/yaml
 k8s.io/apimachinery/pkg/runtime/serializer/json
+k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/pkg/runtime/serializer/streaming
 k8s.io/apimachinery/pkg/version
 k8s.io/client-go/pkg/version
 golang.org/x/sys/unix
+k8s.io/apimachinery/pkg/apis/meta/v1
 golang.org/x/term
 github.com/davecgh/go-spew/spew
 k8s.io/apimachinery/pkg/util/dump
@@ -7802,7 +7801,6 @@ k8s.io/client-go/tools/clientcmd/api
 k8s.io/client-go/tools/metrics
 golang.org/x/oauth2/internal
 github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1
-golang.org/x/oauth2
 k8s.io/api/admissionregistration/v1
 k8s.io/api/core/v1
 k8s.io/apimachinery/pkg/api/errors
@@ -7825,9 +7823,6 @@ k8s.io/api/flowcontrol/v1beta1
 k8s.io/api/flowcontrol/v1beta2
 k8s.io/api/flowcontrol/v1beta3
 k8s.io/api/networking/v1alpha1
-k8s.io/api/policy/v1
-k8s.io/api/policy/v1beta1
-k8s.io/api/rbac/v1
 k8s.io/api/apps/v1
 k8s.io/api/apps/v1beta1
 k8s.io/api/apps/v1beta2
@@ -7849,6 +7844,9 @@ k8s.io/api/networking/v1beta1
 k8s.io/api/node/v1
 k8s.io/api/node/v1alpha1
 k8s.io/api/node/v1beta1
+k8s.io/api/policy/v1
+k8s.io/api/policy/v1beta1
+k8s.io/api/rbac/v1
 k8s.io/api/rbac/v1alpha1
 k8s.io/api/rbac/v1beta1
 k8s.io/api/resource/v1alpha2
@@ -7864,22 +7862,23 @@ k8s.io/apimachinery/pkg/runtime/serializer
 k8s.io/client-go/pkg/apis/clientauthentication
 k8s.io/client-go/pkg/apis/clientauthentication/v1
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
-k8s.io/client-go/kubernetes/scheme
 k8s.io/client-go/pkg/apis/clientauthentication/install
+golang.org/x/oauth2
+k8s.io/client-go/kubernetes/scheme
 k8s.io/client-go/util/connrotation
 container/heap
 golang.org/x/time/rate
-os/exec
 k8s.io/client-go/util/workqueue
+os/exec
 k8s.io/client-go/rest/watch
+k8s.io/client-go/transport
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/cert
-k8s.io/client-go/transport
 k8s.io/utils/clock/testing
 k8s.io/client-go/util/flowcontrol
 github.com/google/go-cmp/cmp/internal/diff
-github.com/google/go-cmp/cmp/internal/function
 k8s.io/client-go/plugin/pkg/client/auth/exec
+github.com/google/go-cmp/cmp/internal/function
 github.com/google/go-cmp/cmp/internal/value
 github.com/google/go-cmp/cmp
 k8s.io/client-go/rest
@@ -7887,12 +7886,12 @@ k8s.io/apimachinery/pkg/util/cache
 text/tabwriter
 k8s.io/client-go/tools/cache/synctrack
 k8s.io/apimachinery/pkg/apis/meta/v1beta1
-k8s.io/apimachinery/pkg/apis/meta/internalversion
 k8s.io/apimachinery/pkg/util/diff
+k8s.io/apimachinery/pkg/apis/meta/internalversion
 k8s.io/utils/ptr
 k8s.io/utils/pointer
-k8s.io/client-go/tools/pager
 k8s.io/utils/trace
+k8s.io/client-go/tools/pager
 k8s.io/client-go/dynamic
 k8s.io/client-go/tools/cache
 k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme
@@ -7935,9 +7934,9 @@ github.com/go-openapi/jsonreference/internal
 github.com/go-openapi/jsonreference
 encoding/base32
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
+google.golang.org/protobuf/internal/filetype
 k8s.io/kube-openapi/pkg/internal
 k8s.io/api/apidiscovery/v2beta1
-google.golang.org/protobuf/internal/filetype
 google.golang.org/protobuf/runtime/protoimpl
 google.golang.org/protobuf/types/descriptorpb
 google.golang.org/protobuf/types/known/anypb
@@ -7946,60 +7945,60 @@ google.golang.org/protobuf/types/known/durationpb
 github.com/golang/protobuf/ptypes/duration
 google.golang.org/protobuf/types/known/timestamppb
 github.com/golang/protobuf/ptypes/timestamp
+google.golang.org/protobuf/types/gofeaturespb
 k8s.io/apimachinery/pkg/api/equality
+google.golang.org/protobuf/reflect/protodesc
 k8s.io/apimachinery/pkg/apis/meta/v1/validation
-google.golang.org/protobuf/types/gofeaturespb
 k8s.io/apimachinery/pkg/api/validation
-google.golang.org/protobuf/reflect/protodesc
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 github.com/golang/protobuf/proto
 sigs.k8s.io/structured-merge-diff/v4/typed
-sigs.k8s.io/structured-merge-diff/v4/merge
 github.com/golang/protobuf/ptypes
 github.com/google/gnostic-models/extensions
-database/sql/driver
 github.com/google/gnostic-models/compiler
-github.com/google/uuid
+sigs.k8s.io/structured-merge-diff/v4/merge
 github.com/google/gnostic-models/openapiv2
 github.com/google/gnostic-models/openapiv3
+database/sql/driver
+github.com/google/uuid
+k8s.io/kube-openapi/pkg/util/proto
+k8s.io/kube-openapi/pkg/validation/spec
 github.com/munnerz/goautoneg
 k8s.io/kube-openapi/pkg/cached
 hash/adler32
 compress/zlib
 encoding/xml
-k8s.io/kube-openapi/pkg/util/proto
-k8s.io/kube-openapi/pkg/validation/spec
 github.com/emicklei/go-restful/v3/log
-github.com/emicklei/go-restful/v3
 k8s.io/apimachinery/pkg/util/strategicpatch
 k8s.io/kube-openapi/pkg/schemaconv
 k8s.io/apimachinery/pkg/util/managedfields/internal
-k8s.io/kube-openapi/pkg/spec3
+github.com/emicklei/go-restful/v3
 k8s.io/apimachinery/pkg/util/managedfields
+k8s.io/kube-openapi/pkg/spec3
 sigs.k8s.io/controller-runtime/pkg/internal/field/selector
 sigs.k8s.io/controller-runtime/pkg/internal/log
 sigs.k8s.io/controller-runtime/pkg/reconcile
 k8s.io/apimachinery/pkg/util/uuid
 expvar
+k8s.io/kube-openapi/pkg/common
 github.com/beorn7/perks/quantile
 github.com/cespare/xxhash/v2
+k8s.io/kube-openapi/pkg/handler3
 github.com/prometheus/client_model/go
-k8s.io/kube-openapi/pkg/common
 github.com/prometheus/common/model
-k8s.io/kube-openapi/pkg/handler3
-runtime/metrics
-github.com/prometheus/client_golang/prometheus/internal
 k8s.io/client-go/openapi
 k8s.io/client-go/discovery
+runtime/metrics
+github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 google.golang.org/protobuf/encoding/protodelim
-github.com/prometheus/common/expfmt
 k8s.io/client-go/restmapper
+github.com/prometheus/common/expfmt
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
+sigs.k8s.io/controller-runtime/pkg/client
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-sigs.k8s.io/controller-runtime/pkg/client
 github.com/prometheus/procfs
 sigs.k8s.io/controller-runtime/pkg/cache/internal
 sigs.k8s.io/controller-runtime/pkg/cache
@@ -8012,13 +8011,13 @@ k8s.io/client-go/applyconfigurations/meta/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/kubernetes/typed/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
+k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
 github.com/prometheus/client_golang/prometheus/collectors
 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
-k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
 k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1
-k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
 k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1
 k8s.io/client-go/applyconfigurations/core/v1
+k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
 k8s.io/client-go/applyconfigurations/autoscaling/v1
 k8s.io/client-go/kubernetes/typed/authentication/v1
 k8s.io/client-go/kubernetes/typed/authentication/v1alpha1
@@ -8035,8 +8034,8 @@ k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2
 k8s.io/client-go/applyconfigurations/certificates/v1
 k8s.io/client-go/applyconfigurations/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta1
-k8s.io/client-go/kubernetes/typed/apps/v1
 k8s.io/client-go/kubernetes/typed/apps/v1beta1
+k8s.io/client-go/kubernetes/typed/apps/v1
 k8s.io/client-go/applyconfigurations/apps/v1beta2
 k8s.io/client-go/applyconfigurations/batch/v1
 k8s.io/client-go/kubernetes/typed/batch/v1
@@ -8047,8 +8046,8 @@ k8s.io/client-go/kubernetes/typed/batch/v1beta1
 k8s.io/client-go/applyconfigurations/certificates/v1alpha1
 k8s.io/client-go/applyconfigurations/certificates/v1beta1
 k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
-k8s.io/client-go/kubernetes/typed/certificates/v1beta1
 k8s.io/client-go/applyconfigurations/coordination/v1
+k8s.io/client-go/kubernetes/typed/certificates/v1beta1
 k8s.io/client-go/kubernetes/typed/coordination/v1
 k8s.io/client-go/applyconfigurations/coordination/v1beta1
 k8s.io/client-go/tools/reference
@@ -8078,8 +8077,8 @@ k8s.io/client-go/kubernetes/typed/networking/v1alpha1
 k8s.io/client-go/kubernetes/typed/networking/v1
 k8s.io/client-go/applyconfigurations/networking/v1beta1
 k8s.io/client-go/applyconfigurations/node/v1
-k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/kubernetes/typed/networking/v1beta1
+k8s.io/client-go/kubernetes/typed/node/v1
 k8s.io/client-go/applyconfigurations/node/v1alpha1
 k8s.io/client-go/applyconfigurations/node/v1beta1
 k8s.io/client-go/kubernetes/typed/node/v1alpha1
@@ -8097,15 +8096,15 @@ k8s.io/client-go/applyconfigurations/resource/v1alpha2
 k8s.io/client-go/kubernetes/typed/rbac/v1beta1
 k8s.io/client-go/kubernetes/typed/resource/v1alpha2
 k8s.io/client-go/applyconfigurations/scheduling/v1
-k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
 k8s.io/client-go/kubernetes/typed/scheduling/v1
-k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
+k8s.io/client-go/applyconfigurations/scheduling/v1alpha1
 k8s.io/client-go/applyconfigurations/scheduling/v1beta1
-k8s.io/client-go/applyconfigurations/storage/v1
+k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1
 k8s.io/client-go/kubernetes/typed/scheduling/v1beta1
+k8s.io/client-go/applyconfigurations/storage/v1
 k8s.io/client-go/applyconfigurations/storage/v1alpha1
-k8s.io/client-go/kubernetes/typed/storage/v1
 k8s.io/client-go/kubernetes/typed/storage/v1alpha1
+k8s.io/client-go/kubernetes/typed/storage/v1
 k8s.io/client-go/applyconfigurations/storage/v1beta1
 sigs.k8s.io/controller-runtime/pkg/predicate
 sigs.k8s.io/controller-runtime/pkg/internal/source
@@ -8128,15 +8127,15 @@ sigs.k8s.io/controller-runtime/pkg/internal/controller/metrics
 sigs.k8s.io/controller-runtime/pkg/cluster
 sigs.k8s.io/controller-runtime/pkg/internal/controller
 k8s.io/component-base/config
-sigs.k8s.io/controller-runtime/pkg/scheme
 k8s.io/component-base/config/v1alpha1
+sigs.k8s.io/controller-runtime/pkg/scheme
 sigs.k8s.io/controller-runtime/pkg/healthz
 sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
-sigs.k8s.io/controller-runtime/pkg/internal/httpserver
 sigs.k8s.io/controller-runtime/pkg/config
+sigs.k8s.io/controller-runtime/pkg/internal/httpserver
 sigs.k8s.io/controller-runtime/pkg/recorder
-github.com/prometheus/client_golang/prometheus/promhttp
 sigs.k8s.io/controller-runtime/pkg/leaderelection
+github.com/prometheus/client_golang/prometheus/promhttp
 github.com/fsnotify/fsnotify
 sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics
 sigs.k8s.io/controller-runtime/pkg/certwatcher
@@ -8148,8 +8147,8 @@ sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics
 sigs.k8s.io/controller-runtime/pkg/ratelimiter
 k8s.io/client-go/plugin/pkg/client/auth/azure
 k8s.io/client-go/plugin/pkg/client/auth/gcp
-k8s.io/client-go/plugin/pkg/client/auth/oidc
 sigs.k8s.io/controller-runtime/pkg/webhook/admission
+k8s.io/client-go/plugin/pkg/client/auth/oidc
 k8s.io/client-go/plugin/pkg/client/auth
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 sigs.k8s.io/controller-runtime/pkg/webhook
@@ -8165,11 +8164,11 @@ sigs.k8s.io/controller-runtime/pkg/webhook/conversion
 sigs.k8s.io/controller-runtime/pkg/builder
 k8s.io/client-go/tools/auth
 k8s.io/client-go/tools/clientcmd/api/v1
+k8s.io/client-go/tools/clientcmd/api/latest
 k8s.io/client-go/util/homedir
 sigs.k8s.io/controller-runtime/pkg/controller/controllerutil
-os/signal
-k8s.io/client-go/tools/clientcmd/api/latest
 k8s.io/client-go/tools/clientcmd
+os/signal
 sigs.k8s.io/controller-runtime/pkg/manager/signals
 go.uber.org/multierr
 go.uber.org/zap/internal/pool
@@ -8210,126 +8209,126 @@ building base image
 +mkdir -p build/openvswitch
 +cp docker/travis/Dockerfile-openvswitch-base build/openvswitch
 +'[' '!' -f /tmp/openvswitch-base.log ']'
-+sleep 10
 +docker build -t quay.io/noirolabs/openvswitch-base:6.0.4.4.81c2369 -f ./build/openvswitch/Dockerfile-openvswitch-base build/openvswitch
++sleep 10
 +'[' '!' -f /tmp/openvswitch-base.log ']'
 +tail -f /tmp/openvswitch-base.log
 +awk NR%100-1==0
 ++pgrep -x docker
-+[[ 39364 != '' ]]
++[[ 39468 != '' ]]
 +sleep 60
 ++pgrep -x docker
-+[[ 39364 != '' ]]
++[[ 39468 != '' ]]
 +sleep 60
 ++pgrep -x docker
-+[[ 39364 != '' ]]
++[[ 39468 != '' ]]
 +sleep 60
 ++pgrep -x docker
-+[[ 39364 != '' ]]
++[[ 39468 != '' ]]
 +sleep 60
-#7 4.403 Cleanup: dnf-data;4.14.0-8.el9;noarch;installed
-#7 15.39 Transaction Summary
-#7 22.50 
-#7 25.44   Cleanup          : libstdc++-11.4.1-2.1.el9.x86_64                     89/153 
-#7 27.53   Verifying        : dnf-data-4.14.0-9.el9.noarch                        19/153 
-#7 27.54   Verifying        : python3-systemd-234-18.el9.x86_64                  119/153 
-#7 27.74   rpm-4.16.1.3-34.el9.x86_64                                                    
-#6 0.730  libutempter                  x86_64  1.2.1-6.el9              mirror.stream.centos.org_9-stream_BaseOS_x86_64_os      27 k
-#6 0.915 (1/162): libcap-2.48-9.el9.x86_64.rpm           423 kB/s |  71 kB     00:00    
-#6 5.498 (101/162): binutils-gold-2.35.2-54.el9.x86_64.r  32 MB/s | 734 kB     00:00    
-#6 12.33   Installing       : ncurses-6.2-10.20210508.el9.x86_64                  29/164 
-#6 13.76   Installing       : perl-Error-1:0.17029-7.el9.noarch                  122/164 
-#6 18.10   Verifying        : perl-Digest-MD5-2.58-4.el9.x86_64                   37/164 
-#6 18.11   Verifying        : libpkgconf-1.7.3-10.el9.x86_64                     137/164 
-#6 18.28   openssh-8.7p1-44.el9.x86_64                                                   
+#7 4.306 Cleanup: dnf-data;4.14.0-8.el9;noarch;installed
+#7 15.56 Transaction Summary
+#7 21.92 
+#7 24.90   Cleanup          : libstdc++-11.4.1-2.1.el9.x86_64                     89/153 
+#7 27.00   Verifying        : dnf-data-4.14.0-9.el9.noarch                        19/153 
+#7 27.01   Verifying        : python3-systemd-234-18.el9.x86_64                  119/153 
+#7 27.20   rpm-4.16.1.3-34.el9.x86_64                                                    
+#6 0.735  libutempter                  x86_64  1.2.1-6.el9              mirror.stream.centos.org_9-stream_BaseOS_x86_64_os      27 k
+#6 1.167 (1/162): libcap-2.48-9.el9.x86_64.rpm           171 kB/s |  71 kB     00:00    
+#6 7.551 (101/162): tcpdump-4.99.0-9.el9.x86_64.rpm      1.5 MB/s | 544 kB     00:00    
+#6 15.19   Installing       : ncurses-6.2-10.20210508.el9.x86_64                  29/164 
+#6 16.59   Installing       : perl-Error-1:0.17029-7.el9.noarch                  122/164 
+#6 20.92   Verifying        : perl-Digest-MD5-2.58-4.el9.x86_64                   37/164 
+#6 20.93   Verifying        : libpkgconf-1.7.3-10.el9.x86_64                     137/164 
+#6 21.11   openssh-8.7p1-44.el9.x86_64                                                   
 #5 0.360 Connecting to nlnetlabs.nl (nlnetlabs.nl)|128.140.76.106|:443... connected.
-#5 1.632   4750K .......... .......... .......... .......... .......... 78%  247M 0s
-#5 1.694 unbound-1.17.1/doc/
-#5 1.723 unbound-1.17.1/winrc/unbound-service-remove.c
-#5 1.737 unbound-1.17.1/testdata/stat_values.tdir/stat_values.pre
-#5 1.746 unbound-1.17.1/testdata/blanks_https.tdir/127.0.0.1/blanks.example.com.zone
-#5 1.763 unbound-1.17.1/testdata/Kexample.com.+005+60946.key
-#5 1.802 unbound-1.17.1/testdata/edns_cache.tdir/edns_cache.post
-#5 1.809 unbound-1.17.1/testdata/04-checkconf.tdir/bad.include-toplevel.1
-#5 1.818 unbound-1.17.1/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.testns
-#5 1.829 unbound-1.17.1/testdata/val_nodatawc_one.rpl
-#5 1.845 unbound-1.17.1/testdata/test_ldnsrr.2
-#5 1.856 unbound-1.17.1/testdata/val_nodata_failsig.rpl
-#5 1.865 unbound-1.17.1/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test
-#5 1.878 unbound-1.17.1/testdata/ctrl_itr.tdir/ctrl_itr.dsc
-#5 1.888 unbound-1.17.1/testdata/rpz_qname_override.rpl
-#5 1.899 unbound-1.17.1/testdata/zonemd_reload.tdir/zonemd_reload.pre
-#5 1.913 unbound-1.17.1/testdata/ratelimit.tdir/ratelimit.pre
-#5 1.926 unbound-1.17.1/pythonmod/doc/_static/readme
-#5 1.949 unbound-1.17.1/daemon/acl_list.h
-#5 1.963 unbound-1.17.1/util/tcp_conn_limit.c
-#5 3.125 checking whether gcc supports -Wall... yes
-#5 6.028 checking for int8_t... yes
-#5 14.69 checking for SSL_get0_alpn_selected... yes
-#5 25.06 config.status: creating contrib/libunbound.pc
-#5 32.06 libtool: compile:  gcc -I. -DSRCDIR=. -g -O2 -flto -c util/locks.c -o locks.o >/dev/null 2>&1
-#5 40.79 ./libtool --tag=CC --mode=compile gcc -I.  -DSRCDIR=. -g -O2 -flto  -o listen_dnsport.lo -c services/listen_dnsport.c
-#5 94.29 libtool: compile:  gcc -I. -DSRCDIR=. -g -O2 -flto -c smallapp/worker_cb.c -o worker_cb.o >/dev/null 2>&1
-#5 119.6 ./libtool --mode=install cp -f unbound-checkconf /usr/local/sbin/unbound-checkconf
-#4 29.92 checking build system type... x86_64-pc-linux-gnu
-#4 32.47 checking for mlockall... yes
-#4 35.75 checking whether gcc accepts -mavx512vbmi... yes
-#4 43.72 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/colors.lo -MD -MP -MF lib/.deps/colors.Tpo -c lib/colors.c -o lib/colors.o
-#4 53.94 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -We++pgrep -x docker
-+[[ 39364 != '' ]]
+#5 1.643   4750K .......... .......... .......... .......... .......... 78%  191M 0s
+#5 1.702 unbound-1.17.1/doc/
+#5 1.730 unbound-1.17.1/winrc/unbound-service-remove.c
+#5 1.742 unbound-1.17.1/testdata/stat_values.tdir/stat_values.pre
+#5 1.753 unbound-1.17.1/testdata/blanks_https.tdir/127.0.0.1/blanks.example.com.zone
+#5 1.769 unbound-1.17.1/testdata/Kexample.com.+005+60946.key
+#5 1.808 unbound-1.17.1/testdata/edns_cache.tdir/edns_cache.post
+#5 1.816 unbound-1.17.1/testdata/04-checkconf.tdir/bad.include-toplevel.1
+#5 1.826 unbound-1.17.1/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.testns
+#5 1.837 unbound-1.17.1/testdata/val_nodatawc_one.rpl
+#5 1.855 unbound-1.17.1/testdata/test_ldnsrr.2
+#5 1.864 unbound-1.17.1/testdata/val_nodata_failsig.rpl
+#5 1.873 unbound-1.17.1/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test
+#5 1.886 unbound-1.17.1/testdata/ctrl_itr.tdir/ctrl_itr.dsc
+#5 1.896 unbound-1.17.1/testdata/rpz_qname_override.rpl
+#5 1.905 unbound-1.17.1/testdata/zonemd_reload.tdir/zonemd_reload.pre
+#5 1.919 unbound-1.17.1/testdata/ratelimit.tdir/ratelimit.pre
+#5 1.930 unbound-1.17.1/pythonmod/doc/_static/readme
+#5 1.955 unbound-1.17.1/daemon/acl_list.h
+#5 1.969 unbound-1.17.1/util/tcp_conn_limit.c
+#5 3.195 checking whether gcc supports -Wall... yes
+#5 6.224 checking for int8_t... yes
+#5 15.27 checking for SSL_get0_alpn_selected... yes
+#5 26.15 config.status: creating contrib/libunbound.pc
+#5 33.27 libtool: compile:  gcc -I. -DSRCDIR=. -g -O2 -flto -c util/locks.c -o locks.o >/dev/null 2>&1
+#5 42.10 ./libtool --tag=CC --mode=compile gcc -I.  -DSRCDIR=. -g -O2 -flto  -o listen_dnsport.lo -c services/listen_dnsport.c
+#5 96.46 libtool: compile:  gcc -I. -DSRCDIR=. -g -O2 -flto -c smallapp/worker_cb.c -o worker_cb.o >/dev/null 2>&1
+#5 122.1 ./libtool --mode=install cp -f unbound-checkconf /usr/local/sbin/unbound-checkconf
+#4 30.03 checking build system type... x86_64-pc-linux-gnu
+#4 32.57 checking for mlockall... yes
+#4 35.91 checking whether gcc accepts -mavx512vbmi... yes
+#4 43.97 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/colors.lo -MD -MP -MF lib/.deps/colors.Tpo -c lib/colors.c -o lib/colors.o
+#4 54.20 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -We++pgrep -x docker
++[[ 39468 != '' ]]
 +sleep 60
 xtra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/dpif-netdev-private-extract.lo -MD -MP -MF lib/.deps/dpif-netdev-private-extract.Tpo -c lib/dpif-netdev-private-extract.c -o lib/dpif-netdev-private-extract.o
-#4 61.75 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/mac-learning.lo -MD -MP -MF lib/.deps/mac-learning.Tpo -c lib/mac-learning.c -o lib/mac-learning.o
-#4 75.55 /bin/sh ./libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.    -I ./include -I ./include -I ./lib -I ./lib    -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict    -g -O2 -MT lib/ofp-errors.lo -MD -MP -MF $depbase.Tpo -c -o lib/ofp-errors.lo lib/ofp-errors.c &&\
+#4 61.93 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/mac-learning.lo -MD -MP -MF lib/.deps/mac-learning.Tpo -c lib/mac-learning.c -o lib/mac-learning.o
+#4 75.61 /bin/sh ./libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.    -I ./include -I ./include -I ./lib -I ./lib    -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict    -g -O2 -MT lib/ofp-errors.lo -MD -MP -MF $depbase.Tpo -c -o lib/ofp-errors.lo lib/ofp-errors.c &&\
 #4 84.73 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/ovs-replay.lo -MD -MP -MF lib/.deps/ovs-replay.Tpo -c lib/ovs-replay.c -o lib/ovs-replay.o
-#4 93.05 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/rstp-state-machines.lo -MD -MP -MF lib/.deps/rstp-state-machines.Tpo -c lib/rstp-state-machines.c -o lib/rstp-state-machines.o
-#4 98.96 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/tnl-ports.lo -MD -MP -MF lib/.deps/tnl-ports.Tpo -c lib/tnl-ports.c -o lib/tnl-ports.o
-#4 106.3 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-sec++pgrep -x docker
-+[[ 39364 != '' ]]
+#4 92.88 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/rstp-state-machines.lo -MD -MP -MF lib/.deps/rstp-state-machines.Tpo -c lib/rstp-state-machines.c -o lib/rstp-state-machines.o
+#4 98.77 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-security -Wswitch-enum -Wunused-parameter -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-field-initializers -fno-strict-aliasing -Wswitch-bool -Wlogical-not-parentheses -Wsizeof-array-argument -Wbool-compare -Wshift-negative-value -Wduplicated-cond -Wshadow -Wmultistatement-macros -Wcast-align=strict -g -O2 -MT lib/tnl-ports.lo -MD -MP -MF lib/.deps/tnl-ports.Tpo -c lib/tnl-ports.c -o lib/tnl-ports.o
+#4 106.0 libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I ./include -I ./include -I ./lib -I ./lib -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare -Wpointer-arith -Wformat -Wformat-sec++pgrep -x docker
++[[ 39468 != '' ]]
 +sleep 60
 ++pgrep -x docker
-+[[ 39364 != '' ]]
++[[ 39468 != '' ]]
 +sleep 60
 ++pgrep -x docker
 +[[ '' != '' ]]
 +tail -25 /tmp/openvswitch-base.log
-#4 200.4  /usr/bin/mkdir -p '/usr/local/include/openflow'
-#4 200.4  /usr/bin/install -c -m 644 include/openflow/intel-ext.h include/openflow/netronome-ext.h include/openflow/nicira-ext.h include/openflow/openflow-1.0.h include/openflow/openflow-1.1.h include/openflow/openflow-1.2.h include/openflow/openflow-1.3.h include/openflow/openflow-1.4.h include/openflow/openflow-1.5.h include/openflow/openflow-common.h include/openflow/openflow.h '/usr/local/include/openflow'
-#4 200.5  /usr/bin/mkdir -p '/usr/local/include/openvswitch'
-#4 200.5  /usr/bin/install -c -m 644 include/openvswitch/compiler.h include/openvswitch/dynamic-string.h include/openvswitch/hmap.h include/openvswitch/flow.h include/openvswitch/geneve.h include/openvswitch/json.h include/openvswitch/list.h include/openvswitch/netdev.h include/openvswitch/match.h include/openvswitch/meta-flow.h include/openvswitch/namemap.h include/openvswitch/ofpbuf.h include/openvswitch/ofp-actions.h include/openvswitch/ofp-bundle.h include/openvswitch/ofp-connection.h include/openvswitch/ofp-ct.h include/openvswitch/ofp-ed-props.h include/openvswitch/ofp-errors.h include/openvswitch/ofp-flow.h include/openvswitch/ofp-group.h include/openvswitch/ofp-ipfix.h include/openvswitch/ofp-match.h include/openvswitch/ofp-meter.h include/openvswitch/ofp-monitor.h include/openvswitch/ofp-msgs.h include/openvswitch/ofp-packet.h include/openvswitch/ofp-parse.h include/openvswitch/ofp-port.h include/openvswitch/ofp-print.h include/openvswitch/ofp-prop.h include/openvswitch/ofp-protocol.h include/openvswitch/ofp-queue.h include/openvswitch/ofp-switch.h include/openvswitch/ofp-table.h include/openvswitch/ofp-util.h include/openvswitch/packets.h include/openvswitch/poll-loop.h include/openvswitch/rconn.h include/openvswitch/shash.h include/openvswitch/thread.h '/usr/local/include/openvswitch'
-#4 200.5  /usr/bin/install -c -m 644 include/openvswitch/token-bucket.h include/openvswitch/tun-metadata.h include/openvswitch/type-props.h include/openvswitch/types.h include/openvswitch/usdt-probes.h include/openvswitch/util.h include/openvswitch/uuid.h include/openvswitch/version.h include/openvswitch/vconn.h include/openvswitch/vlog.h include/openvswitch/nsh.h '/usr/local/include/openvswitch'
-#4 200.5  /usr/bin/mkdir -p '/usr/local/lib/pkgconfig'
-#4 200.5  /usr/bin/install -c -m 644 lib/libopenvswitch.pc lib/libsflow.pc ofproto/libofproto.pc ovsdb/libovsdb.pc '/usr/local/lib/pkgconfig'
-#4 200.5  /usr/bin/mkdir -p '/usr/local/share/openvswitch'
-#4 200.5  /usr/bin/install -c -m 644 vswitchd/vswitch.ovsschema ovsdb/local-config.ovsschema vtep/vtep.ovsschema '/usr/local/share/openvswitch'
-#4 200.5  /usr/bin/mkdir -p '/usr/local/share/openvswitch/scripts'
-#4 200.5  /usr/bin/install -c -m 644 utilities/ovs-lib '/usr/local/share/openvswitch/scripts'
-#4 200.5  /usr/bin/mkdir -p '/usr/local/share/openvswitch/scripts'
-#4 200.5  /usr/bin/install -c utilities/ovs-check-dead-ifs utilities/ovs-ctl utilities/ovs-kmod-ctl utilities/ovs-save utilities/bugtool/ovs-bugtool-fdb-show utilities/bugtool/ovs-bugtool-tc-class-show utilities/bugtool/ovs-bugtool-daemons-ver utilities/bugtool/ovs-bugtool-ovs-ofctl-loop-over-bridges utilities/bugtool/ovs-bugtool-ovs-appctl-dpif utilities/bugtool/ovs-bugtool-ovs-bridge-datapath-type utilities/bugtool/ovs-bugtool-ovs-vswitchd-threads-affinity utilities/bugtool/ovs-bugtool-qos-configs utilities/bugtool/ovs-bugtool-get-dpdk-nic-numa utilities/bugtool/ovs-bugtool-get-port-stats ipsec/ovs-monitor-ipsec vtep/ovs-vtep '/usr/local/share/openvswitch/scripts'
-#4 200.5  /usr/bin/mkdir -p '/usr/local/share/openvswitch/scripts/usdt'
-#4 200.5  /usr/bin/install -c utilities/usdt-scripts/bridge_loop.bt utilities/usdt-scripts/dpif_nl_exec_monitor.py utilities/usdt-scripts/upcall_cost.py utilities/usdt-scripts/upcall_monitor.py '/usr/local/share/openvswitch/scripts/usdt'
-#4 200.5 make[2]: Leaving directory '/ovs'
-#4 200.5 make[1]: Leaving directory '/ovs'
-#4 DONE 201.1s
+#4 200.2  /usr/bin/install -c -m 644 include/openflow/intel-ext.h include/openflow/netronome-ext.h include/openflow/nicira-ext.h include/openflow/openflow-1.0.h include/openflow/openflow-1.1.h include/openflow/openflow-1.2.h include/openflow/openflow-1.3.h include/openflow/openflow-1.4.h include/openflow/openflow-1.5.h include/openflow/openflow-common.h include/openflow/openflow.h '/usr/local/include/openflow'
+#4 200.2  /usr/bin/mkdir -p '/usr/local/include/openvswitch'
+#4 200.2  /usr/bin/install -c -m 644 include/openvswitch/compiler.h include/openvswitch/dynamic-string.h include/openvswitch/hmap.h include/openvswitch/flow.h include/openvswitch/geneve.h include/openvswitch/json.h include/openvswitch/list.h include/openvswitch/netdev.h include/openvswitch/match.h include/openvswitch/meta-flow.h include/openvswitch/namemap.h include/openvswitch/ofpbuf.h include/openvswitch/ofp-actions.h include/openvswitch/ofp-bundle.h include/openvswitch/ofp-connection.h include/openvswitch/ofp-ct.h include/openvswitch/ofp-ed-props.h include/openvswitch/ofp-errors.h include/openvswitch/ofp-flow.h include/openvswitch/ofp-group.h include/openvswitch/ofp-ipfix.h include/openvswitch/ofp-match.h include/openvswitch/ofp-meter.h include/openvswitch/ofp-monitor.h include/openvswitch/ofp-msgs.h include/openvswitch/ofp-packet.h include/openvswitch/ofp-parse.h include/openvswitch/ofp-port.h include/openvswitch/ofp-print.h include/openvswitch/ofp-prop.h include/openvswitch/ofp-protocol.h include/openvswitch/ofp-queue.h include/openvswitch/ofp-switch.h include/openvswitch/ofp-table.h include/openvswitch/ofp-util.h include/openvswitch/packets.h include/openvswitch/poll-loop.h include/openvswitch/rconn.h include/openvswitch/shash.h include/openvswitch/thread.h '/usr/local/include/openvswitch'
+#4 200.3  /usr/bin/install -c -m 644 include/openvswitch/token-bucket.h include/openvswitch/tun-metadata.h include/openvswitch/type-props.h include/openvswitch/types.h include/openvswitch/usdt-probes.h include/openvswitch/util.h include/openvswitch/uuid.h include/openvswitch/version.h include/openvswitch/vconn.h include/openvswitch/vlog.h include/openvswitch/nsh.h '/usr/local/include/openvswitch'
+#4 200.3  /usr/bin/mkdir -p '/usr/local/lib/pkgconfig'
+#4 200.3  /usr/bin/install -c -m 644 lib/libopenvswitch.pc lib/libsflow.pc ofproto/libofproto.pc ovsdb/libovsdb.pc '/usr/local/lib/pkgconfig'
+#4 200.3  /usr/bin/mkdir -p '/usr/local/share/openvswitch'
+#4 200.3  /usr/bin/install -c -m 644 vswitchd/vswitch.ovsschema ovsdb/local-config.ovsschema vtep/vtep.ovsschema '/usr/local/share/openvswitch'
+#4 200.3  /usr/bin/mkdir -p '/usr/local/share/openvswitch/scripts'
+#4 200.3  /usr/bin/install -c -m 644 utilities/ovs-lib '/usr/local/share/openvswitch/scripts'
+#4 200.3  /usr/bin/mkdir -p '/usr/local/share/openvswitch/scripts'
+#4 200.3  /usr/bin/install -c utilities/ovs-check-dead-ifs utilities/ovs-ctl utilities/ovs-kmod-ctl utilities/ovs-save utilities/bugtool/ovs-bugtool-fdb-show utilities/bugtool/ovs-bugtool-tc-class-show utilities/bugtool/ovs-bugtool-daemons-ver utilities/bugtool/ovs-bugtool-ovs-ofctl-loop-over-bridges utilities/bugtool/ovs-bugtool-ovs-appctl-dpif utilities/bugtool/ovs-bugtool-ovs-bridge-datapath-type utilities/bugtool/ovs-bugtool-ovs-vswitchd-threads-affinity utilities/bugtool/ovs-bugtool-qos-configs utilities/bugtool/ovs-bugtool-get-dpdk-nic-numa utilities/bugtool/ovs-bugtool-get-port-stats ipsec/ovs-monitor-ipsec vtep/ovs-vtep '/usr/local/share/openvswitch/scripts'
+#4 200.3  /usr/bin/mkdir -p '/usr/local/share/openvswitch/scripts/usdt'
+#4 200.3  /usr/bin/install -c utilities/usdt-scripts/bridge_loop.bt utilities/usdt-scripts/dpif_nl_exec_monitor.py utilities/usdt-scripts/upcall_cost.py utilities/usdt-scripts/upcall_monitor.py '/usr/local/share/openvswitch/scripts/usdt'
+#4 200.3 make[2]: Leaving directory '/ovs'
+#4 200.3 make[1]: Leaving directory '/ovs'
+#4 DONE 200.9s
 
 #9 exporting to image
 #9 exporting layers
-#9 exporting layers 5.0s done
-#9 writing image sha256:60cf24bb050820d3cdfa0f54b328c89bcb8f42c6e1f4456af6d492a816b88206 done
+#9 exporting layers 4.9s done
+#9 writing image sha256:076b30c0055fa4bd6e41378228c66862d67eff7fefac0645351caf55df3b1a55
+#9 writing image sha256:076b30c0055fa4bd6e41378228c66862d67eff7fefac0645351caf55df3b1a55 done
 #9 naming to quay.io/noirolabs/openvswitch-base:6.0.4.4.81c2369 done
-#9 DONE 5.0s
+#9 DONE 4.9s
 +echo 'copying intermediate binaries and libs'
 copying intermediate binaries and libs
 +rm -Rf build/openvswitch/dist
 +mkdir -p build/openvswitch/dist/usr/local
 ++docker create quay.io/noirolabs/openvswitch-base:6.0.4.4.81c2369
-+id=2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124
-+docker cp -L 2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124:/usr/local/lib build/openvswitch/dist/usr/local
-+docker cp -L 2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124:/usr/local/bin build/openvswitch/dist/usr/local
-+docker cp -L 2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124:/usr/local/sbin build/openvswitch/dist/usr/local
-+docker cp -L 2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124:/usr/local/share build/openvswitch/dist/usr/local
-+docker rm -v 2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124
-2002f728db6c59bf4d0afc55a4181f84986a509f4f2c65118bd6a0f87b6f7124
++id=dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233
++docker cp -L dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233:/usr/local/lib build/openvswitch/dist/usr/local
++docker cp -L dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233:/usr/local/bin build/openvswitch/dist/usr/local
++docker cp -L dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233:/usr/local/sbin build/openvswitch/dist/usr/local
++docker cp -L dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233:/usr/local/share build/openvswitch/dist/usr/local
++docker rm -v dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233
+dff1e496f8d1ff80cadcdcf4961628eb49afda15df6871bd98505b541d652233
 +cp docker/travis/launch-ovs.sh build/openvswitch/dist/usr/local/bin
 +cp docker/travis/liveness-ovs.sh build/openvswitch/dist/usr/local/bin
 +mkdir build/openvswitch/dist/licenses
@@ -8344,7 +8343,7 @@ building final image
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi-minimal...
-#2 DONE 0.4s
+#2 DONE 1.4s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 2B done
@@ -8354,1121 +8353,1121 @@ building final image
 #14 CACHED
 
 #9 [internal] load build context
-#9 transferring context: 148.36MB 2.9s done
-#9 DONE 2.9s
+#9 transferring context: 148.36MB 3.2s done
+#9 DONE 3.2s
 
 #13 [ 2/10] RUN microdnf install -y yum yum-utils
-#13 0.310 
-#13 0.310 (microdnf:1): librhsm-WARNING **: 09:38:49.666: Found 0 entitlement certificates
-#13 0.327 
-#13 0.327 (microdnf:1): librhsm-WARNING **: 09:38:49.683: Found 0 entitlement certificates
-#13 0.442 Downloading metadata...
-#13 1.273 Downloading metadata...
-#13 2.712 Downloading metadata...
-#13 3.217 Package                                             Repository               Size
-#13 3.217 Installing:                                                                      
-#13 3.217  dbus-libs-1:1.12.20-8.el9.x86_64                   ubi-9-baseos-rpms    157.2 kB
-#13 3.217  dnf-4.14.0-9.el9.noarch                            ubi-9-baseos-rpms    497.5 kB
-#13 3.217  dnf-plugins-core-4.3.0-13.el9.noarch               ubi-9-baseos-rpms     42.5 kB
-#13 3.217  elfutils-default-yama-scope-0.190-2.el9.noarch     ubi-9-baseos-rpms     12.5 kB
-#13 3.217  elfutils-libelf-0.190-2.el9.x86_64                 ubi-9-baseos-rpms    200.2 kB
-#13 3.217  elfutils-libs-0.190-2.el9.x86_64                   ubi-9-baseos-rpms    264.2 kB
-#13 3.217  expat-2.5.0-2.el9_4.1.x86_64                       ubi-9-baseos-rpms    121.9 kB
-#13 3.217  ima-evm-utils-1.4-4.el9.x86_64                     ubi-9-baseos-rpms     68.9 kB
-#13 3.217  libcomps-0.1.18-1.el9.x86_64                       ubi-9-baseos-rpms     81.9 kB
-#13 3.217  libgomp-11.4.1-3.el9.x86_64                        ubi-9-baseos-rpms    277.0 kB
-#13 3.217  libsemanage-3.6-1.el9.x86_64                       ubi-9-baseos-rpms    123.5 kB
-#13 3.217  libxcrypt-compat-4.4.18-3.el9.x86_64               ubi-9-appstream-rpms  93.2 kB
-#13 3.217  python-unversioned-command-3.9.18-3.el9_4.6.noarch ubi-9-appstream-rpms  10.2 kB
-#13 3.217  python3-3.9.18-3.el9_4.6.x86_64                    ubi-9-baseos-rpms     30.2 kB
-#13 3.217  python3-dateutil-1:2.8.1-7.el9.noarch              ubi-9-baseos-rpms    312.3 kB
-#13 3.217  python3-dbus-1.2.18-2.el9.x86_64                   ubi-9-baseos-rpms    151.9 kB
-#13 3.217  python3-dnf-4.14.0-9.el9.noarch                    ubi-9-baseos-rpms    477.7 kB
-#13 3.217  python3-dnf-plugins-core-4.3.0-13.el9.noarch       ubi-9-baseos-rpms    274.4 kB
-#13 3.217  python3-gpg-1.15.1-6.el9.x86_64                    ubi-9-baseos-rpms    291.6 kB
-#13 3.217  python3-hawkey-0.69.0-8.el9_4.1.x86_64             ubi-9-baseos-rpms    108.3 kB
-#13 3.217  python3-libcomps-0.1.18-1.el9.x86_64               ubi-9-baseos-rpms     53.3 kB
-#13 3.217  python3-libdnf-0.69.0-8.el9_4.1.x86_64             ubi-9-baseos-rpms    802.0 kB
-#13 3.217  python3-libs-3.9.18-3.el9_4.6.x86_64               ubi-9-baseos-rpms      8.2 MB
-#13 3.217  python3-pip-wheel-21.2.3-8.el9.noarch              ubi-9-baseos-rpms      1.2 MB
-#13 3.217  python3-rpm-4.16.1.3-29.el9.x86_64                 ubi-9-baseos-rpms     70.2 kB
-#13 3.217  python3-setuptools-wheel-53.0.0-12.el9_4.1.noarch  ubi-9-baseos-rpms    480.1 kB
-#13 3.217  python3-six-1.15.0-9.el9.noarch                    ubi-9-baseos-rpms     41.4 kB
-#13 3.217  python3-systemd-234-18.el9.x86_64                  ubi-9-baseos-rpms     96.3 kB
-#13 3.217  rpm-build-libs-4.16.1.3-29.el9.x86_64              ubi-9-baseos-rpms     92.5 kB
-#13 3.217  rpm-sign-libs-4.16.1.3-29.el9.x86_64               ubi-9-baseos-rpms     22.6 kB
-#13 3.217  shadow-utils-2:4.9-8.el9.x86_64                    ubi-9-baseos-rpms      1.3 MB
-#13 3.217  tpm2-tss-3.2.2-2.el9.x86_64                        ubi-9-baseos-rpms    618.9 kB
-#13 3.217  yum-4.14.0-9.el9.noarch                            ubi-9-baseos-rpms     94.7 kB
-#13 3.217  yum-utils-4.3.0-13.el9.noarch                      ubi-9-baseos-rpms     45.5 kB
-#13 3.217 Upgrading:                                                                       
-#13 3.217  dnf-data-4.14.0-9.el9.noarch                       ubi-9-baseos-rpms     44.7 kB
-#13 3.217   replacing dnf-data-4.14.0-8.el9.noarch                                         
-#13 3.217  libdnf-0.69.0-8.el9_4.1.x86_64                     ubi-9-baseos-rpms    680.1 kB
-#13 3.217   replacing libdnf-0.69.0-6.el9_3.x86_64                                         
-#13 3.217  libselinux-3.6-1.el9.x86_64                        ubi-9-baseos-rpms     89.9 kB
-#13 3.217   replacing libselinux-3.5-1.el9.x86_64                                          
-#13 3.217  libsepol-3.6-1.el9.x86_64                          ubi-9-baseos-rpms    339.3 kB
-#13 3.217   replacing libsepol-3.5-1.el9.x86_64                                            
-#13 3.217  rpm-4.16.1.3-29.el9.x86_64                         ubi-9-baseos-rpms    553.8 kB
-#13 3.217   replacing rpm-4.16.1.3-27.el9_3.x86_64                                         
-#13 3.217  rpm-libs-4.16.1.3-29.el9.x86_64                    ubi-9-baseos-rpms    317.5 kB
-#13 3.217    replacing rpm-libs-4.16.1.3-27.el9_3.x86_64                                   
-#13 3.217 Transaction Summary:
-#13 3.217  Installing:       34 packages
-#13 3.217  Reinstalling:      0 packages
-#13 3.217  Upgrading:         6 packages
-#13 3.217  Obsoleting:        0 packages
-#13 3.217  Removing:          0 packages
-#13 3.217  Downgrading:       0 packages
-#13 3.219 Downloading packages...
-#13 4.527 Running transaction test...
-#13 4.886 Updating: libsepol;3.6-1.el9;x86_64;ubi-9-baseos-rpms
-#13 4.900 Updating: libselinux;3.6-1.el9;x86_64;ubi-9-baseos-rpms
-#13 4.908 Installing: expat;2.5.0-2.el9_4.1;x86_64;ubi-9-baseos-rpms
-#13 4.916 Installing: elfutils-libelf;0.190-2.el9;x86_64;ubi-9-baseos-rpms
-#13 4.926 Installing: libcomps;0.1.18-1.el9;x86_64;ubi-9-baseos-rpms
-#13 4.933 Installing: libsemanage;3.6-1.el9;x86_64;ubi-9-baseos-rpms
-#13 4.942 Installing: shadow-utils;2:4.9-8.el9;x86_64;ubi-9-baseos-rpms
-#13 5.028 Installing: tpm2-tss;3.2.2-2.el9;x86_64;ubi-9-baseos-rpms
-#13 5.054 Installing: ima-evm-utils;1.4-4.el9;x86_64;ubi-9-baseos-rpms
-#13 5.061 Updating: rpm-libs;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
-#13 5.073 Updating: rpm;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
-#13 5.105 Updating: libdnf;0.69.0-8.el9_4.1;x86_64;ubi-9-baseos-rpms
-#13 5.123 Installing: rpm-sign-libs;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
-#13 5.129 Updating: dnf-data;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
-#13 5.142 Installing: libxcrypt-compat;4.4.18-3.el9;x86_64;ubi-9-appstream-rpms
-#13 5.149 Installing: python3-pip-wheel;21.2.3-8.el9;noarch;ubi-9-baseos-rpms
-#13 5.160 Installing: python3-setuptools-wheel;53.0.0-12.el9_4.1;noarch;ubi-9-baseos-rpms
-#13 5.167 Installing: python-unversioned-command;3.9.18-3.el9_4.6;noarch;ubi-9-appstream-rpms
-#13 5.172 Installing: python3;3.9.18-3.el9_4.6;x86_64;ubi-9-baseos-rpms
-#13 5.184 Installing: python3-libs;3.9.18-3.el9_4.6;x86_64;ubi-9-baseos-rpms
-#13 5.551 Installing: python3-libdnf;0.69.0-8.el9_4.1;x86_64;ubi-9-baseos-rpms
-#13 5.581 Installing: python3-hawkey;0.69.0-8.el9_4.1;x86_64;ubi-9-baseos-rpms
-#13 5.591 Installing: python3-libcomps;0.1.18-1.el9;x86_64;ubi-9-baseos-rpms
-#13 5.599 Installing: python3-gpg;1.15.1-6.el9;x86_64;ubi-9-baseos-rpms
-#13 5.619 Installing: python3-six;1.15.0-9.el9;noarch;ubi-9-baseos-rpms
-#13 5.626 Installing: python3-dateutil;1:2.8.1-7.el9;noarch;ubi-9-baseos-rpms
-#13 5.641 Installing: python3-systemd;234-18.el9;x86_64;ubi-9-baseos-rpms
-#13 5.654 Installing: libgomp;11.4.1-3.el9;x86_64;ubi-9-baseos-rpms
-#13 5.670 Installing: elfutils-default-yama-scope;0.190-2.el9;noarch;ubi-9-baseos-rpms
-#13 5.680 Installing: elfutils-libs;0.190-2.el9;x86_64;ubi-9-baseos-rpms
-#13 5.691 Installing: rpm-build-libs;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
-#13 5.698 Installing: python3-rpm;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
-#13 5.705 Installing: python3-dnf;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
-#13 5.739 Installing: dbus-libs;1:1.12.20-8.el9;x86_64;ubi-9-baseos-rpms
-#13 5.747 Installing: python3-dbus;1.2.18-2.el9;x86_64;ubi-9-baseos-rpms
-#13 5.761 Installing: dnf;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
-#13 5.780 Installing: python3-dnf-plugins-core;4.3.0-13.el9;noarch;ubi-9-baseos-rpms
-#13 5.796 Installing: dnf-plugins-core;4.3.0-13.el9;noarch;ubi-9-baseos-rpms
-#13 5.803 Installing: yum-utils;4.3.0-13.el9;noarch;ubi-9-baseos-rpms
-#13 5.811 Installing: yum;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
-#13 5.818 Cleanup: dnf-data;4.14.0-8.el9;noarch;installed
-#13 5.824 Cleanup: rpm;4.16.1.3-27.el9_3;x86_64;installed
-#13 5.833 Cleanup: libdnf;0.69.0-6.el9_3;x86_64;installed
-#13 5.839 Cleanup: libselinux;3.5-1.el9;x86_64;installed
-#13 5.845 Cleanup: libsepol;3.5-1.el9;x86_64;installed
-#13 5.851 Cleanup: rpm-libs;4.16.1.3-27.el9_3;x86_64;installed
-#13 6.504 Complete.
-#13 DONE 6.6s
+#13 0.283 
+#13 0.283 (microdnf:1): librhsm-WARNING **: 09:49:02.173: Found 0 entitlement certificates
+#13 0.299 
+#13 0.299 (microdnf:1): librhsm-WARNING **: 09:49:02.189: Found 0 entitlement certificates
+#13 0.411 Downloading metadata...
+#13 1.176 Downloading metadata...
+#13 2.416 Downloading metadata...
+#13 3.132 Package                                             Repository               Size
+#13 3.132 Installing:                                                                      
+#13 3.132  dbus-libs-1:1.12.20-8.el9.x86_64                   ubi-9-baseos-rpms    157.2 kB
+#13 3.132  dnf-4.14.0-9.el9.noarch                            ubi-9-baseos-rpms    497.5 kB
+#13 3.132  dnf-plugins-core-4.3.0-13.el9.noarch               ubi-9-baseos-rpms     42.5 kB
+#13 3.132  elfutils-default-yama-scope-0.190-2.el9.noarch     ubi-9-baseos-rpms     12.5 kB
+#13 3.132  elfutils-libelf-0.190-2.el9.x86_64                 ubi-9-baseos-rpms    200.2 kB
+#13 3.132  elfutils-libs-0.190-2.el9.x86_64                   ubi-9-baseos-rpms    264.2 kB
+#13 3.132  expat-2.5.0-2.el9_4.1.x86_64                       ubi-9-baseos-rpms    121.9 kB
+#13 3.132  ima-evm-utils-1.4-4.el9.x86_64                     ubi-9-baseos-rpms     68.9 kB
+#13 3.132  libcomps-0.1.18-1.el9.x86_64                       ubi-9-baseos-rpms     81.9 kB
+#13 3.132  libgomp-11.4.1-3.el9.x86_64                        ubi-9-baseos-rpms    277.0 kB
+#13 3.132  libsemanage-3.6-1.el9.x86_64                       ubi-9-baseos-rpms    123.5 kB
+#13 3.132  libxcrypt-compat-4.4.18-3.el9.x86_64               ubi-9-appstream-rpms  93.2 kB
+#13 3.132  python-unversioned-command-3.9.18-3.el9_4.6.noarch ubi-9-appstream-rpms  10.2 kB
+#13 3.132  python3-3.9.18-3.el9_4.6.x86_64                    ubi-9-baseos-rpms     30.2 kB
+#13 3.132  python3-dateutil-1:2.8.1-7.el9.noarch              ubi-9-baseos-rpms    312.3 kB
+#13 3.132  python3-dbus-1.2.18-2.el9.x86_64                   ubi-9-baseos-rpms    151.9 kB
+#13 3.132  python3-dnf-4.14.0-9.el9.noarch                    ubi-9-baseos-rpms    477.7 kB
+#13 3.132  python3-dnf-plugins-core-4.3.0-13.el9.noarch       ubi-9-baseos-rpms    274.4 kB
+#13 3.132  python3-gpg-1.15.1-6.el9.x86_64                    ubi-9-baseos-rpms    291.6 kB
+#13 3.132  python3-hawkey-0.69.0-8.el9_4.1.x86_64             ubi-9-baseos-rpms    108.3 kB
+#13 3.132  python3-libcomps-0.1.18-1.el9.x86_64               ubi-9-baseos-rpms     53.3 kB
+#13 3.132  python3-libdnf-0.69.0-8.el9_4.1.x86_64             ubi-9-baseos-rpms    802.0 kB
+#13 3.132  python3-libs-3.9.18-3.el9_4.6.x86_64               ubi-9-baseos-rpms      8.2 MB
+#13 3.132  python3-pip-wheel-21.2.3-8.el9.noarch              ubi-9-baseos-rpms      1.2 MB
+#13 3.132  python3-rpm-4.16.1.3-29.el9.x86_64                 ubi-9-baseos-rpms     70.2 kB
+#13 3.132  python3-setuptools-wheel-53.0.0-12.el9_4.1.noarch  ubi-9-baseos-rpms    480.1 kB
+#13 3.132  python3-six-1.15.0-9.el9.noarch                    ubi-9-baseos-rpms     41.4 kB
+#13 3.132  python3-systemd-234-18.el9.x86_64                  ubi-9-baseos-rpms     96.3 kB
+#13 3.132  rpm-build-libs-4.16.1.3-29.el9.x86_64              ubi-9-baseos-rpms     92.5 kB
+#13 3.132  rpm-sign-libs-4.16.1.3-29.el9.x86_64               ubi-9-baseos-rpms     22.6 kB
+#13 3.132  shadow-utils-2:4.9-8.el9.x86_64                    ubi-9-baseos-rpms      1.3 MB
+#13 3.132  tpm2-tss-3.2.2-2.el9.x86_64                        ubi-9-baseos-rpms    618.9 kB
+#13 3.132  yum-4.14.0-9.el9.noarch                            ubi-9-baseos-rpms     94.7 kB
+#13 3.132  yum-utils-4.3.0-13.el9.noarch                      ubi-9-baseos-rpms     45.5 kB
+#13 3.132 Upgrading:                                                                       
+#13 3.132  dnf-data-4.14.0-9.el9.noarch                       ubi-9-baseos-rpms     44.7 kB
+#13 3.132   replacing dnf-data-4.14.0-8.el9.noarch                                         
+#13 3.132  libdnf-0.69.0-8.el9_4.1.x86_64                     ubi-9-baseos-rpms    680.1 kB
+#13 3.132   replacing libdnf-0.69.0-6.el9_3.x86_64                                         
+#13 3.132  libselinux-3.6-1.el9.x86_64                        ubi-9-baseos-rpms     89.9 kB
+#13 3.132   replacing libselinux-3.5-1.el9.x86_64                                          
+#13 3.132  libsepol-3.6-1.el9.x86_64                          ubi-9-baseos-rpms    339.3 kB
+#13 3.132   replacing libsepol-3.5-1.el9.x86_64                                            
+#13 3.132  rpm-4.16.1.3-29.el9.x86_64                         ubi-9-baseos-rpms    553.8 kB
+#13 3.132   replacing rpm-4.16.1.3-27.el9_3.x86_64                                         
+#13 3.132  rpm-libs-4.16.1.3-29.el9.x86_64                    ubi-9-baseos-rpms    317.5 kB
+#13 3.132    replacing rpm-libs-4.16.1.3-27.el9_3.x86_64                                   
+#13 3.132 Transaction Summary:
+#13 3.132  Installing:       34 packages
+#13 3.132  Reinstalling:      0 packages
+#13 3.132  Upgrading:         6 packages
+#13 3.132  Obsoleting:        0 packages
+#13 3.132  Removing:          0 packages
+#13 3.132  Downgrading:       0 packages
+#13 3.134 Downloading packages...
+#13 4.268 Running transaction test...
+#13 4.612 Updating: libsepol;3.6-1.el9;x86_64;ubi-9-baseos-rpms
+#13 4.626 Updating: libselinux;3.6-1.el9;x86_64;ubi-9-baseos-rpms
+#13 4.633 Installing: expat;2.5.0-2.el9_4.1;x86_64;ubi-9-baseos-rpms
+#13 4.642 Installing: elfutils-libelf;0.190-2.el9;x86_64;ubi-9-baseos-rpms
+#13 4.650 Installing: libcomps;0.1.18-1.el9;x86_64;ubi-9-baseos-rpms
+#13 4.656 Installing: libsemanage;3.6-1.el9;x86_64;ubi-9-baseos-rpms
+#13 4.665 Installing: shadow-utils;2:4.9-8.el9;x86_64;ubi-9-baseos-rpms
+#13 4.744 Installing: tpm2-tss;3.2.2-2.el9;x86_64;ubi-9-baseos-rpms
+#13 4.771 Installing: ima-evm-utils;1.4-4.el9;x86_64;ubi-9-baseos-rpms
+#13 4.778 Updating: rpm-libs;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
+#13 4.789 Updating: rpm;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
+#13 4.820 Updating: libdnf;0.69.0-8.el9_4.1;x86_64;ubi-9-baseos-rpms
+#13 4.838 Installing: rpm-sign-libs;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
+#13 4.843 Updating: dnf-data;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
+#13 4.854 Installing: libxcrypt-compat;4.4.18-3.el9;x86_64;ubi-9-appstream-rpms
+#13 4.863 Installing: python3-pip-wheel;21.2.3-8.el9;noarch;ubi-9-baseos-rpms
+#13 4.872 Installing: python3-setuptools-wheel;53.0.0-12.el9_4.1;noarch;ubi-9-baseos-rpms
+#13 4.879 Installing: python-unversioned-command;3.9.18-3.el9_4.6;noarch;ubi-9-appstream-rpms
+#13 4.883 Installing: python3;3.9.18-3.el9_4.6;x86_64;ubi-9-baseos-rpms
+#13 4.895 Installing: python3-libs;3.9.18-3.el9_4.6;x86_64;ubi-9-baseos-rpms
+#13 5.277 Installing: python3-libdnf;0.69.0-8.el9_4.1;x86_64;ubi-9-baseos-rpms
+#13 5.312 Installing: python3-hawkey;0.69.0-8.el9_4.1;x86_64;ubi-9-baseos-rpms
+#13 5.321 Installing: python3-libcomps;0.1.18-1.el9;x86_64;ubi-9-baseos-rpms
+#13 5.328 Installing: python3-gpg;1.15.1-6.el9;x86_64;ubi-9-baseos-rpms
+#13 5.348 Installing: python3-six;1.15.0-9.el9;noarch;ubi-9-baseos-rpms
+#13 5.356 Installing: python3-dateutil;1:2.8.1-7.el9;noarch;ubi-9-baseos-rpms
+#13 5.370 Installing: python3-systemd;234-18.el9;x86_64;ubi-9-baseos-rpms
+#13 5.381 Installing: libgomp;11.4.1-3.el9;x86_64;ubi-9-baseos-rpms
+#13 5.392 Installing: elfutils-default-yama-scope;0.190-2.el9;noarch;ubi-9-baseos-rpms
+#13 5.401 Installing: elfutils-libs;0.190-2.el9;x86_64;ubi-9-baseos-rpms
+#13 5.412 Installing: rpm-build-libs;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
+#13 5.418 Installing: python3-rpm;4.16.1.3-29.el9;x86_64;ubi-9-baseos-rpms
+#13 5.427 Installing: python3-dnf;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
+#13 5.462 Installing: dbus-libs;1:1.12.20-8.el9;x86_64;ubi-9-baseos-rpms
+#13 5.470 Installing: python3-dbus;1.2.18-2.el9;x86_64;ubi-9-baseos-rpms
+#13 5.483 Installing: dnf;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
+#13 5.504 Installing: python3-dnf-plugins-core;4.3.0-13.el9;noarch;ubi-9-baseos-rpms
+#13 5.519 Installing: dnf-plugins-core;4.3.0-13.el9;noarch;ubi-9-baseos-rpms
+#13 5.526 Installing: yum-utils;4.3.0-13.el9;noarch;ubi-9-baseos-rpms
+#13 5.534 Installing: yum;4.14.0-9.el9;noarch;ubi-9-baseos-rpms
+#13 5.540 Cleanup: dnf-data;4.14.0-8.el9;noarch;installed
+#13 5.546 Cleanup: rpm;4.16.1.3-27.el9_3;x86_64;installed
+#13 5.555 Cleanup: libdnf;0.69.0-6.el9_3;x86_64;installed
+#13 5.561 Cleanup: libselinux;3.5-1.el9;x86_64;installed
+#13 5.566 Cleanup: libsepol;3.5-1.el9;x86_64;installed
+#13 5.570 Cleanup: rpm-libs;4.16.1.3-27.el9_3;x86_64;installed
+#13 6.226 Complete.
+#13 DONE 6.3s
 
 #12 [ 3/10] RUN yum update -y --nogpgcheck --disablerepo=* --repofrompath=ce...
-#12 0.364 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
-#12 0.365 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
-#12 0.779 centos                                           22 MB/s | 8.3 MB     00:00    
-#12 2.677 centos-app                                       37 MB/s |  21 MB     00:00    
-#12 7.076 Last metadata expiration check: 0:00:02 ago on Wed Nov  6 09:38:58 2024.
-#12 7.899 Dependencies resolved.
-#12 7.907 ================================================================================
-#12 7.907  Package                    Arch   Version                     Repository  Size
-#12 7.907 ================================================================================
-#12 7.907 Upgrading:
-#12 7.907  audit-libs                 x86_64 3.1.5-1.el9                 centos     121 k
-#12 7.907  bash                       x86_64 5.1.8-9.el9                 centos     1.7 M
-#12 7.907  ca-certificates            noarch 2024.2.69_v8.0.303-91.4.el9 centos     1.0 M
-#12 7.907  coreutils-single           x86_64 8.32-36.el9                 centos     620 k
-#12 7.907  crypto-policies            noarch 20240828-2.git626aa59.el9   centos      86 k
-#12 7.907  curl-minimal               x86_64 7.76.1-31.el9               centos     127 k
-#12 7.907  dnf                        noarch 4.14.0-21.el9               centos     477 k
-#12 7.907  dnf-data                   noarch 4.14.0-21.el9               centos      37 k
-#12 7.907  dnf-plugins-core           noarch 4.3.0-17.el9                centos      37 k
-#12 7.907  elfutils-default-yama-scope
-#12 7.907                             noarch 0.191-4.el9                 centos      12 k
-#12 7.907  elfutils-libelf            x86_64 0.191-4.el9                 centos     207 k
-#12 7.907  elfutils-libs              x86_64 0.191-4.el9                 centos     260 k
-#12 7.907  file-libs                  x86_64 5.39-16.el9                 centos     589 k
-#12 7.907  filesystem                 x86_64 3.16-5.el9                  centos     4.8 M
-#12 7.907  gdbm-libs                  x86_64 1:1.23-1.el9                centos      56 k
-#12 7.907  glib2                      x86_64 2.68.4-16.el9               centos     2.6 M
-#12 7.907  glibc                      x86_64 2.34-133.el9                centos     2.0 M
-#12 7.907  glibc-common               x86_64 2.34-133.el9                centos     305 k
-#12 7.907  glibc-minimal-langpack     x86_64 2.34-133.el9                centos      19 k
-#12 7.907  gnutls                     x86_64 3.8.3-4.el9                 centos     1.1 M
-#12 7.907  ima-evm-utils              x86_64 1.5-2.el9                   centos      69 k
-#12 7.907  krb5-libs                  x86_64 1.21.1-3.el9                centos     766 k
-#12 7.907  libacl                     x86_64 2.3.1-4.el9                 centos      23 k
-#12 7.907  libblkid                   x86_64 2.37.4-20.el9               centos     107 k
-#12 7.907  libcom_err                 x86_64 1.46.5-5.el9                centos      26 k
-#12 7.907  libcurl-minimal            x86_64 7.76.1-31.el9               centos     225 k
-#12 7.907  libdnf                     x86_64 0.69.0-12.el9               centos     664 k
-#12 7.907  libevent                   x86_64 2.1.12-8.el9                centos     262 k
-#12 7.907  libgcc                     x86_64 11.5.0-2.el9                centos      88 k
-#12 7.907  libgcrypt                  x86_64 1.10.0-11.el9               centos     508 k
-#12 7.907  libgomp                    x86_64 11.5.0-2.el9                centos     264 k
-#12 7.907  libksba                    x86_64 1.5.1-7.el9                 centos     153 k
-#12 7.907  libmount                   x86_64 2.37.4-20.el9               centos     135 k
-#12 7.907  libnghttp2                 x86_64 1.43.0-6.el9                centos      73 k
-#12 7.907  librepo                    x86_64 1.14.5-2.el9                centos      88 k
-#12 7.907  librhsm                    x86_64 0.0.3-9.el9                 centos      35 k
-#12 7.907  libselinux                 x86_64 3.6-2.el9                   centos      86 k
-#12 7.907  libsemanage                x86_64 3.6-2.el9                   centos     118 k
-#12 7.907  libsmartcols               x86_64 2.37.4-20.el9               centos      63 k
-#12 7.907  libsolv                    x86_64 0.7.24-3.el9                centos     405 k
-#12 7.907  libstdc++                  x86_64 11.5.0-2.el9                centos     737 k
-#12 7.907  libuuid                    x86_64 2.37.4-20.el9               centos      28 k
-#12 7.907  libxml2                    x86_64 2.9.13-6.el9                centos     748 k
-#12 7.907  nettle                     x86_64 3.9.1-1.el9                 centos     560 k
-#12 7.907  openldap                   x86_64 2.6.6-3.el9                 centos     282 k
-#12 7.907  openssl-libs               x86_64 1:3.2.2-6.el9               centos     2.4 M
-#12 7.907  p11-kit                    x86_64 0.25.3-2.el9                centos     533 k
-#12 7.907  p11-kit-trust              x86_64 0.25.3-2.el9                centos     143 k
-#12 7.907  pcre                       x86_64 8.44-4.el9                  centos     197 k
-#12 7.907  pcre2                      x86_64 10.40-6.el9                 centos     234 k
-#12 7.907  pcre2-syntax               noarch 10.40-6.el9                 centos     141 k
-#12 7.907  python-unversioned-command noarch 3.9.20-1.el9                centos-app  10 k
-#12 7.907  python3                    x86_64 3.9.20-1.el9                centos      27 k
-#12 7.907  python3-dnf                noarch 4.14.0-21.el9               centos     461 k
-#12 7.907  python3-dnf-plugins-core   noarch 4.3.0-17.el9                centos     264 k
-#12 7.907  python3-hawkey             x86_64 0.69.0-12.el9               centos     102 k
-#12 7.907  python3-libdnf             x86_64 0.69.0-12.el9               centos     781 k
-#12 7.907  python3-libs               x86_64 3.9.20-1.el9                centos     8.1 M
-#12 7.907  python3-pip-wheel          noarch 21.3.1-1.el9                centos     1.1 M
-#12 7.907  python3-rpm                x86_64 4.16.1.3-34.el9             centos      66 k
-#12 7.907  python3-setuptools-wheel   noarch 53.0.0-13.el9               centos     468 k
-#12 7.907  python3-systemd            x86_64 234-19.el9                  centos      89 k
-#12 7.907  rpm                        x86_64 4.16.1.3-34.el9             centos     537 k
-#12 7.907  rpm-build-libs             x86_64 4.16.1.3-34.el9             centos      89 k
-#12 7.907  rpm-libs                   x86_64 4.16.1.3-34.el9             centos     308 k
-#12 7.907  rpm-sign-libs              x86_64 4.16.1.3-34.el9             centos      21 k
-#12 7.907  setup                      noarch 2.13.7-10.el9               centos     146 k
-#12 7.907  shadow-utils               x86_64 2:4.9-9.el9                 centos     1.2 M
-#12 7.907  systemd-libs               x86_64 252-48.el9                  centos     680 k
-#12 7.907  tpm2-tss                   x86_64 3.2.3-1.el9                 centos     603 k
-#12 7.907  tzdata                     noarch 2024b-2.el9                 centos     837 k
-#12 7.907  yum                        noarch 4.14.0-21.el9               centos      88 k
-#12 7.907  yum-utils                  noarch 4.3.0-17.el9                centos      40 k
-#12 7.907  zlib                       x86_64 1.2.11-41.el9               centos      91 k
-#12 7.907 Installing dependencies:
-#12 7.907  attr                       x86_64 2.5.1-3.el9                 centos      61 k
-#12 7.907  keyutils                   x86_64 1.6.3-1.el9                 centos      74 k
-#12 7.907 Installing weak dependencies:
-#12 7.907  glibc-langpack-en          x86_64 2.34-133.el9                centos     658 k
-#12 7.907 
-#12 7.907 Transaction Summary
-#12 7.907 ================================================================================
-#12 7.907 Install   3 Packages
-#12 7.907 Upgrade  74 Packages
-#12 7.907 
-#12 7.911 Total download size: 43 M
-#12 7.911 Downloading Packages:
-#12 8.138 (1/77): attr-2.5.1-3.el9.x86_64.rpm             277 kB/s |  61 kB     00:00    
-#12 8.142 (2/77): keyutils-1.6.3-1.el9.x86_64.rpm         329 kB/s |  74 kB     00:00    
-#12 8.171 (3/77): audit-libs-3.1.5-1.el9.x86_64.rpm       3.6 MB/s | 121 kB     00:00    
-#12 8.201 (4/77): glibc-langpack-en-2.34-133.el9.x86_64.r 2.3 MB/s | 658 kB     00:00    
-#12 8.234 (5/77): bash-5.1.8-9.el9.x86_64.rpm              18 MB/s | 1.7 MB     00:00    
-#12 8.244 (6/77): coreutils-single-8.32-36.el9.x86_64.rpm  14 MB/s | 620 kB     00:00    
-#12 8.256 (7/77): crypto-policies-20240828-2.git626aa59.e 4.2 MB/s |  86 kB     00:00    
-#12 8.262 (8/77): curl-minimal-7.76.1-31.el9.x86_64.rpm   7.1 MB/s | 127 kB     00:00    
-#12 8.281 (9/77): dnf-data-4.14.0-21.el9.noarch.rpm       2.0 MB/s |  37 kB     00:00    
-#12 8.292 (10/77): dnf-4.14.0-21.el9.noarch.rpm            13 MB/s | 477 kB     00:00    
-#12 8.299 (11/77): dnf-plugins-core-4.3.0-17.el9.noarch.r 2.1 MB/s |  37 kB     00:00    
-#12 8.310 (12/77): elfutils-default-yama-scope-0.191-4.el 696 kB/s |  12 kB     00:00    
-#12 8.318 (13/77): elfutils-libelf-0.191-4.el9.x86_64.rpm  11 MB/s | 207 kB     00:00    
-#12 8.329 (14/77): elfutils-libs-0.191-4.el9.x86_64.rpm    13 MB/s | 260 kB     00:00    
-#12 8.341 (15/77): file-libs-5.39-16.el9.x86_64.rpm        26 MB/s | 589 kB     00:00    
-#12 8.386 (16/77): filesystem-3.16-5.el9.x86_64.rpm        85 MB/s | 4.8 MB     00:00    
-#12 8.389 (17/77): gdbm-libs-1.23-1.el9.x86_64.rpm        1.2 MB/s |  56 kB     00:00    
-#12 8.410 (18/77): ca-certificates-2024.2.69_v8.0.303-91. 4.2 MB/s | 1.0 MB     00:00    
-#12 8.427 (19/77): glibc-2.34-133.el9.x86_64.rpm           53 MB/s | 2.0 MB     00:00    
-#12 8.444 (20/77): glib2-2.68.4-16.el9.x86_64.rpm          49 MB/s | 2.6 MB     00:00    
-#12 8.450 (21/77): glibc-common-2.34-133.el9.x86_64.rpm   8.2 MB/s | 305 kB     00:00    
-#12 8.453 (22/77): glibc-minimal-langpack-2.34-133.el9.x8 913 kB/s |  19 kB     00:00    
-#12 8.469 (23/77): ima-evm-utils-1.5-2.el9.x86_64.rpm     3.8 MB/s |  69 kB     00:00    
-#12 8.478 (24/77): krb5-libs-1.21.1-3.el9.x86_64.rpm       31 MB/s | 766 kB     00:00    
-#12 8.488 (25/77): libacl-2.3.1-4.el9.x86_64.rpm          1.4 MB/s |  23 kB     00:00    
-#12 8.496 (26/77): libblkid-2.37.4-20.el9.x86_64.rpm      5.9 MB/s | 107 kB     00:00    
-#12 8.505 (27/77): libcom_err-1.46.5-5.el9.x86_64.rpm     1.5 MB/s |  26 kB     00:00    
-#12 8.516 (28/77): libcurl-minimal-7.76.1-31.el9.x86_64.r  11 MB/s | 225 kB     00:00    
-#12 8.528 (29/77): libdnf-0.69.0-12.el9.x86_64.rpm         30 MB/s | 664 kB     00:00    
-#12 8.546 (30/77): libgcc-11.5.0-2.el9.x86_64.rpm         5.0 MB/s |  88 kB     00:00    
-#12 8.572 (31/77): gnutls-3.8.3-4.el9.x86_64.rpm          8.9 MB/s | 1.1 MB     00:00    
-#12 8.581 (32/77): libgcrypt-1.10.0-11.el9.x86_64.rpm      15 MB/s | 508 kB     00:00    
-#12 8.594 (33/77): libgomp-11.5.0-2.el9.x86_64.rpm         13 MB/s | 264 kB     00:00    
-#12 8.601 (34/77): libksba-1.5.1-7.el9.x86_64.rpm         7.6 MB/s | 153 kB     00:00    
-#12 8.606 (35/77): libevent-2.1.12-8.el9.x86_64.rpm       2.9 MB/s | 262 kB     00:00    
-#12 8.613 (36/77): libmount-2.37.4-20.el9.x86_64.rpm      7.5 MB/s | 135 kB     00:00    
-#12 8.624 (37/77): librepo-1.14.5-2.el9.x86_64.rpm        4.8 MB/s |  88 kB     00:00    
-#12 8.627 (38/77): libnghttp2-1.43.0-6.el9.x86_64.rpm     2.9 MB/s |  73 kB     00:00    
-#12 8.630 (39/77): librhsm-0.0.3-9.el9.x86_64.rpm         2.0 MB/s |  35 kB     00:00    
-#12 8.643 (40/77): libselinux-3.6-2.el9.x86_64.rpm        4.7 MB/s |  86 kB     00:00    
-#12 8.649 (41/77): libsemanage-3.6-2.el9.x86_64.rpm       5.6 MB/s | 118 kB     00:00    
-#12 8.656 (42/77): libsmartcols-2.37.4-20.el9.x86_64.rpm  2.5 MB/s |  63 kB     00:00    
-#12 8.674 (43/77): libstdc++-11.5.0-2.el9.x86_64.rpm       30 MB/s | 737 kB     00:00    
-#12 8.679 (44/77): libsolv-0.7.24-3.el9.x86_64.rpm         11 MB/s | 405 kB     00:00    
-#12 8.682 (45/77): libuuid-2.37.4-20.el9.x86_64.rpm       1.1 MB/s |  28 kB     00:00    
-#12 8.705 (46/77): nettle-3.9.1-1.el9.x86_64.rpm           25 MB/s | 560 kB     00:00    
-#12 8.709 (47/77): openldap-2.6.6-3.el9.x86_64.rpm         11 MB/s | 282 kB     00:00    
-#12 8.732 (48/77): p11-kit-0.25.3-2.el9.x86_64.rpm         23 MB/s | 533 kB     00:00    
-#12 8.748 (49/77): openssl-libs-3.2.2-6.el9.x86_64.rpm     62 MB/s | 2.4 MB     00:00    
-#12 8.752 (50/77): p11-kit-trust-0.25.3-2.el9.x86_64.rpm  8.0 MB/s | 143 kB     00:00    
-#12 8.768 (51/77): pcre-8.44-4.el9.x86_64.rpm              10 MB/s | 197 kB     00:00    
-#12 8.780 (52/77): pcre2-10.40-6.el9.x86_64.rpm           8.4 MB/s | 234 kB     00:00    
-#12 8.792 (53/77): pcre2-syntax-10.40-6.el9.noarch.rpm    5.8 MB/s | 141 kB     00:00    
-#12 8.798 (54/77): python3-3.9.20-1.el9.x86_64.rpm        1.5 MB/s |  27 kB     00:00    
-#12 8.813 (55/77): python3-dnf-4.14.0-21.el9.noarch.rpm    22 MB/s | 461 kB     00:00    
-#12 8.818 (56/77): python3-dnf-plugins-core-4.3.0-17.el9.  13 MB/s | 264 kB     00:00    
-#12 8.835 (57/77): python3-hawkey-0.69.0-12.el9.x86_64.rp 4.7 MB/s | 102 kB     00:00    
-#12 8.844 (58/77): python3-libdnf-0.69.0-12.el9.x86_64.rp  31 MB/s | 781 kB     00:00    
-#12 8.927 (59/77): python3-libs-3.9.20-1.el9.x86_64.rpm    90 MB/s | 8.1 MB     00:00    
-#12 8.936 (60/77): python3-pip-wheel-21.3.1-1.el9.noarch.  12 MB/s | 1.1 MB     00:00    
-#12 8.945 (61/77): python3-rpm-4.16.1.3-34.el9.x86_64.rpm 3.7 MB/s |  66 kB     00:00    
-#12 8.966 (62/77): python3-setuptools-wheel-53.0.0-13.el9  16 MB/s | 468 kB     00:00    
-#12 8.969 (63/77): python3-systemd-234-19.el9.x86_64.rpm  3.8 MB/s |  89 kB     00:00    
-#12 8.988 (64/77): rpm-4.16.1.3-34.el9.x86_64.rpm          24 MB/s | 537 kB     00:00    
-#12 8.991 (65/77): rpm-build-libs-4.16.1.3-34.el9.x86_64. 4.0 MB/s |  89 kB     00:00    
-#12 9.009 (66/77): rpm-libs-4.16.1.3-34.el9.x86_64.rpm     15 MB/s | 308 kB     00:00    
-#12 9.018 (67/77): rpm-sign-libs-4.16.1.3-34.el9.x86_64.r 886 kB/s |  21 kB     00:00    
-#12 9.057 (68/77): shadow-utils-4.9-9.el9.x86_64.rpm       29 MB/s | 1.2 MB     00:00    
-#12 9.095 (69/77): systemd-libs-252-48.el9.x86_64.rpm      18 MB/s | 680 kB     00:00    
-#12 9.119 (70/77): tpm2-tss-3.2.3-1.el9.x86_64.rpm         25 MB/s | 603 kB     00:00    
-#12 9.156 (71/77): tzdata-2024b-2.el9.noarch.rpm           22 MB/s | 837 kB     00:00    
-#12 9.174 (72/77): yum-4.14.0-21.el9.noarch.rpm           4.8 MB/s |  88 kB     00:00    
-#12 9.193 (73/77): yum-utils-4.3.0-17.el9.noarch.rpm      2.2 MB/s |  40 kB     00:00    
-#12 9.211 (74/77): libxml2-2.9.13-6.el9.x86_64.rpm        1.4 MB/s | 748 kB     00:00    
-#12 9.214 (75/77): zlib-1.2.11-41.el9.x86_64.rpm          4.3 MB/s |  91 kB     00:00    
-#12 9.231 (76/77): python-unversioned-command-3.9.20-1.el 515 kB/s |  10 kB     00:00    
-#12 9.477 (77/77): setup-2.13.7-10.el9.noarch.rpm         313 kB/s | 146 kB     00:00    
-#12 9.481 --------------------------------------------------------------------------------
-#12 9.481 Total                                            27 MB/s |  43 MB     00:01     
-#12 9.483 Running transaction check
-#12 9.840 Transaction check succeeded.
-#12 9.840 Running transaction test
-#12 10.70 Transaction test succeeded.
-#12 10.70 Running transaction
-#12 11.53   Running scriptlet: filesystem-3.16-5.el9.x86_64                           1/1 
-#12 11.91   Preparing        :                                                        1/1 
-#12 11.95   Upgrading        : libgcc-11.5.0-2.el9.x86_64                           1/151 
-#12 11.96   Running scriptlet: libgcc-11.5.0-2.el9.x86_64                           1/151 
-#12 12.12   Upgrading        : tzdata-2024b-2.el9.noarch                            2/151 
-#12 12.17   Upgrading        : setup-2.13.7-10.el9.noarch                           3/151 
-#12 12.17 warning: /etc/shadow created as /etc/shadow.rpmnew
-#12 12.17 
-#12 12.17   Running scriptlet: setup-2.13.7-10.el9.noarch                           3/151 
-#12 12.23   Upgrading        : filesystem-3.16-5.el9.x86_64                         4/151 
-#12 12.33   Upgrading        : bash-5.1.8-9.el9.x86_64                              5/151 
-#12 12.34   Running scriptlet: bash-5.1.8-9.el9.x86_64                              5/151 
-#12 12.35   Upgrading        : glibc-common-2.34-133.el9.x86_64                     6/151 
-#12 12.36   Upgrading        : glibc-minimal-langpack-2.34-133.el9.x86_64           7/151 
-#12 12.36   Running scriptlet: glibc-2.34-133.el9.x86_64                            8/151 
-#12 12.41   Upgrading        : glibc-2.34-133.el9.x86_64                            8/151 
-#12 12.42   Running scriptlet: glibc-2.34-133.el9.x86_64                            8/151 
-#12 12.51   Installing       : glibc-langpack-en-2.34-133.el9.x86_64                9/151 
-#12 12.52   Upgrading        : zlib-1.2.11-41.el9.x86_64                           10/151 
-#12 12.53   Upgrading        : audit-libs-3.1.5-1.el9.x86_64                       11/151 
-#12 12.54   Upgrading        : libacl-2.3.1-4.el9.x86_64                           12/151 
-#12 12.56   Upgrading        : libstdc++-11.5.0-2.el9.x86_64                       13/151 
-#12 12.56   Upgrading        : libuuid-2.37.4-20.el9.x86_64                        14/151 
-#12 12.58   Upgrading        : p11-kit-0.25.3-2.el9.x86_64                         15/151 
-#12 12.60   Upgrading        : crypto-policies-20240828-2.git626aa59.el9.noarch    16/151 
-#12 12.61   Running scriptlet: crypto-policies-20240828-2.git626aa59.el9.noarch    16/151 
-#12 12.61   Upgrading        : p11-kit-trust-0.25.3-2.el9.x86_64                   17/151 
-#12 12.62   Running scriptlet: p11-kit-trust-0.25.3-2.el9.x86_64                   17/151 
-#12 12.63   Upgrading        : elfutils-libelf-0.191-4.el9.x86_64                  18/151 
-#12 12.65   Upgrading        : libxml2-2.9.13-6.el9.x86_64                         19/151 
-#12 12.66   Upgrading        : libcom_err-1.46.5-5.el9.x86_64                      20/151 
-#12 12.67   Upgrading        : libsmartcols-2.37.4-20.el9.x86_64                   21/151 
-#12 12.71   Upgrading        : file-libs-5.39-16.el9.x86_64                        22/151 
-#12 12.71   Installing       : attr-2.5.1-3.el9.x86_64                             23/151 
-#12 12.72   Installing       : keyutils-1.6.3-1.el9.x86_64                         24/151 
-#12 12.73   Upgrading        : gdbm-libs-1:1.23-1.el9.x86_64                       25/151 
-#12 12.74   Upgrading        : libgcrypt-1.10.0-11.el9.x86_64                      26/151 
-#12 12.75   Upgrading        : libgomp-11.5.0-2.el9.x86_64                         27/151 
-#12 12.76   Upgrading        : libnghttp2-1.43.0-6.el9.x86_64                      28/151 
-#12 12.77   Upgrading        : nettle-3.9.1-1.el9.x86_64                           29/151 
-#12 12.80   Upgrading        : gnutls-3.8.3-4.el9.x86_64                           30/151 
-#12 12.81   Upgrading        : pcre-8.44-4.el9.x86_64                              31/151 
-#12 12.81   Upgrading        : elfutils-default-yama-scope-0.191-4.el9.noarch      32/151 
-#12 12.82   Running scriptlet: elfutils-default-yama-scope-0.191-4.el9.noarch      32/151 
-#12 12.83   Upgrading        : elfutils-libs-0.191-4.el9.x86_64                    33/151 
-#12 12.84   Upgrading        : python3-setuptools-wheel-53.0.0-13.el9.noarch       34/151 
-#12 12.85   Upgrading        : pcre2-syntax-10.40-6.el9.noarch                     35/151 
-#12 12.86   Upgrading        : pcre2-10.40-6.el9.x86_64                            36/151 
-#12 12.87   Upgrading        : libselinux-3.6-2.el9.x86_64                         37/151 
-#12 12.89   Upgrading        : coreutils-single-8.32-36.el9.x86_64                 38/151 
-#12 12.90   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar    39/151 
-#12 12.93   Upgrading        : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar    39/151 
-#12 12.94   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar    39/151 
-#12 13.96   Upgrading        : openssl-libs-1:3.2.2-6.el9.x86_64                   40/151 
-#12 13.99   Upgrading        : krb5-libs-1.21.1-3.el9.x86_64                       41/151 
-#12 14.00   Upgrading        : libcurl-minimal-7.76.1-31.el9.x86_64                42/151 
-#12 14.00   Upgrading        : curl-minimal-7.76.1-31.el9.x86_64                   43/151 
-#12 14.03   Upgrading        : rpm-4.16.1.3-34.el9.x86_64                          44/151 
-#12 14.05   Upgrading        : rpm-libs-4.16.1.3-34.el9.x86_64                     45/151 
-#12 14.06   Upgrading        : libsolv-0.7.24-3.el9.x86_64                         46/151 
-#12 14.07   Upgrading        : rpm-build-libs-4.16.1.3-34.el9.x86_64               47/151 
-#12 14.08   Upgrading        : libevent-2.1.12-8.el9.x86_64                        48/151 
-#12 14.10   Upgrading        : systemd-libs-252-48.el9.x86_64                      49/151 
-#12 14.11   Running scriptlet: systemd-libs-252-48.el9.x86_64                      49/151 
-#12 14.13   Upgrading        : python3-pip-wheel-21.3.1-1.el9.noarch               50/151 
-#12 14.14   Upgrading        : python-unversioned-command-3.9.20-1.el9.noarch      51/151 
-#12 14.15   Upgrading        : python3-3.9.20-1.el9.x86_64                         52/151 
-#12 14.55   Upgrading        : python3-libs-3.9.20-1.el9.x86_64                    53/151 
-#12 14.57   Upgrading        : python3-systemd-234-19.el9.x86_64                   54/151 
-#12 14.58   Upgrading        : libblkid-2.37.4-20.el9.x86_64                       55/151 
-#12 14.58   Running scriptlet: libblkid-2.37.4-20.el9.x86_64                       55/151 
-#12 14.60   Upgrading        : libmount-2.37.4-20.el9.x86_64                       56/151 
-#12 14.65   Upgrading        : glib2-2.68.4-16.el9.x86_64                          57/151 
-#12 14.66   Upgrading        : librepo-1.14.5-2.el9.x86_64                         58/151 
-#12 14.68   Upgrading        : libdnf-0.69.0-12.el9.x86_64                         59/151 
-#12 14.71   Upgrading        : python3-libdnf-0.69.0-12.el9.x86_64                 60/151 
-#12 14.72   Upgrading        : python3-hawkey-0.69.0-12.el9.x86_64                 61/151 
-#12 14.73   Upgrading        : libsemanage-3.6-2.el9.x86_64                        62/151 
-#12 14.78   Upgrading        : shadow-utils-2:4.9-9.el9.x86_64                     63/151 
-#12 14.79   Running scriptlet: tpm2-tss-3.2.3-1.el9.x86_64                         64/151 
-#12 14.82   Upgrading        : tpm2-tss-3.2.3-1.el9.x86_64                         64/151 
-#12 14.83   Upgrading        : ima-evm-utils-1.5-2.el9.x86_64                      65/151 
-#12 14.83   Upgrading        : rpm-sign-libs-4.16.1.3-34.el9.x86_64                66/151 
-#12 14.84   Upgrading        : python3-rpm-4.16.1.3-34.el9.x86_64                  67/151 
-#12 14.85   Upgrading        : dnf-data-4.14.0-21.el9.noarch                       68/151 
-#12 14.89   Upgrading        : python3-dnf-4.14.0-21.el9.noarch                    69/151 
-#12 14.90   Upgrading        : dnf-4.14.0-21.el9.noarch                            70/151 
-#12 14.91   Running scriptlet: dnf-4.14.0-21.el9.noarch                            70/151 
-#12 14.93   Upgrading        : python3-dnf-plugins-core-4.3.0-17.el9.noarch        71/151 
-#12 14.94   Upgrading        : dnf-plugins-core-4.3.0-17.el9.noarch                72/151 
-#12 14.95   Upgrading        : yum-utils-4.3.0-17.el9.noarch                       73/151 
-#12 14.95   Upgrading        : yum-4.14.0-21.el9.noarch                            74/151 
-#12 14.97   Upgrading        : openldap-2.6.6-3.el9.x86_64                         75/151 
-#12 14.98   Upgrading        : librhsm-0.0.3-9.el9.x86_64                          76/151 
-#12 14.99   Upgrading        : libksba-1.5.1-7.el9.x86_64                          77/151 
-#12 15.00   Cleanup          : openldap-2.6.3-1.el9.x86_64                         78/151 
-#12 15.01   Cleanup          : libevent-2.1.12-6.el9.x86_64                        79/151 
-#12 15.02   Cleanup          : libksba-1.5.1-6.el9_1.x86_64                        80/151 
-#12 15.02   Cleanup          : yum-utils-4.3.0-13.el9.noarch                       81/151 
-#12 15.03   Cleanup          : dnf-plugins-core-4.3.0-13.el9.noarch                82/151 
-#12 15.03   Cleanup          : python3-dnf-plugins-core-4.3.0-13.el9.noarch        83/151 
-#12 15.04   Cleanup          : yum-4.14.0-9.el9.noarch                             84/151 
-#12 15.04   Cleanup          : python3-systemd-234-18.el9.x86_64                   85/151 
-#12 15.05   Running scriptlet: dnf-4.14.0-9.el9.noarch                             86/151 
-#12 15.05   Cleanup          : dnf-4.14.0-9.el9.noarch                             86/151 
-#12 15.05   Running scriptlet: dnf-4.14.0-9.el9.noarch                             86/151 
-#12 15.07   Cleanup          : systemd-libs-252-18.el9.x86_64                      87/151 
-#12 15.07   Cleanup          : python3-dnf-4.14.0-9.el9.noarch                     88/151 
-#12 15.08   Cleanup          : python3-hawkey-0.69.0-8.el9_4.1.x86_64              89/151 
-#12 15.09   Cleanup          : python3-libdnf-0.69.0-8.el9_4.1.x86_64              90/151 
-#12 15.09   Cleanup          : libdnf-0.69.0-8.el9_4.1.x86_64                      91/151 
-#12 15.11   Cleanup          : libstdc++-11.4.1-2.1.el9.x86_64                     92/151 
-#12 15.12   Cleanup          : librepo-1.14.5-1.el9.x86_64                         93/151 
-#12 15.12   Cleanup          : libsolv-0.7.24-2.el9.x86_64                         94/151 
-#12 15.13   Cleanup          : libxml2-2.9.13-5.el9_3.x86_64                       95/151 
-#12 15.13   Cleanup          : librhsm-0.0.3-7.el9_3.1.x86_64                      96/151 
-#12 15.14   Cleanup          : glib2-2.68.4-11.el9.x86_64                          97/151 
-#12 15.15   Cleanup          : gnutls-3.7.6-23.el9_3.3.x86_64                      98/151 
-#12 15.15   Cleanup          : libmount-2.37.4-15.el9.x86_64                       99/151 
-#12 15.16   Cleanup          : libblkid-2.37.4-15.el9.x86_64                      100/151 
-#12 15.16   Cleanup          : python3-rpm-4.16.1.3-29.el9.x86_64                 101/151 
-#12 15.17   Cleanup          : rpm-build-libs-4.16.1.3-29.el9.x86_64              102/151 
-#12 15.17   Cleanup          : elfutils-libs-0.190-2.el9.x86_64                   103/151 
-#12 15.18   Cleanup          : rpm-sign-libs-4.16.1.3-29.el9.x86_64               104/151 
-#12 15.18   Cleanup          : rpm-4.16.1.3-29.el9.x86_64                         105/151 
-#12 15.19   Cleanup          : rpm-libs-4.16.1.3-29.el9.x86_64                    106/151 
-#12 15.21   Cleanup          : ima-evm-utils-1.4-4.el9.x86_64                     107/151 
-#12 15.22   Cleanup          : tpm2-tss-3.2.2-2.el9.x86_64                        108/151 
-#12 15.23   Cleanup          : shadow-utils-2:4.9-8.el9.x86_64                    109/151 
-#12 15.23   Cleanup          : libsemanage-3.6-1.el9.x86_64                       110/151 
-#12 15.24   Cleanup          : file-libs-5.39-14.el9.x86_64                       111/151 
-#12 15.25   Cleanup          : curl-minimal-7.76.1-26.el9_3.3.x86_64              112/151 
-#12 15.25   Cleanup          : libcurl-minimal-7.76.1-26.el9_3.3.x86_64           113/151 
-#12 15.26   Cleanup          : krb5-libs-1.21.1-1.el9.x86_64                      114/151 
-#12 15.26   Cleanup          : audit-libs-3.0.7-104.el9.x86_64                    115/151 
-#12 15.27   Cleanup          : libgomp-11.4.1-3.el9.x86_64                        116/151 
-#12 15.27   Cleanup          : elfutils-libelf-0.190-2.el9.x86_64                 117/151 
-#12 15.28   Cleanup          : libgcrypt-1.10.0-10.el9_2.x86_64                   118/151 
-#12 15.28   Cleanup          : elfutils-default-yama-scope-0.190-2.el9.noarch     119/151 
-#12 15.29   Cleanup          : dnf-data-4.14.0-9.el9.noarch                       120/151 
-#12 15.29   Cleanup          : libcom_err-1.46.5-3.el9.x86_64                     121/151 
-#12 15.30   Cleanup          : nettle-3.8-3.el9_0.x86_64                          122/151 
-#12 15.31   Cleanup          : libnghttp2-1.43.0-5.el9_3.1.x86_64                 123/151 
-#12 15.33   Cleanup          : python3-libs-3.9.18-3.el9_4.6.x86_64               124/151 
-#12 15.34   Cleanup          : python3-3.9.18-3.el9_4.6.x86_64                    125/151 
-#12 15.35   Cleanup          : openssl-libs-1:3.0.7-25.el9_3.x86_64               126/151 
-#12 15.35   Cleanup          : libuuid-2.37.4-15.el9.x86_64                       127/151 
-#12 15.36   Cleanup          : gdbm-libs-1:1.19-4.el9.x86_64                      128/151 
-#12 15.37   Cleanup          : pcre-8.44-3.el9.3.x86_64                           129/151 
-#12 15.37   Cleanup          : libsmartcols-2.37.4-15.el9.x86_64                  130/151 
-#12 15.37   Cleanup          : python3-pip-wheel-21.2.3-8.el9.noarch              131/151 
-#12 15.38   Cleanup          : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no   132/151 
-#12 15.38   Cleanup          : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no   133/151 
-#12 15.39   Cleanup          : python-unversioned-command-3.9.18-3.el9_4.6.noar   134/151 
-#12 15.39   Cleanup          : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc   135/151 
-#12 15.40   Cleanup          : coreutils-single-8.32-34.el9.x86_64                136/151 
-#12 15.42   Cleanup          : p11-kit-trust-0.24.1-2.el9.x86_64                  137/151 
-#12 15.42   Running scriptlet: p11-kit-trust-0.24.1-2.el9.x86_64                  137/151 
-#12 15.43   Cleanup          : libselinux-3.6-1.el9.x86_64                        138/151 
-#12 15.44   Cleanup          : p11-kit-0.24.1-2.el9.x86_64                        139/151 
-#12 15.44   Cleanup          : pcre2-10.40-2.el9.x86_64                           140/151 
-#12 15.45   Cleanup          : libacl-2.3.1-3.el9.x86_64                          141/151 
-#12 15.45   Cleanup          : zlib-1.2.11-40.el9.x86_64                          142/151 
-#12 15.46   Cleanup          : pcre2-syntax-10.40-2.el9.noarch                    143/151 
-#12 15.46   Cleanup          : bash-5.1.8-6.el9_1.x86_64                          144/151 
-#12 15.46   Running scriptlet: bash-5.1.8-6.el9_1.x86_64                          144/151 
-#12 15.47   Cleanup          : glibc-2.34-83.el9_3.12.x86_64                      145/151 
-#12 15.48   Cleanup          : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64     146/151 
-#12 15.48   Cleanup          : glibc-common-2.34-83.el9_3.12.x86_64               147/151 
-#12 15.51   Cleanup          : filesystem-3.16-2.el9.x86_64                       148/151 
-#12 15.51 warning: file /usr/share/locale/en@shaw: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@quot: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@piglatin: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@hebrew: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@greek: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@cyrillic: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@boldquot: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en@arabic: remove failed: No such file or directory
-#12 15.51 warning: file /usr/share/locale/en: remove failed: No such file or directory
-#12 15.51 
-#12 15.56   Cleanup          : setup-2.13.7-9.el9.noarch                          149/151 
-#12 15.57   Cleanup          : tzdata-2023d-1.el9.noarch                          150/151 
-#12 15.58   Cleanup          : libgcc-11.4.1-2.1.el9.x86_64                       151/151 
-#12 15.58   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       151/151 
-#12 15.62   Running scriptlet: filesystem-3.16-5.el9.x86_64                       151/151 
-#12 15.64   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar   151/151 
-#12 16.63   Running scriptlet: rpm-4.16.1.3-34.el9.x86_64                         151/151 
-#12 16.64   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       151/151 
-#12 17.37   Verifying        : attr-2.5.1-3.el9.x86_64                              1/151 
-#12 17.37   Verifying        : glibc-langpack-en-2.34-133.el9.x86_64                2/151 
-#12 17.37   Verifying        : keyutils-1.6.3-1.el9.x86_64                          3/151 
-#12 17.37   Verifying        : audit-libs-3.1.5-1.el9.x86_64                        4/151 
-#12 17.37   Verifying        : audit-libs-3.0.7-104.el9.x86_64                      5/151 
-#12 17.37   Verifying        : bash-5.1.8-9.el9.x86_64                              6/151 
-#12 17.37   Verifying        : bash-5.1.8-6.el9_1.x86_64                            7/151 
-#12 17.37   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar     8/151 
-#12 17.37   Verifying        : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no     9/151 
-#12 17.37   Verifying        : coreutils-single-8.32-36.el9.x86_64                 10/151 
-#12 17.37   Verifying        : coreutils-single-8.32-34.el9.x86_64                 11/151 
-#12 17.37   Verifying        : crypto-policies-20240828-2.git626aa59.el9.noarch    12/151 
-#12 17.37   Verifying        : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no    13/151 
-#12 17.37   Verifying        : curl-minimal-7.76.1-31.el9.x86_64                   14/151 
-#12 17.37   Verifying        : curl-minimal-7.76.1-26.el9_3.3.x86_64               15/151 
-#12 17.37   Verifying        : dnf-4.14.0-21.el9.noarch                            16/151 
-#12 17.37   Verifying        : dnf-4.14.0-9.el9.noarch                             17/151 
-#12 17.37   Verifying        : dnf-data-4.14.0-21.el9.noarch                       18/151 
-#12 17.37   Verifying        : dnf-data-4.14.0-9.el9.noarch                        19/151 
-#12 17.37   Verifying        : dnf-plugins-core-4.3.0-17.el9.noarch                20/151 
-#12 17.37   Verifying        : dnf-plugins-core-4.3.0-13.el9.noarch                21/151 
-#12 17.37   Verifying        : elfutils-default-yama-scope-0.191-4.el9.noarch      22/151 
-#12 17.37   Verifying        : elfutils-default-yama-scope-0.190-2.el9.noarch      23/151 
-#12 17.37   Verifying        : elfutils-libelf-0.191-4.el9.x86_64                  24/151 
-#12 17.37   Verifying        : elfutils-libelf-0.190-2.el9.x86_64                  25/151 
-#12 17.37   Verifying        : elfutils-libs-0.191-4.el9.x86_64                    26/151 
-#12 17.37   Verifying        : elfutils-libs-0.190-2.el9.x86_64                    27/151 
-#12 17.37   Verifying        : file-libs-5.39-16.el9.x86_64                        28/151 
-#12 17.37   Verifying        : file-libs-5.39-14.el9.x86_64                        29/151 
-#12 17.37   Verifying        : filesystem-3.16-5.el9.x86_64                        30/151 
-#12 17.37   Verifying        : filesystem-3.16-2.el9.x86_64                        31/151 
-#12 17.37   Verifying        : gdbm-libs-1:1.23-1.el9.x86_64                       32/151 
-#12 17.37   Verifying        : gdbm-libs-1:1.19-4.el9.x86_64                       33/151 
-#12 17.37   Verifying        : glib2-2.68.4-16.el9.x86_64                          34/151 
-#12 17.37   Verifying        : glib2-2.68.4-11.el9.x86_64                          35/151 
-#12 17.37   Verifying        : glibc-2.34-133.el9.x86_64                           36/151 
-#12 17.37   Verifying        : glibc-2.34-83.el9_3.12.x86_64                       37/151 
-#12 17.37   Verifying        : glibc-common-2.34-133.el9.x86_64                    38/151 
-#12 17.37   Verifying        : glibc-common-2.34-83.el9_3.12.x86_64                39/151 
-#12 17.37   Verifying        : glibc-minimal-langpack-2.34-133.el9.x86_64          40/151 
-#12 17.38   Verifying        : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64      41/151 
-#12 17.38   Verifying        : gnutls-3.8.3-4.el9.x86_64                           42/151 
-#12 17.38   Verifying        : gnutls-3.7.6-23.el9_3.3.x86_64                      43/151 
-#12 17.38   Verifying        : ima-evm-utils-1.5-2.el9.x86_64                      44/151 
-#12 17.38   Verifying        : ima-evm-utils-1.4-4.el9.x86_64                      45/151 
-#12 17.38   Verifying        : krb5-libs-1.21.1-3.el9.x86_64                       46/151 
-#12 17.38   Verifying        : krb5-libs-1.21.1-1.el9.x86_64                       47/151 
-#12 17.38   Verifying        : libacl-2.3.1-4.el9.x86_64                           48/151 
-#12 17.38   Verifying        : libacl-2.3.1-3.el9.x86_64                           49/151 
-#12 17.38   Verifying        : libblkid-2.37.4-20.el9.x86_64                       50/151 
-#12 17.38   Verifying        : libblkid-2.37.4-15.el9.x86_64                       51/151 
-#12 17.38   Verifying        : libcom_err-1.46.5-5.el9.x86_64                      52/151 
-#12 17.38   Verifying        : libcom_err-1.46.5-3.el9.x86_64                      53/151 
-#12 17.38   Verifying        : libcurl-minimal-7.76.1-31.el9.x86_64                54/151 
-#12 17.38   Verifying        : libcurl-minimal-7.76.1-26.el9_3.3.x86_64            55/151 
-#12 17.38   Verifying        : libdnf-0.69.0-12.el9.x86_64                         56/151 
-#12 17.38   Verifying        : libdnf-0.69.0-8.el9_4.1.x86_64                      57/151 
-#12 17.38   Verifying        : libevent-2.1.12-8.el9.x86_64                        58/151 
-#12 17.38   Verifying        : libevent-2.1.12-6.el9.x86_64                        59/151 
-#12 17.38   Verifying        : libgcc-11.5.0-2.el9.x86_64                          60/151 
-#12 17.38   Verifying        : libgcc-11.4.1-2.1.el9.x86_64                        61/151 
-#12 17.38   Verifying        : libgcrypt-1.10.0-11.el9.x86_64                      62/151 
-#12 17.38   Verifying        : libgcrypt-1.10.0-10.el9_2.x86_64                    63/151 
-#12 17.38   Verifying        : libgomp-11.5.0-2.el9.x86_64                         64/151 
-#12 17.38   Verifying        : libgomp-11.4.1-3.el9.x86_64                         65/151 
-#12 17.38   Verifying        : libksba-1.5.1-7.el9.x86_64                          66/151 
-#12 17.38   Verifying        : libksba-1.5.1-6.el9_1.x86_64                        67/151 
-#12 17.38   Verifying        : libmount-2.37.4-20.el9.x86_64                       68/151 
-#12 17.38   Verifying        : libmount-2.37.4-15.el9.x86_64                       69/151 
-#12 17.38   Verifying        : libnghttp2-1.43.0-6.el9.x86_64                      70/151 
-#12 17.38   Verifying        : libnghttp2-1.43.0-5.el9_3.1.x86_64                  71/151 
-#12 17.38   Verifying        : librepo-1.14.5-2.el9.x86_64                         72/151 
-#12 17.38   Verifying        : librepo-1.14.5-1.el9.x86_64                         73/151 
-#12 17.38   Verifying        : librhsm-0.0.3-9.el9.x86_64                          74/151 
-#12 17.38   Verifying        : librhsm-0.0.3-7.el9_3.1.x86_64                      75/151 
-#12 17.38   Verifying        : libselinux-3.6-2.el9.x86_64                         76/151 
-#12 17.38   Verifying        : libselinux-3.6-1.el9.x86_64                         77/151 
-#12 17.38   Verifying        : libsemanage-3.6-2.el9.x86_64                        78/151 
-#12 17.38   Verifying        : libsemanage-3.6-1.el9.x86_64                        79/151 
-#12 17.38   Verifying        : libsmartcols-2.37.4-20.el9.x86_64                   80/151 
-#12 17.38   Verifying        : libsmartcols-2.37.4-15.el9.x86_64                   81/151 
-#12 17.38   Verifying        : libsolv-0.7.24-3.el9.x86_64                         82/151 
-#12 17.38   Verifying        : libsolv-0.7.24-2.el9.x86_64                         83/151 
-#12 17.38   Verifying        : libstdc++-11.5.0-2.el9.x86_64                       84/151 
-#12 17.38   Verifying        : libstdc++-11.4.1-2.1.el9.x86_64                     85/151 
-#12 17.38   Verifying        : libuuid-2.37.4-20.el9.x86_64                        86/151 
-#12 17.38   Verifying        : libuuid-2.37.4-15.el9.x86_64                        87/151 
-#12 17.38   Verifying        : libxml2-2.9.13-6.el9.x86_64                         88/151 
-#12 17.38   Verifying        : libxml2-2.9.13-5.el9_3.x86_64                       89/151 
-#12 17.38   Verifying        : nettle-3.9.1-1.el9.x86_64                           90/151 
-#12 17.38   Verifying        : nettle-3.8-3.el9_0.x86_64                           91/151 
-#12 17.38   Verifying        : openldap-2.6.6-3.el9.x86_64                         92/151 
-#12 17.38   Verifying        : openldap-2.6.3-1.el9.x86_64                         93/151 
-#12 17.38   Verifying        : openssl-libs-1:3.2.2-6.el9.x86_64                   94/151 
-#12 17.38   Verifying        : openssl-libs-1:3.0.7-25.el9_3.x86_64                95/151 
-#12 17.38   Verifying        : p11-kit-0.25.3-2.el9.x86_64                         96/151 
-#12 17.38   Verifying        : p11-kit-0.24.1-2.el9.x86_64                         97/151 
-#12 17.38   Verifying        : p11-kit-trust-0.25.3-2.el9.x86_64                   98/151 
-#12 17.38   Verifying        : p11-kit-trust-0.24.1-2.el9.x86_64                   99/151 
-#12 17.38   Verifying        : pcre-8.44-4.el9.x86_64                             100/151 
-#12 17.38   Verifying        : pcre-8.44-3.el9.3.x86_64                           101/151 
-#12 17.38   Verifying        : pcre2-10.40-6.el9.x86_64                           102/151 
-#12 17.38   Verifying        : pcre2-10.40-2.el9.x86_64                           103/151 
-#12 17.38   Verifying        : pcre2-syntax-10.40-6.el9.noarch                    104/151 
-#12 17.38   Verifying        : pcre2-syntax-10.40-2.el9.noarch                    105/151 
-#12 17.38   Verifying        : python3-3.9.20-1.el9.x86_64                        106/151 
-#12 17.38   Verifying        : python3-3.9.18-3.el9_4.6.x86_64                    107/151 
-#12 17.38   Verifying        : python3-dnf-4.14.0-21.el9.noarch                   108/151 
-#12 17.38   Verifying        : python3-dnf-4.14.0-9.el9.noarch                    109/151 
-#12 17.38   Verifying        : python3-dnf-plugins-core-4.3.0-17.el9.noarch       110/151 
-#12 17.38   Verifying        : python3-dnf-plugins-core-4.3.0-13.el9.noarch       111/151 
-#12 17.38   Verifying        : python3-hawkey-0.69.0-12.el9.x86_64                112/151 
-#12 17.38   Verifying        : python3-hawkey-0.69.0-8.el9_4.1.x86_64             113/151 
-#12 17.38   Verifying        : python3-libdnf-0.69.0-12.el9.x86_64                114/151 
-#12 17.38   Verifying        : python3-libdnf-0.69.0-8.el9_4.1.x86_64             115/151 
-#12 17.38   Verifying        : python3-libs-3.9.20-1.el9.x86_64                   116/151 
-#12 17.38   Verifying        : python3-libs-3.9.18-3.el9_4.6.x86_64               117/151 
-#12 17.38   Verifying        : python3-pip-wheel-21.3.1-1.el9.noarch              118/151 
-#12 17.38   Verifying        : python3-pip-wheel-21.2.3-8.el9.noarch              119/151 
-#12 17.38   Verifying        : python3-rpm-4.16.1.3-34.el9.x86_64                 120/151 
-#12 17.38   Verifying        : python3-rpm-4.16.1.3-29.el9.x86_64                 121/151 
-#12 17.38   Verifying        : python3-setuptools-wheel-53.0.0-13.el9.noarch      122/151 
-#12 17.38   Verifying        : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc   123/151 
-#12 17.38   Verifying        : python3-systemd-234-19.el9.x86_64                  124/151 
-#12 17.38   Verifying        : python3-systemd-234-18.el9.x86_64                  125/151 
-#12 17.38   Verifying        : rpm-4.16.1.3-34.el9.x86_64                         126/151 
-#12 17.38   Verifying        : rpm-4.16.1.3-29.el9.x86_64                         127/151 
-#12 17.38   Verifying        : rpm-build-libs-4.16.1.3-34.el9.x86_64              128/151 
-#12 17.38   Verifying        : rpm-build-libs-4.16.1.3-29.el9.x86_64              129/151 
-#12 17.38   Verifying        : rpm-libs-4.16.1.3-34.el9.x86_64                    130/151 
-#12 17.38   Verifying        : rpm-libs-4.16.1.3-29.el9.x86_64                    131/151 
-#12 17.38   Verifying        : rpm-sign-libs-4.16.1.3-34.el9.x86_64               132/151 
-#12 17.38   Verifying        : rpm-sign-libs-4.16.1.3-29.el9.x86_64               133/151 
-#12 17.38   Verifying        : setup-2.13.7-10.el9.noarch                         134/151 
-#12 17.38   Verifying        : setup-2.13.7-9.el9.noarch                          135/151 
-#12 17.38   Verifying        : shadow-utils-2:4.9-9.el9.x86_64                    136/151 
-#12 17.38   Verifying        : shadow-utils-2:4.9-8.el9.x86_64                    137/151 
-#12 17.38   Verifying        : systemd-libs-252-48.el9.x86_64                     138/151 
-#12 17.38   Verifying        : systemd-libs-252-18.el9.x86_64                     139/151 
-#12 17.38   Verifying        : tpm2-tss-3.2.3-1.el9.x86_64                        140/151 
-#12 17.38   Verifying        : tpm2-tss-3.2.2-2.el9.x86_64                        141/151 
-#12 17.38   Verifying        : tzdata-2024b-2.el9.noarch                          142/151 
-#12 17.38   Verifying        : tzdata-2023d-1.el9.noarch                          143/151 
-#12 17.38   Verifying        : yum-4.14.0-21.el9.noarch                           144/151 
-#12 17.38   Verifying        : yum-4.14.0-9.el9.noarch                            145/151 
-#12 17.38   Verifying        : yum-utils-4.3.0-17.el9.noarch                      146/151 
-#12 17.39   Verifying        : yum-utils-4.3.0-13.el9.noarch                      147/151 
-#12 17.39   Verifying        : zlib-1.2.11-41.el9.x86_64                          148/151 
-#12 17.39   Verifying        : zlib-1.2.11-40.el9.x86_64                          149/151 
-#12 17.39   Verifying        : python-unversioned-command-3.9.20-1.el9.noarch     150/151 
-#12 17.39   Verifying        : python-unversioned-command-3.9.18-3.el9_4.6.noar   151/151 
-#12 17.67 
-#12 17.67 Upgraded:
-#12 17.67   audit-libs-3.1.5-1.el9.x86_64                                                 
-#12 17.67   bash-5.1.8-9.el9.x86_64                                                       
-#12 17.67   ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch                            
-#12 17.67   coreutils-single-8.32-36.el9.x86_64                                           
-#12 17.67   crypto-policies-20240828-2.git626aa59.el9.noarch                              
-#12 17.67   curl-minimal-7.76.1-31.el9.x86_64                                             
-#12 17.67   dnf-4.14.0-21.el9.noarch                                                      
-#12 17.67   dnf-data-4.14.0-21.el9.noarch                                                 
-#12 17.67   dnf-plugins-core-4.3.0-17.el9.noarch                                          
-#12 17.67   elfutils-default-yama-scope-0.191-4.el9.noarch                                
-#12 17.67   elfutils-libelf-0.191-4.el9.x86_64                                            
-#12 17.67   elfutils-libs-0.191-4.el9.x86_64                                              
-#12 17.67   file-libs-5.39-16.el9.x86_64                                                  
-#12 17.67   filesystem-3.16-5.el9.x86_64                                                  
-#12 17.67   gdbm-libs-1:1.23-1.el9.x86_64                                                 
-#12 17.67   glib2-2.68.4-16.el9.x86_64                                                    
-#12 17.67   glibc-2.34-133.el9.x86_64                                                     
-#12 17.67   glibc-common-2.34-133.el9.x86_64                                              
-#12 17.67   glibc-minimal-langpack-2.34-133.el9.x86_64                                    
-#12 17.67   gnutls-3.8.3-4.el9.x86_64                                                     
-#12 17.67   ima-evm-utils-1.5-2.el9.x86_64                                                
-#12 17.67   krb5-libs-1.21.1-3.el9.x86_64                                                 
-#12 17.67   libacl-2.3.1-4.el9.x86_64                                                     
-#12 17.67   libblkid-2.37.4-20.el9.x86_64                                                 
-#12 17.67   libcom_err-1.46.5-5.el9.x86_64                                                
-#12 17.67   libcurl-minimal-7.76.1-31.el9.x86_64                                          
-#12 17.67   libdnf-0.69.0-12.el9.x86_64                                                   
-#12 17.67   libevent-2.1.12-8.el9.x86_64                                                  
-#12 17.67   libgcc-11.5.0-2.el9.x86_64                                                    
-#12 17.67   libgcrypt-1.10.0-11.el9.x86_64                                                
-#12 17.67   libgomp-11.5.0-2.el9.x86_64                                                   
-#12 17.67   libksba-1.5.1-7.el9.x86_64                                                    
-#12 17.67   libmount-2.37.4-20.el9.x86_64                                                 
-#12 17.67   libnghttp2-1.43.0-6.el9.x86_64                                                
-#12 17.67   librepo-1.14.5-2.el9.x86_64                                                   
-#12 17.67   librhsm-0.0.3-9.el9.x86_64                                                    
-#12 17.67   libselinux-3.6-2.el9.x86_64                                                   
-#12 17.67   libsemanage-3.6-2.el9.x86_64                                                  
-#12 17.67   libsmartcols-2.37.4-20.el9.x86_64                                             
-#12 17.67   libsolv-0.7.24-3.el9.x86_64                                                   
-#12 17.67   libstdc++-11.5.0-2.el9.x86_64                                                 
-#12 17.67   libuuid-2.37.4-20.el9.x86_64                                                  
-#12 17.67   libxml2-2.9.13-6.el9.x86_64                                                   
-#12 17.67   nettle-3.9.1-1.el9.x86_64                                                     
-#12 17.67   openldap-2.6.6-3.el9.x86_64                                                   
-#12 17.67   openssl-libs-1:3.2.2-6.el9.x86_64                                             
-#12 17.67   p11-kit-0.25.3-2.el9.x86_64                                                   
-#12 17.67   p11-kit-trust-0.25.3-2.el9.x86_64                                             
-#12 17.67   pcre-8.44-4.el9.x86_64                                                        
-#12 17.67   pcre2-10.40-6.el9.x86_64                                                      
-#12 17.67   pcre2-syntax-10.40-6.el9.noarch                                               
-#12 17.67   python-unversioned-command-3.9.20-1.el9.noarch                                
-#12 17.67   python3-3.9.20-1.el9.x86_64                                                   
-#12 17.67   python3-dnf-4.14.0-21.el9.noarch                                              
-#12 17.67   python3-dnf-plugins-core-4.3.0-17.el9.noarch                                  
-#12 17.67   python3-hawkey-0.69.0-12.el9.x86_64                                           
-#12 17.67   python3-libdnf-0.69.0-12.el9.x86_64                                           
-#12 17.67   python3-libs-3.9.20-1.el9.x86_64                                              
-#12 17.67   python3-pip-wheel-21.3.1-1.el9.noarch                                         
-#12 17.67   python3-rpm-4.16.1.3-34.el9.x86_64                                            
-#12 17.67   python3-setuptools-wheel-53.0.0-13.el9.noarch                                 
-#12 17.67   python3-systemd-234-19.el9.x86_64                                             
-#12 17.67   rpm-4.16.1.3-34.el9.x86_64                                                    
-#12 17.67   rpm-build-libs-4.16.1.3-34.el9.x86_64                                         
-#12 17.67   rpm-libs-4.16.1.3-34.el9.x86_64                                               
-#12 17.67   rpm-sign-libs-4.16.1.3-34.el9.x86_64                                          
-#12 17.67   setup-2.13.7-10.el9.noarch                                                    
-#12 17.67   shadow-utils-2:4.9-9.el9.x86_64                                               
-#12 17.67   systemd-libs-252-48.el9.x86_64                                                
-#12 17.67   tpm2-tss-3.2.3-1.el9.x86_64                                                   
-#12 17.67   tzdata-2024b-2.el9.noarch                                                     
-#12 17.67   yum-4.14.0-21.el9.noarch                                                      
-#12 17.67   yum-utils-4.3.0-17.el9.noarch                                                 
-#12 17.67   zlib-1.2.11-41.el9.x86_64                                                     
-#12 17.67 Installed:
-#12 17.67   attr-2.5.1-3.el9.x86_64           glibc-langpack-en-2.34-133.el9.x86_64      
-#12 17.67   keyutils-1.6.3-1.el9.x86_64      
-#12 17.67 
-#12 17.67 Complete!
-#12 DONE 17.8s
+#12 0.347 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
+#12 0.348 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
+#12 0.841 centos                                           18 MB/s | 8.3 MB     00:00    
+#12 2.775 centos-app                                       34 MB/s |  21 MB     00:00    
+#12 7.156 Last metadata expiration check: 0:00:02 ago on Mon Nov 11 09:49:10 2024.
+#12 7.959 Dependencies resolved.
+#12 7.967 ================================================================================
+#12 7.967  Package                    Arch   Version                     Repository  Size
+#12 7.967 ================================================================================
+#12 7.967 Upgrading:
+#12 7.967  audit-libs                 x86_64 3.1.5-1.el9                 centos     121 k
+#12 7.967  bash                       x86_64 5.1.8-9.el9                 centos     1.7 M
+#12 7.967  ca-certificates            noarch 2024.2.69_v8.0.303-91.4.el9 centos     1.0 M
+#12 7.967  coreutils-single           x86_64 8.32-36.el9                 centos     620 k
+#12 7.967  crypto-policies            noarch 20240828-2.git626aa59.el9   centos      86 k
+#12 7.967  curl-minimal               x86_64 7.76.1-31.el9               centos     127 k
+#12 7.967  dnf                        noarch 4.14.0-21.el9               centos     477 k
+#12 7.967  dnf-data                   noarch 4.14.0-21.el9               centos      37 k
+#12 7.967  dnf-plugins-core           noarch 4.3.0-17.el9                centos      37 k
+#12 7.967  elfutils-default-yama-scope
+#12 7.967                             noarch 0.191-4.el9                 centos      12 k
+#12 7.967  elfutils-libelf            x86_64 0.191-4.el9                 centos     207 k
+#12 7.967  elfutils-libs              x86_64 0.191-4.el9                 centos     260 k
+#12 7.967  file-libs                  x86_64 5.39-16.el9                 centos     589 k
+#12 7.967  filesystem                 x86_64 3.16-5.el9                  centos     4.8 M
+#12 7.967  gdbm-libs                  x86_64 1:1.23-1.el9                centos      56 k
+#12 7.967  glib2                      x86_64 2.68.4-16.el9               centos     2.6 M
+#12 7.967  glibc                      x86_64 2.34-133.el9                centos     2.0 M
+#12 7.967  glibc-common               x86_64 2.34-133.el9                centos     305 k
+#12 7.967  glibc-minimal-langpack     x86_64 2.34-133.el9                centos      19 k
+#12 7.967  gnutls                     x86_64 3.8.3-4.el9                 centos     1.1 M
+#12 7.967  ima-evm-utils              x86_64 1.5-2.el9                   centos      69 k
+#12 7.967  krb5-libs                  x86_64 1.21.1-3.el9                centos     766 k
+#12 7.967  libacl                     x86_64 2.3.1-4.el9                 centos      23 k
+#12 7.967  libblkid                   x86_64 2.37.4-20.el9               centos     107 k
+#12 7.967  libcom_err                 x86_64 1.46.5-5.el9                centos      26 k
+#12 7.967  libcurl-minimal            x86_64 7.76.1-31.el9               centos     225 k
+#12 7.967  libdnf                     x86_64 0.69.0-12.el9               centos     664 k
+#12 7.967  libevent                   x86_64 2.1.12-8.el9                centos     262 k
+#12 7.967  libgcc                     x86_64 11.5.0-2.el9                centos      88 k
+#12 7.967  libgcrypt                  x86_64 1.10.0-11.el9               centos     508 k
+#12 7.967  libgomp                    x86_64 11.5.0-2.el9                centos     264 k
+#12 7.967  libksba                    x86_64 1.5.1-7.el9                 centos     153 k
+#12 7.967  libmount                   x86_64 2.37.4-20.el9               centos     135 k
+#12 7.967  libnghttp2                 x86_64 1.43.0-6.el9                centos      73 k
+#12 7.967  librepo                    x86_64 1.14.5-2.el9                centos      88 k
+#12 7.967  librhsm                    x86_64 0.0.3-9.el9                 centos      35 k
+#12 7.967  libselinux                 x86_64 3.6-2.el9                   centos      86 k
+#12 7.967  libsemanage                x86_64 3.6-2.el9                   centos     118 k
+#12 7.967  libsmartcols               x86_64 2.37.4-20.el9               centos      63 k
+#12 7.967  libsolv                    x86_64 0.7.24-3.el9                centos     405 k
+#12 7.967  libstdc++                  x86_64 11.5.0-2.el9                centos     737 k
+#12 7.967  libuuid                    x86_64 2.37.4-20.el9               centos      28 k
+#12 7.967  libxml2                    x86_64 2.9.13-6.el9                centos     748 k
+#12 7.967  nettle                     x86_64 3.9.1-1.el9                 centos     560 k
+#12 7.967  openldap                   x86_64 2.6.6-3.el9                 centos     282 k
+#12 7.967  openssl-libs               x86_64 1:3.2.2-6.el9               centos     2.4 M
+#12 7.967  p11-kit                    x86_64 0.25.3-2.el9                centos     533 k
+#12 7.967  p11-kit-trust              x86_64 0.25.3-2.el9                centos     143 k
+#12 7.967  pcre                       x86_64 8.44-4.el9                  centos     197 k
+#12 7.967  pcre2                      x86_64 10.40-6.el9                 centos     234 k
+#12 7.967  pcre2-syntax               noarch 10.40-6.el9                 centos     141 k
+#12 7.967  python-unversioned-command noarch 3.9.20-1.el9                centos-app  10 k
+#12 7.967  python3                    x86_64 3.9.20-1.el9                centos      27 k
+#12 7.967  python3-dnf                noarch 4.14.0-21.el9               centos     461 k
+#12 7.967  python3-dnf-plugins-core   noarch 4.3.0-17.el9                centos     264 k
+#12 7.967  python3-hawkey             x86_64 0.69.0-12.el9               centos     102 k
+#12 7.967  python3-libdnf             x86_64 0.69.0-12.el9               centos     781 k
+#12 7.967  python3-libs               x86_64 3.9.20-1.el9                centos     8.1 M
+#12 7.967  python3-pip-wheel          noarch 21.3.1-1.el9                centos     1.1 M
+#12 7.967  python3-rpm                x86_64 4.16.1.3-34.el9             centos      66 k
+#12 7.967  python3-setuptools-wheel   noarch 53.0.0-13.el9               centos     468 k
+#12 7.967  python3-systemd            x86_64 234-19.el9                  centos      89 k
+#12 7.967  rpm                        x86_64 4.16.1.3-34.el9             centos     537 k
+#12 7.967  rpm-build-libs             x86_64 4.16.1.3-34.el9             centos      89 k
+#12 7.967  rpm-libs                   x86_64 4.16.1.3-34.el9             centos     308 k
+#12 7.967  rpm-sign-libs              x86_64 4.16.1.3-34.el9             centos      21 k
+#12 7.967  setup                      noarch 2.13.7-10.el9               centos     146 k
+#12 7.967  shadow-utils               x86_64 2:4.9-9.el9                 centos     1.2 M
+#12 7.967  systemd-libs               x86_64 252-48.el9                  centos     680 k
+#12 7.967  tpm2-tss                   x86_64 3.2.3-1.el9                 centos     603 k
+#12 7.967  tzdata                     noarch 2024b-2.el9                 centos     837 k
+#12 7.967  yum                        noarch 4.14.0-21.el9               centos      88 k
+#12 7.967  yum-utils                  noarch 4.3.0-17.el9                centos      40 k
+#12 7.967  zlib                       x86_64 1.2.11-41.el9               centos      91 k
+#12 7.967 Installing dependencies:
+#12 7.967  attr                       x86_64 2.5.1-3.el9                 centos      61 k
+#12 7.967  keyutils                   x86_64 1.6.3-1.el9                 centos      74 k
+#12 7.967 Installing weak dependencies:
+#12 7.967  glibc-langpack-en          x86_64 2.34-133.el9                centos     658 k
+#12 7.967 
+#12 7.967 Transaction Summary
+#12 7.967 ================================================================================
+#12 7.967 Install   3 Packages
+#12 7.967 Upgrade  74 Packages
+#12 7.967 
+#12 7.970 Total download size: 43 M
+#12 7.971 Downloading Packages:
+#12 8.131 (1/77): attr-2.5.1-3.el9.x86_64.rpm             400 kB/s |  61 kB     00:00    
+#12 8.133 (2/77): keyutils-1.6.3-1.el9.x86_64.rpm         475 kB/s |  74 kB     00:00    
+#12 8.178 (3/77): audit-libs-3.1.5-1.el9.x86_64.rpm       2.5 MB/s | 121 kB     00:00    
+#12 8.202 (4/77): glibc-langpack-en-2.34-133.el9.x86_64.r 2.9 MB/s | 658 kB     00:00    
+#12 8.250 (5/77): coreutils-single-8.32-36.el9.x86_64.rpm  13 MB/s | 620 kB     00:00    
+#12 8.281 (6/77): bash-5.1.8-9.el9.x86_64.rpm              11 MB/s | 1.7 MB     00:00    
+#12 8.285 (7/77): crypto-policies-20240828-2.git626aa59.e 2.6 MB/s |  86 kB     00:00    
+#12 8.314 (8/77): curl-minimal-7.76.1-31.el9.x86_64.rpm   4.0 MB/s | 127 kB     00:00    
+#12 8.322 (9/77): dnf-4.14.0-21.el9.noarch.rpm             13 MB/s | 477 kB     00:00    
+#12 8.358 (10/77): dnf-data-4.14.0-21.el9.noarch.rpm      845 kB/s |  37 kB     00:00    
+#12 8.366 (11/77): dnf-plugins-core-4.3.0-17.el9.noarch.r 850 kB/s |  37 kB     00:00    
+#12 8.389 (12/77): elfutils-default-yama-scope-0.191-4.el 402 kB/s |  12 kB     00:00    
+#12 8.427 (13/77): elfutils-libelf-0.191-4.el9.x86_64.rpm 3.3 MB/s | 207 kB     00:00    
+#12 8.471 (14/77): ca-certificates-2024.2.69_v8.0.303-91. 3.4 MB/s | 1.0 MB     00:00    
+#12 8.480 (15/77): file-libs-5.39-16.el9.x86_64.rpm        11 MB/s | 589 kB     00:00    
+#12 8.498 (16/77): elfutils-libs-0.191-4.el9.x86_64.rpm   2.4 MB/s | 260 kB     00:00    
+#12 8.520 (17/77): gdbm-libs-1.23-1.el9.x86_64.rpm        1.4 MB/s |  56 kB     00:00    
+#12 8.542 (18/77): filesystem-3.16-5.el9.x86_64.rpm        68 MB/s | 4.8 MB     00:00    
+#12 8.566 (19/77): glibc-2.34-133.el9.x86_64.rpm           45 MB/s | 2.0 MB     00:00    
+#12 8.583 (20/77): glib2-2.68.4-16.el9.x86_64.rpm          31 MB/s | 2.6 MB     00:00    
+#12 8.591 (21/77): glibc-common-2.34-133.el9.x86_64.rpm   6.7 MB/s | 305 kB     00:00    
+#12 8.599 (22/77): glibc-minimal-langpack-2.34-133.el9.x8 638 kB/s |  19 kB     00:00    
+#12 8.621 (23/77): ima-evm-utils-1.5-2.el9.x86_64.rpm     2.2 MB/s |  69 kB     00:00    
+#12 8.637 (24/77): krb5-libs-1.21.1-3.el9.x86_64.rpm       20 MB/s | 766 kB     00:00    
+#12 8.652 (25/77): libacl-2.3.1-4.el9.x86_64.rpm          758 kB/s |  23 kB     00:00    
+#12 8.669 (26/77): libblkid-2.37.4-20.el9.x86_64.rpm      3.3 MB/s | 107 kB     00:00    
+#12 8.684 (27/77): libcom_err-1.46.5-5.el9.x86_64.rpm     839 kB/s |  26 kB     00:00    
+#12 8.703 (28/77): libcurl-minimal-7.76.1-31.el9.x86_64.r 6.6 MB/s | 225 kB     00:00    
+#12 8.722 (29/77): libdnf-0.69.0-12.el9.x86_64.rpm         17 MB/s | 664 kB     00:00    
+#12 8.732 (30/77): gnutls-3.8.3-4.el9.x86_64.rpm          7.3 MB/s | 1.1 MB     00:00    
+#12 8.769 (31/77): libgcrypt-1.10.0-11.el9.x86_64.rpm      14 MB/s | 508 kB     00:00    
+#12 8.772 (32/77): libgcc-11.5.0-2.el9.x86_64.rpm         1.8 MB/s |  88 kB     00:00    
+#12 8.797 (33/77): libevent-2.1.12-8.el9.x86_64.rpm       2.7 MB/s | 262 kB     00:00    
+#12 8.830 (34/77): libmount-2.37.4-20.el9.x86_64.rpm      4.1 MB/s | 135 kB     00:00    
+#12 8.850 (35/77): libgomp-11.5.0-2.el9.x86_64.rpm        3.2 MB/s | 264 kB     00:00    
+#12 8.861 (36/77): libnghttp2-1.43.0-6.el9.x86_64.rpm     2.3 MB/s |  73 kB     00:00    
+#12 8.868 (37/77): libksba-1.5.1-7.el9.x86_64.rpm         1.6 MB/s | 153 kB     00:00    
+#12 8.882 (38/77): librepo-1.14.5-2.el9.x86_64.rpm        2.8 MB/s |  88 kB     00:00    
+#12 8.902 (39/77): libselinux-3.6-2.el9.x86_64.rpm        2.5 MB/s |  86 kB     00:00    
+#12 8.907 (40/77): librhsm-0.0.3-9.el9.x86_64.rpm         800 kB/s |  35 kB     00:00    
+#12 8.915 (41/77): libsemanage-3.6-2.el9.x86_64.rpm       3.6 MB/s | 118 kB     00:00    
+#12 8.933 (42/77): libsmartcols-2.37.4-20.el9.x86_64.rpm  2.0 MB/s |  63 kB     00:00    
+#12 8.940 (43/77): libsolv-0.7.24-3.el9.x86_64.rpm         12 MB/s | 405 kB     00:00    
+#12 8.964 (44/77): libuuid-2.37.4-20.el9.x86_64.rpm       927 kB/s |  28 kB     00:00    
+#12 8.982 (45/77): libstdc++-11.5.0-2.el9.x86_64.rpm       11 MB/s | 737 kB     00:00    
+#12 9.000 (46/77): nettle-3.9.1-1.el9.x86_64.rpm           16 MB/s | 560 kB     00:00    
+#12 9.017 (47/77): openldap-2.6.6-3.el9.x86_64.rpm        8.0 MB/s | 282 kB     00:00    
+#12 9.115 (48/77): openssl-libs-3.2.2-6.el9.x86_64.rpm     21 MB/s | 2.4 MB     00:00    
+#12 9.121 (49/77): p11-kit-0.25.3-2.el9.x86_64.rpm        5.0 MB/s | 533 kB     00:00    
+#12 9.154 (50/77): pcre-8.44-4.el9.x86_64.rpm             5.8 MB/s | 197 kB     00:00    
+#12 9.161 (51/77): p11-kit-trust-0.25.3-2.el9.x86_64.rpm  3.1 MB/s | 143 kB     00:00    
+#12 9.188 (52/77): pcre2-10.40-6.el9.x86_64.rpm           7.0 MB/s | 234 kB     00:00    
+#12 9.194 (53/77): pcre2-syntax-10.40-6.el9.noarch.rpm    4.2 MB/s | 141 kB     00:00    
+#12 9.219 (54/77): python3-3.9.20-1.el9.x86_64.rpm        864 kB/s |  27 kB     00:00    
+#12 9.230 (55/77): python3-dnf-4.14.0-21.el9.noarch.rpm    13 MB/s | 461 kB     00:00    
+#12 9.261 (56/77): python3-hawkey-0.69.0-12.el9.x86_64.rp 3.3 MB/s | 102 kB     00:00    
+#12 9.299 (57/77): python3-libdnf-0.69.0-12.el9.x86_64.rp  20 MB/s | 781 kB     00:00    
+#12 9.304 (58/77): python3-dnf-plugins-core-4.3.0-17.el9. 3.1 MB/s | 264 kB     00:00    
+#12 9.353 (59/77): libxml2-2.9.13-6.el9.x86_64.rpm        1.8 MB/s | 748 kB     00:00    
+#12 9.384 (60/77): python3-rpm-4.16.1.3-34.el9.x86_64.rpm 2.1 MB/s |  66 kB     00:00    
+#12 9.460 (61/77): python3-setuptools-wheel-53.0.0-13.el9 6.0 MB/s | 468 kB     00:00    
+#12 9.509 (62/77): python3-libs-3.9.20-1.el9.x86_64.rpm    39 MB/s | 8.1 MB     00:00    
+#12 9.537 (63/77): python3-systemd-234-19.el9.x86_64.rpm  1.2 MB/s |  89 kB     00:00    
+#12 9.545 (64/77): rpm-4.16.1.3-34.el9.x86_64.rpm          15 MB/s | 537 kB     00:00    
+#12 9.573 (65/77): rpm-build-libs-4.16.1.3-34.el9.x86_64. 2.4 MB/s |  89 kB     00:00    
+#12 9.581 (66/77): rpm-libs-4.16.1.3-34.el9.x86_64.rpm    8.5 MB/s | 308 kB     00:00    
+#12 9.604 (67/77): rpm-sign-libs-4.16.1.3-34.el9.x86_64.r 693 kB/s |  21 kB     00:00    
+#12 9.645 (68/77): shadow-utils-4.9-9.el9.x86_64.rpm       30 MB/s | 1.2 MB     00:00    
+#12 9.674 (69/77): setup-2.13.7-10.el9.noarch.rpm         1.6 MB/s | 146 kB     00:00    
+#12 9.684 (70/77): systemd-libs-252-48.el9.x86_64.rpm      17 MB/s | 680 kB     00:00    
+#12 9.711 (71/77): tpm2-tss-3.2.3-1.el9.x86_64.rpm         16 MB/s | 603 kB     00:00    
+#12 9.752 (72/77): tzdata-2024b-2.el9.noarch.rpm           12 MB/s | 837 kB     00:00    
+#12 9.758 (73/77): yum-4.14.0-21.el9.noarch.rpm           1.9 MB/s |  88 kB     00:00    
+#12 9.779 (74/77): python3-pip-wheel-21.3.1-1.el9.noarch. 2.4 MB/s | 1.1 MB     00:00    
+#12 9.783 (75/77): yum-utils-4.3.0-17.el9.noarch.rpm      1.3 MB/s |  40 kB     00:00    
+#12 9.812 (76/77): python-unversioned-command-3.9.20-1.el 317 kB/s |  10 kB     00:00    
+#12 9.838 (77/77): zlib-1.2.11-41.el9.x86_64.rpm          1.1 MB/s |  91 kB     00:00    
+#12 9.842 --------------------------------------------------------------------------------
+#12 9.843 Total                                            23 MB/s |  43 MB     00:01     
+#12 9.844 Running transaction check
+#12 10.04 Transaction check succeeded.
+#12 10.04 Running transaction test
+#12 10.87 Transaction test succeeded.
+#12 10.87 Running transaction
+#12 11.68   Running scriptlet: filesystem-3.16-5.el9.x86_64                           1/1 
+#12 12.05   Preparing        :                                                        1/1 
+#12 12.09   Upgrading        : libgcc-11.5.0-2.el9.x86_64                           1/151 
+#12 12.10   Running scriptlet: libgcc-11.5.0-2.el9.x86_64                           1/151 
+#12 12.24   Upgrading        : tzdata-2024b-2.el9.noarch                            2/151 
+#12 12.29   Upgrading        : setup-2.13.7-10.el9.noarch                           3/151 
+#12 12.29 warning: /etc/shadow created as /etc/shadow.rpmnew
+#12 12.29 
+#12 12.29   Running scriptlet: setup-2.13.7-10.el9.noarch                           3/151 
+#12 12.35   Upgrading        : filesystem-3.16-5.el9.x86_64                         4/151 
+#12 12.47   Upgrading        : bash-5.1.8-9.el9.x86_64                              5/151 
+#12 12.47   Running scriptlet: bash-5.1.8-9.el9.x86_64                              5/151 
+#12 12.49   Upgrading        : glibc-common-2.34-133.el9.x86_64                     6/151 
+#12 12.49   Upgrading        : glibc-minimal-langpack-2.34-133.el9.x86_64           7/151 
+#12 12.50   Running scriptlet: glibc-2.34-133.el9.x86_64                            8/151 
+#12 12.55   Upgrading        : glibc-2.34-133.el9.x86_64                            8/151 
+#12 12.55   Running scriptlet: glibc-2.34-133.el9.x86_64                            8/151 
+#12 12.64   Installing       : glibc-langpack-en-2.34-133.el9.x86_64                9/151 
+#12 12.65   Upgrading        : zlib-1.2.11-41.el9.x86_64                           10/151 
+#12 12.66   Upgrading        : audit-libs-3.1.5-1.el9.x86_64                       11/151 
+#12 12.67   Upgrading        : libacl-2.3.1-4.el9.x86_64                           12/151 
+#12 12.69   Upgrading        : libstdc++-11.5.0-2.el9.x86_64                       13/151 
+#12 12.69   Upgrading        : libuuid-2.37.4-20.el9.x86_64                        14/151 
+#12 12.71   Upgrading        : p11-kit-0.25.3-2.el9.x86_64                         15/151 
+#12 12.73   Upgrading        : crypto-policies-20240828-2.git626aa59.el9.noarch    16/151 
+#12 12.74   Running scriptlet: crypto-policies-20240828-2.git626aa59.el9.noarch    16/151 
+#12 12.74   Upgrading        : p11-kit-trust-0.25.3-2.el9.x86_64                   17/151 
+#12 12.75   Running scriptlet: p11-kit-trust-0.25.3-2.el9.x86_64                   17/151 
+#12 12.76   Upgrading        : elfutils-libelf-0.191-4.el9.x86_64                  18/151 
+#12 12.78   Upgrading        : libxml2-2.9.13-6.el9.x86_64                         19/151 
+#12 12.79   Upgrading        : libcom_err-1.46.5-5.el9.x86_64                      20/151 
+#12 12.79   Upgrading        : libsmartcols-2.37.4-20.el9.x86_64                   21/151 
+#12 12.83   Upgrading        : file-libs-5.39-16.el9.x86_64                        22/151 
+#12 12.85   Installing       : attr-2.5.1-3.el9.x86_64                             23/151 
+#12 12.85   Installing       : keyutils-1.6.3-1.el9.x86_64                         24/151 
+#12 12.86   Upgrading        : gdbm-libs-1:1.23-1.el9.x86_64                       25/151 
+#12 12.87   Upgrading        : libgcrypt-1.10.0-11.el9.x86_64                      26/151 
+#12 12.88   Upgrading        : libgomp-11.5.0-2.el9.x86_64                         27/151 
+#12 12.89   Upgrading        : libnghttp2-1.43.0-6.el9.x86_64                      28/151 
+#12 12.90   Upgrading        : nettle-3.9.1-1.el9.x86_64                           29/151 
+#12 12.94   Upgrading        : gnutls-3.8.3-4.el9.x86_64                           30/151 
+#12 12.95   Upgrading        : pcre-8.44-4.el9.x86_64                              31/151 
+#12 12.95   Upgrading        : elfutils-default-yama-scope-0.191-4.el9.noarch      32/151 
+#12 12.96   Running scriptlet: elfutils-default-yama-scope-0.191-4.el9.noarch      32/151 
+#12 12.97   Upgrading        : elfutils-libs-0.191-4.el9.x86_64                    33/151 
+#12 12.98   Upgrading        : python3-setuptools-wheel-53.0.0-13.el9.noarch       34/151 
+#12 12.98   Upgrading        : pcre2-syntax-10.40-6.el9.noarch                     35/151 
+#12 12.99   Upgrading        : pcre2-10.40-6.el9.x86_64                            36/151 
+#12 13.00   Upgrading        : libselinux-3.6-2.el9.x86_64                         37/151 
+#12 13.02   Upgrading        : coreutils-single-8.32-36.el9.x86_64                 38/151 
+#12 13.03   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar    39/151 
+#12 13.06   Upgrading        : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar    39/151 
+#12 13.07   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar    39/151 
+#12 14.09   Upgrading        : openssl-libs-1:3.2.2-6.el9.x86_64                   40/151 
+#12 14.11   Upgrading        : krb5-libs-1.21.1-3.el9.x86_64                       41/151 
+#12 14.12   Upgrading        : libcurl-minimal-7.76.1-31.el9.x86_64                42/151 
+#12 14.13   Upgrading        : curl-minimal-7.76.1-31.el9.x86_64                   43/151 
+#12 14.16   Upgrading        : rpm-4.16.1.3-34.el9.x86_64                          44/151 
+#12 14.17   Upgrading        : rpm-libs-4.16.1.3-34.el9.x86_64                     45/151 
+#12 14.19   Upgrading        : libsolv-0.7.24-3.el9.x86_64                         46/151 
+#12 14.19   Upgrading        : rpm-build-libs-4.16.1.3-34.el9.x86_64               47/151 
+#12 14.21   Upgrading        : libevent-2.1.12-8.el9.x86_64                        48/151 
+#12 14.23   Upgrading        : systemd-libs-252-48.el9.x86_64                      49/151 
+#12 14.23   Running scriptlet: systemd-libs-252-48.el9.x86_64                      49/151 
+#12 14.26   Upgrading        : python3-pip-wheel-21.3.1-1.el9.noarch               50/151 
+#12 14.26   Upgrading        : python-unversioned-command-3.9.20-1.el9.noarch      51/151 
+#12 14.27   Upgrading        : python3-3.9.20-1.el9.x86_64                         52/151 
+#12 14.68   Upgrading        : python3-libs-3.9.20-1.el9.x86_64                    53/151 
+#12 14.71   Upgrading        : python3-systemd-234-19.el9.x86_64                   54/151 
+#12 14.71   Upgrading        : libblkid-2.37.4-20.el9.x86_64                       55/151 
+#12 14.72   Running scriptlet: libblkid-2.37.4-20.el9.x86_64                       55/151 
+#12 14.73   Upgrading        : libmount-2.37.4-20.el9.x86_64                       56/151 
+#12 14.78   Upgrading        : glib2-2.68.4-16.el9.x86_64                          57/151 
+#12 14.80   Upgrading        : librepo-1.14.5-2.el9.x86_64                         58/151 
+#12 14.81   Upgrading        : libdnf-0.69.0-12.el9.x86_64                         59/151 
+#12 14.84   Upgrading        : python3-libdnf-0.69.0-12.el9.x86_64                 60/151 
+#12 14.85   Upgrading        : python3-hawkey-0.69.0-12.el9.x86_64                 61/151 
+#12 14.86   Upgrading        : libsemanage-3.6-2.el9.x86_64                        62/151 
+#12 14.90   Upgrading        : shadow-utils-2:4.9-9.el9.x86_64                     63/151 
+#12 14.91   Running scriptlet: tpm2-tss-3.2.3-1.el9.x86_64                         64/151 
+#12 14.94   Upgrading        : tpm2-tss-3.2.3-1.el9.x86_64                         64/151 
+#12 14.95   Upgrading        : ima-evm-utils-1.5-2.el9.x86_64                      65/151 
+#12 14.96   Upgrading        : rpm-sign-libs-4.16.1.3-34.el9.x86_64                66/151 
+#12 14.97   Upgrading        : python3-rpm-4.16.1.3-34.el9.x86_64                  67/151 
+#12 14.98   Upgrading        : dnf-data-4.14.0-21.el9.noarch                       68/151 
+#12 15.01   Upgrading        : python3-dnf-4.14.0-21.el9.noarch                    69/151 
+#12 15.03   Upgrading        : dnf-4.14.0-21.el9.noarch                            70/151 
+#12 15.03   Running scriptlet: dnf-4.14.0-21.el9.noarch                            70/151 
+#12 15.05   Upgrading        : python3-dnf-plugins-core-4.3.0-17.el9.noarch        71/151 
+#12 15.06   Upgrading        : dnf-plugins-core-4.3.0-17.el9.noarch                72/151 
+#12 15.07   Upgrading        : yum-utils-4.3.0-17.el9.noarch                       73/151 
+#12 15.07   Upgrading        : yum-4.14.0-21.el9.noarch                            74/151 
+#12 15.09   Upgrading        : openldap-2.6.6-3.el9.x86_64                         75/151 
+#12 15.10   Upgrading        : librhsm-0.0.3-9.el9.x86_64                          76/151 
+#12 15.11   Upgrading        : libksba-1.5.1-7.el9.x86_64                          77/151 
+#12 15.12   Cleanup          : openldap-2.6.3-1.el9.x86_64                         78/151 
+#12 15.13   Cleanup          : libevent-2.1.12-6.el9.x86_64                        79/151 
+#12 15.13   Cleanup          : libksba-1.5.1-6.el9_1.x86_64                        80/151 
+#12 15.14   Cleanup          : yum-utils-4.3.0-13.el9.noarch                       81/151 
+#12 15.14   Cleanup          : dnf-plugins-core-4.3.0-13.el9.noarch                82/151 
+#12 15.15   Cleanup          : python3-dnf-plugins-core-4.3.0-13.el9.noarch        83/151 
+#12 15.15   Cleanup          : yum-4.14.0-9.el9.noarch                             84/151 
+#12 15.16   Cleanup          : python3-systemd-234-18.el9.x86_64                   85/151 
+#12 15.16   Running scriptlet: dnf-4.14.0-9.el9.noarch                             86/151 
+#12 15.17   Cleanup          : dnf-4.14.0-9.el9.noarch                             86/151 
+#12 15.17   Running scriptlet: dnf-4.14.0-9.el9.noarch                             86/151 
+#12 15.18   Cleanup          : systemd-libs-252-18.el9.x86_64                      87/151 
+#12 15.19   Cleanup          : python3-dnf-4.14.0-9.el9.noarch                     88/151 
+#12 15.20   Cleanup          : python3-hawkey-0.69.0-8.el9_4.1.x86_64              89/151 
+#12 15.20   Cleanup          : python3-libdnf-0.69.0-8.el9_4.1.x86_64              90/151 
+#12 15.21   Cleanup          : libdnf-0.69.0-8.el9_4.1.x86_64                      91/151 
+#12 15.22   Cleanup          : libstdc++-11.4.1-2.1.el9.x86_64                     92/151 
+#12 15.22   Cleanup          : librepo-1.14.5-1.el9.x86_64                         93/151 
+#12 15.23   Cleanup          : libsolv-0.7.24-2.el9.x86_64                         94/151 
+#12 15.24   Cleanup          : libxml2-2.9.13-5.el9_3.x86_64                       95/151 
+#12 15.25   Cleanup          : librhsm-0.0.3-7.el9_3.1.x86_64                      96/151 
+#12 15.25   Cleanup          : glib2-2.68.4-11.el9.x86_64                          97/151 
+#12 15.26   Cleanup          : gnutls-3.7.6-23.el9_3.3.x86_64                      98/151 
+#12 15.27   Cleanup          : libmount-2.37.4-15.el9.x86_64                       99/151 
+#12 15.27   Cleanup          : libblkid-2.37.4-15.el9.x86_64                      100/151 
+#12 15.28   Cleanup          : python3-rpm-4.16.1.3-29.el9.x86_64                 101/151 
+#12 15.28   Cleanup          : rpm-build-libs-4.16.1.3-29.el9.x86_64              102/151 
+#12 15.29   Cleanup          : elfutils-libs-0.190-2.el9.x86_64                   103/151 
+#12 15.29   Cleanup          : rpm-sign-libs-4.16.1.3-29.el9.x86_64               104/151 
+#12 15.30   Cleanup          : rpm-4.16.1.3-29.el9.x86_64                         105/151 
+#12 15.31   Cleanup          : rpm-libs-4.16.1.3-29.el9.x86_64                    106/151 
+#12 15.31   Cleanup          : ima-evm-utils-1.4-4.el9.x86_64                     107/151 
+#12 15.32   Cleanup          : tpm2-tss-3.2.2-2.el9.x86_64                        108/151 
+#12 15.33   Cleanup          : shadow-utils-2:4.9-8.el9.x86_64                    109/151 
+#12 15.34   Cleanup          : libsemanage-3.6-1.el9.x86_64                       110/151 
+#12 15.35   Cleanup          : file-libs-5.39-14.el9.x86_64                       111/151 
+#12 15.35   Cleanup          : curl-minimal-7.76.1-26.el9_3.3.x86_64              112/151 
+#12 15.36   Cleanup          : libcurl-minimal-7.76.1-26.el9_3.3.x86_64           113/151 
+#12 15.37   Cleanup          : krb5-libs-1.21.1-1.el9.x86_64                      114/151 
+#12 15.37   Cleanup          : audit-libs-3.0.7-104.el9.x86_64                    115/151 
+#12 15.38   Cleanup          : libgomp-11.4.1-3.el9.x86_64                        116/151 
+#12 15.38   Cleanup          : elfutils-libelf-0.190-2.el9.x86_64                 117/151 
+#12 15.39   Cleanup          : libgcrypt-1.10.0-10.el9_2.x86_64                   118/151 
+#12 15.39   Cleanup          : elfutils-default-yama-scope-0.190-2.el9.noarch     119/151 
+#12 15.40   Cleanup          : dnf-data-4.14.0-9.el9.noarch                       120/151 
+#12 15.40   Cleanup          : libcom_err-1.46.5-3.el9.x86_64                     121/151 
+#12 15.41   Cleanup          : nettle-3.8-3.el9_0.x86_64                          122/151 
+#12 15.41   Cleanup          : libnghttp2-1.43.0-5.el9_3.1.x86_64                 123/151 
+#12 15.43   Cleanup          : python3-libs-3.9.18-3.el9_4.6.x86_64               124/151 
+#12 15.44   Cleanup          : python3-3.9.18-3.el9_4.6.x86_64                    125/151 
+#12 15.45   Cleanup          : openssl-libs-1:3.0.7-25.el9_3.x86_64               126/151 
+#12 15.46   Cleanup          : libuuid-2.37.4-15.el9.x86_64                       127/151 
+#12 15.47   Cleanup          : gdbm-libs-1:1.19-4.el9.x86_64                      128/151 
+#12 15.47   Cleanup          : pcre-8.44-3.el9.3.x86_64                           129/151 
+#12 15.48   Cleanup          : libsmartcols-2.37.4-15.el9.x86_64                  130/151 
+#12 15.48   Cleanup          : python3-pip-wheel-21.2.3-8.el9.noarch              131/151 
+#12 15.49   Cleanup          : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no   132/151 
+#12 15.49   Cleanup          : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no   133/151 
+#12 15.50   Cleanup          : python-unversioned-command-3.9.18-3.el9_4.6.noar   134/151 
+#12 15.50   Cleanup          : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc   135/151 
+#12 15.50   Cleanup          : coreutils-single-8.32-34.el9.x86_64                136/151 
+#12 15.51   Cleanup          : p11-kit-trust-0.24.1-2.el9.x86_64                  137/151 
+#12 15.51   Running scriptlet: p11-kit-trust-0.24.1-2.el9.x86_64                  137/151 
+#12 15.52   Cleanup          : libselinux-3.6-1.el9.x86_64                        138/151 
+#12 15.53   Cleanup          : p11-kit-0.24.1-2.el9.x86_64                        139/151 
+#12 15.54   Cleanup          : pcre2-10.40-2.el9.x86_64                           140/151 
+#12 15.54   Cleanup          : libacl-2.3.1-3.el9.x86_64                          141/151 
+#12 15.54   Cleanup          : zlib-1.2.11-40.el9.x86_64                          142/151 
+#12 15.55   Cleanup          : pcre2-syntax-10.40-2.el9.noarch                    143/151 
+#12 15.56   Cleanup          : bash-5.1.8-6.el9_1.x86_64                          144/151 
+#12 15.56   Running scriptlet: bash-5.1.8-6.el9_1.x86_64                          144/151 
+#12 15.57   Cleanup          : glibc-2.34-83.el9_3.12.x86_64                      145/151 
+#12 15.58   Cleanup          : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64     146/151 
+#12 15.59   Cleanup          : glibc-common-2.34-83.el9_3.12.x86_64               147/151 
+#12 15.62   Cleanup          : filesystem-3.16-2.el9.x86_64                       148/151 
+#12 15.62 warning: file /usr/share/locale/en@shaw: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@quot: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@piglatin: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@hebrew: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@greek: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@cyrillic: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@boldquot: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en@arabic: remove failed: No such file or directory
+#12 15.62 warning: file /usr/share/locale/en: remove failed: No such file or directory
+#12 15.62 
+#12 15.65   Cleanup          : setup-2.13.7-9.el9.noarch                          149/151 
+#12 15.66   Cleanup          : tzdata-2023d-1.el9.noarch                          150/151 
+#12 15.68   Cleanup          : libgcc-11.4.1-2.1.el9.x86_64                       151/151 
+#12 15.68   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       151/151 
+#12 15.71   Running scriptlet: filesystem-3.16-5.el9.x86_64                       151/151 
+#12 15.73   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar   151/151 
+#12 16.72   Running scriptlet: rpm-4.16.1.3-34.el9.x86_64                         151/151 
+#12 16.73   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       151/151 
+#12 17.43   Verifying        : attr-2.5.1-3.el9.x86_64                              1/151 
+#12 17.43   Verifying        : glibc-langpack-en-2.34-133.el9.x86_64                2/151 
+#12 17.43   Verifying        : keyutils-1.6.3-1.el9.x86_64                          3/151 
+#12 17.43   Verifying        : audit-libs-3.1.5-1.el9.x86_64                        4/151 
+#12 17.43   Verifying        : audit-libs-3.0.7-104.el9.x86_64                      5/151 
+#12 17.43   Verifying        : bash-5.1.8-9.el9.x86_64                              6/151 
+#12 17.43   Verifying        : bash-5.1.8-6.el9_1.x86_64                            7/151 
+#12 17.43   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noar     8/151 
+#12 17.43   Verifying        : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no     9/151 
+#12 17.43   Verifying        : coreutils-single-8.32-36.el9.x86_64                 10/151 
+#12 17.43   Verifying        : coreutils-single-8.32-34.el9.x86_64                 11/151 
+#12 17.43   Verifying        : crypto-policies-20240828-2.git626aa59.el9.noarch    12/151 
+#12 17.43   Verifying        : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no    13/151 
+#12 17.43   Verifying        : curl-minimal-7.76.1-31.el9.x86_64                   14/151 
+#12 17.43   Verifying        : curl-minimal-7.76.1-26.el9_3.3.x86_64               15/151 
+#12 17.43   Verifying        : dnf-4.14.0-21.el9.noarch                            16/151 
+#12 17.43   Verifying        : dnf-4.14.0-9.el9.noarch                             17/151 
+#12 17.43   Verifying        : dnf-data-4.14.0-21.el9.noarch                       18/151 
+#12 17.43   Verifying        : dnf-data-4.14.0-9.el9.noarch                        19/151 
+#12 17.43   Verifying        : dnf-plugins-core-4.3.0-17.el9.noarch                20/151 
+#12 17.43   Verifying        : dnf-plugins-core-4.3.0-13.el9.noarch                21/151 
+#12 17.43   Verifying        : elfutils-default-yama-scope-0.191-4.el9.noarch      22/151 
+#12 17.44   Verifying        : elfutils-default-yama-scope-0.190-2.el9.noarch      23/151 
+#12 17.44   Verifying        : elfutils-libelf-0.191-4.el9.x86_64                  24/151 
+#12 17.44   Verifying        : elfutils-libelf-0.190-2.el9.x86_64                  25/151 
+#12 17.44   Verifying        : elfutils-libs-0.191-4.el9.x86_64                    26/151 
+#12 17.44   Verifying        : elfutils-libs-0.190-2.el9.x86_64                    27/151 
+#12 17.44   Verifying        : file-libs-5.39-16.el9.x86_64                        28/151 
+#12 17.44   Verifying        : file-libs-5.39-14.el9.x86_64                        29/151 
+#12 17.44   Verifying        : filesystem-3.16-5.el9.x86_64                        30/151 
+#12 17.44   Verifying        : filesystem-3.16-2.el9.x86_64                        31/151 
+#12 17.44   Verifying        : gdbm-libs-1:1.23-1.el9.x86_64                       32/151 
+#12 17.44   Verifying        : gdbm-libs-1:1.19-4.el9.x86_64                       33/151 
+#12 17.44   Verifying        : glib2-2.68.4-16.el9.x86_64                          34/151 
+#12 17.44   Verifying        : glib2-2.68.4-11.el9.x86_64                          35/151 
+#12 17.44   Verifying        : glibc-2.34-133.el9.x86_64                           36/151 
+#12 17.44   Verifying        : glibc-2.34-83.el9_3.12.x86_64                       37/151 
+#12 17.44   Verifying        : glibc-common-2.34-133.el9.x86_64                    38/151 
+#12 17.44   Verifying        : glibc-common-2.34-83.el9_3.12.x86_64                39/151 
+#12 17.44   Verifying        : glibc-minimal-langpack-2.34-133.el9.x86_64          40/151 
+#12 17.44   Verifying        : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64      41/151 
+#12 17.44   Verifying        : gnutls-3.8.3-4.el9.x86_64                           42/151 
+#12 17.44   Verifying        : gnutls-3.7.6-23.el9_3.3.x86_64                      43/151 
+#12 17.44   Verifying        : ima-evm-utils-1.5-2.el9.x86_64                      44/151 
+#12 17.44   Verifying        : ima-evm-utils-1.4-4.el9.x86_64                      45/151 
+#12 17.44   Verifying        : krb5-libs-1.21.1-3.el9.x86_64                       46/151 
+#12 17.44   Verifying        : krb5-libs-1.21.1-1.el9.x86_64                       47/151 
+#12 17.44   Verifying        : libacl-2.3.1-4.el9.x86_64                           48/151 
+#12 17.44   Verifying        : libacl-2.3.1-3.el9.x86_64                           49/151 
+#12 17.44   Verifying        : libblkid-2.37.4-20.el9.x86_64                       50/151 
+#12 17.44   Verifying        : libblkid-2.37.4-15.el9.x86_64                       51/151 
+#12 17.44   Verifying        : libcom_err-1.46.5-5.el9.x86_64                      52/151 
+#12 17.44   Verifying        : libcom_err-1.46.5-3.el9.x86_64                      53/151 
+#12 17.44   Verifying        : libcurl-minimal-7.76.1-31.el9.x86_64                54/151 
+#12 17.44   Verifying        : libcurl-minimal-7.76.1-26.el9_3.3.x86_64            55/151 
+#12 17.44   Verifying        : libdnf-0.69.0-12.el9.x86_64                         56/151 
+#12 17.44   Verifying        : libdnf-0.69.0-8.el9_4.1.x86_64                      57/151 
+#12 17.44   Verifying        : libevent-2.1.12-8.el9.x86_64                        58/151 
+#12 17.44   Verifying        : libevent-2.1.12-6.el9.x86_64                        59/151 
+#12 17.44   Verifying        : libgcc-11.5.0-2.el9.x86_64                          60/151 
+#12 17.44   Verifying        : libgcc-11.4.1-2.1.el9.x86_64                        61/151 
+#12 17.44   Verifying        : libgcrypt-1.10.0-11.el9.x86_64                      62/151 
+#12 17.44   Verifying        : libgcrypt-1.10.0-10.el9_2.x86_64                    63/151 
+#12 17.44   Verifying        : libgomp-11.5.0-2.el9.x86_64                         64/151 
+#12 17.44   Verifying        : libgomp-11.4.1-3.el9.x86_64                         65/151 
+#12 17.44   Verifying        : libksba-1.5.1-7.el9.x86_64                          66/151 
+#12 17.44   Verifying        : libksba-1.5.1-6.el9_1.x86_64                        67/151 
+#12 17.44   Verifying        : libmount-2.37.4-20.el9.x86_64                       68/151 
+#12 17.44   Verifying        : libmount-2.37.4-15.el9.x86_64                       69/151 
+#12 17.44   Verifying        : libnghttp2-1.43.0-6.el9.x86_64                      70/151 
+#12 17.44   Verifying        : libnghttp2-1.43.0-5.el9_3.1.x86_64                  71/151 
+#12 17.44   Verifying        : librepo-1.14.5-2.el9.x86_64                         72/151 
+#12 17.44   Verifying        : librepo-1.14.5-1.el9.x86_64                         73/151 
+#12 17.44   Verifying        : librhsm-0.0.3-9.el9.x86_64                          74/151 
+#12 17.44   Verifying        : librhsm-0.0.3-7.el9_3.1.x86_64                      75/151 
+#12 17.44   Verifying        : libselinux-3.6-2.el9.x86_64                         76/151 
+#12 17.44   Verifying        : libselinux-3.6-1.el9.x86_64                         77/151 
+#12 17.44   Verifying        : libsemanage-3.6-2.el9.x86_64                        78/151 
+#12 17.44   Verifying        : libsemanage-3.6-1.el9.x86_64                        79/151 
+#12 17.44   Verifying        : libsmartcols-2.37.4-20.el9.x86_64                   80/151 
+#12 17.44   Verifying        : libsmartcols-2.37.4-15.el9.x86_64                   81/151 
+#12 17.44   Verifying        : libsolv-0.7.24-3.el9.x86_64                         82/151 
+#12 17.44   Verifying        : libsolv-0.7.24-2.el9.x86_64                         83/151 
+#12 17.44   Verifying        : libstdc++-11.5.0-2.el9.x86_64                       84/151 
+#12 17.44   Verifying        : libstdc++-11.4.1-2.1.el9.x86_64                     85/151 
+#12 17.44   Verifying        : libuuid-2.37.4-20.el9.x86_64                        86/151 
+#12 17.44   Verifying        : libuuid-2.37.4-15.el9.x86_64                        87/151 
+#12 17.44   Verifying        : libxml2-2.9.13-6.el9.x86_64                         88/151 
+#12 17.44   Verifying        : libxml2-2.9.13-5.el9_3.x86_64                       89/151 
+#12 17.44   Verifying        : nettle-3.9.1-1.el9.x86_64                           90/151 
+#12 17.44   Verifying        : nettle-3.8-3.el9_0.x86_64                           91/151 
+#12 17.44   Verifying        : openldap-2.6.6-3.el9.x86_64                         92/151 
+#12 17.44   Verifying        : openldap-2.6.3-1.el9.x86_64                         93/151 
+#12 17.44   Verifying        : openssl-libs-1:3.2.2-6.el9.x86_64                   94/151 
+#12 17.44   Verifying        : openssl-libs-1:3.0.7-25.el9_3.x86_64                95/151 
+#12 17.44   Verifying        : p11-kit-0.25.3-2.el9.x86_64                         96/151 
+#12 17.44   Verifying        : p11-kit-0.24.1-2.el9.x86_64                         97/151 
+#12 17.44   Verifying        : p11-kit-trust-0.25.3-2.el9.x86_64                   98/151 
+#12 17.44   Verifying        : p11-kit-trust-0.24.1-2.el9.x86_64                   99/151 
+#12 17.44   Verifying        : pcre-8.44-4.el9.x86_64                             100/151 
+#12 17.44   Verifying        : pcre-8.44-3.el9.3.x86_64                           101/151 
+#12 17.44   Verifying        : pcre2-10.40-6.el9.x86_64                           102/151 
+#12 17.44   Verifying        : pcre2-10.40-2.el9.x86_64                           103/151 
+#12 17.44   Verifying        : pcre2-syntax-10.40-6.el9.noarch                    104/151 
+#12 17.44   Verifying        : pcre2-syntax-10.40-2.el9.noarch                    105/151 
+#12 17.44   Verifying        : python3-3.9.20-1.el9.x86_64                        106/151 
+#12 17.44   Verifying        : python3-3.9.18-3.el9_4.6.x86_64                    107/151 
+#12 17.44   Verifying        : python3-dnf-4.14.0-21.el9.noarch                   108/151 
+#12 17.44   Verifying        : python3-dnf-4.14.0-9.el9.noarch                    109/151 
+#12 17.44   Verifying        : python3-dnf-plugins-core-4.3.0-17.el9.noarch       110/151 
+#12 17.44   Verifying        : python3-dnf-plugins-core-4.3.0-13.el9.noarch       111/151 
+#12 17.44   Verifying        : python3-hawkey-0.69.0-12.el9.x86_64                112/151 
+#12 17.44   Verifying        : python3-hawkey-0.69.0-8.el9_4.1.x86_64             113/151 
+#12 17.44   Verifying        : python3-libdnf-0.69.0-12.el9.x86_64                114/151 
+#12 17.44   Verifying        : python3-libdnf-0.69.0-8.el9_4.1.x86_64             115/151 
+#12 17.44   Verifying        : python3-libs-3.9.20-1.el9.x86_64                   116/151 
+#12 17.44   Verifying        : python3-libs-3.9.18-3.el9_4.6.x86_64               117/151 
+#12 17.44   Verifying        : python3-pip-wheel-21.3.1-1.el9.noarch              118/151 
+#12 17.44   Verifying        : python3-pip-wheel-21.2.3-8.el9.noarch              119/151 
+#12 17.44   Verifying        : python3-rpm-4.16.1.3-34.el9.x86_64                 120/151 
+#12 17.44   Verifying        : python3-rpm-4.16.1.3-29.el9.x86_64                 121/151 
+#12 17.44   Verifying        : python3-setuptools-wheel-53.0.0-13.el9.noarch      122/151 
+#12 17.44   Verifying        : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc   123/151 
+#12 17.44   Verifying        : python3-systemd-234-19.el9.x86_64                  124/151 
+#12 17.44   Verifying        : python3-systemd-234-18.el9.x86_64                  125/151 
+#12 17.44   Verifying        : rpm-4.16.1.3-34.el9.x86_64                         126/151 
+#12 17.44   Verifying        : rpm-4.16.1.3-29.el9.x86_64                         127/151 
+#12 17.44   Verifying        : rpm-build-libs-4.16.1.3-34.el9.x86_64              128/151 
+#12 17.44   Verifying        : rpm-build-libs-4.16.1.3-29.el9.x86_64              129/151 
+#12 17.44   Verifying        : rpm-libs-4.16.1.3-34.el9.x86_64                    130/151 
+#12 17.44   Verifying        : rpm-libs-4.16.1.3-29.el9.x86_64                    131/151 
+#12 17.44   Verifying        : rpm-sign-libs-4.16.1.3-34.el9.x86_64               132/151 
+#12 17.44   Verifying        : rpm-sign-libs-4.16.1.3-29.el9.x86_64               133/151 
+#12 17.44   Verifying        : setup-2.13.7-10.el9.noarch                         134/151 
+#12 17.44   Verifying        : setup-2.13.7-9.el9.noarch                          135/151 
+#12 17.44   Verifying        : shadow-utils-2:4.9-9.el9.x86_64                    136/151 
+#12 17.44   Verifying        : shadow-utils-2:4.9-8.el9.x86_64                    137/151 
+#12 17.44   Verifying        : systemd-libs-252-48.el9.x86_64                     138/151 
+#12 17.44   Verifying        : systemd-libs-252-18.el9.x86_64                     139/151 
+#12 17.44   Verifying        : tpm2-tss-3.2.3-1.el9.x86_64                        140/151 
+#12 17.44   Verifying        : tpm2-tss-3.2.2-2.el9.x86_64                        141/151 
+#12 17.44   Verifying        : tzdata-2024b-2.el9.noarch                          142/151 
+#12 17.44   Verifying        : tzdata-2023d-1.el9.noarch                          143/151 
+#12 17.45   Verifying        : yum-4.14.0-21.el9.noarch                           144/151 
+#12 17.45   Verifying        : yum-4.14.0-9.el9.noarch                            145/151 
+#12 17.45   Verifying        : yum-utils-4.3.0-17.el9.noarch                      146/151 
+#12 17.45   Verifying        : yum-utils-4.3.0-13.el9.noarch                      147/151 
+#12 17.45   Verifying        : zlib-1.2.11-41.el9.x86_64                          148/151 
+#12 17.45   Verifying        : zlib-1.2.11-40.el9.x86_64                          149/151 
+#12 17.45   Verifying        : python-unversioned-command-3.9.20-1.el9.noarch     150/151 
+#12 17.45   Verifying        : python-unversioned-command-3.9.18-3.el9_4.6.noar   151/151 
+#12 17.73 
+#12 17.73 Upgraded:
+#12 17.73   audit-libs-3.1.5-1.el9.x86_64                                                 
+#12 17.73   bash-5.1.8-9.el9.x86_64                                                       
+#12 17.73   ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch                            
+#12 17.73   coreutils-single-8.32-36.el9.x86_64                                           
+#12 17.73   crypto-policies-20240828-2.git626aa59.el9.noarch                              
+#12 17.73   curl-minimal-7.76.1-31.el9.x86_64                                             
+#12 17.73   dnf-4.14.0-21.el9.noarch                                                      
+#12 17.73   dnf-data-4.14.0-21.el9.noarch                                                 
+#12 17.73   dnf-plugins-core-4.3.0-17.el9.noarch                                          
+#12 17.73   elfutils-default-yama-scope-0.191-4.el9.noarch                                
+#12 17.73   elfutils-libelf-0.191-4.el9.x86_64                                            
+#12 17.73   elfutils-libs-0.191-4.el9.x86_64                                              
+#12 17.73   file-libs-5.39-16.el9.x86_64                                                  
+#12 17.73   filesystem-3.16-5.el9.x86_64                                                  
+#12 17.73   gdbm-libs-1:1.23-1.el9.x86_64                                                 
+#12 17.73   glib2-2.68.4-16.el9.x86_64                                                    
+#12 17.73   glibc-2.34-133.el9.x86_64                                                     
+#12 17.73   glibc-common-2.34-133.el9.x86_64                                              
+#12 17.73   glibc-minimal-langpack-2.34-133.el9.x86_64                                    
+#12 17.73   gnutls-3.8.3-4.el9.x86_64                                                     
+#12 17.73   ima-evm-utils-1.5-2.el9.x86_64                                                
+#12 17.73   krb5-libs-1.21.1-3.el9.x86_64                                                 
+#12 17.73   libacl-2.3.1-4.el9.x86_64                                                     
+#12 17.73   libblkid-2.37.4-20.el9.x86_64                                                 
+#12 17.73   libcom_err-1.46.5-5.el9.x86_64                                                
+#12 17.73   libcurl-minimal-7.76.1-31.el9.x86_64                                          
+#12 17.73   libdnf-0.69.0-12.el9.x86_64                                                   
+#12 17.73   libevent-2.1.12-8.el9.x86_64                                                  
+#12 17.73   libgcc-11.5.0-2.el9.x86_64                                                    
+#12 17.73   libgcrypt-1.10.0-11.el9.x86_64                                                
+#12 17.73   libgomp-11.5.0-2.el9.x86_64                                                   
+#12 17.73   libksba-1.5.1-7.el9.x86_64                                                    
+#12 17.73   libmount-2.37.4-20.el9.x86_64                                                 
+#12 17.73   libnghttp2-1.43.0-6.el9.x86_64                                                
+#12 17.73   librepo-1.14.5-2.el9.x86_64                                                   
+#12 17.73   librhsm-0.0.3-9.el9.x86_64                                                    
+#12 17.73   libselinux-3.6-2.el9.x86_64                                                   
+#12 17.73   libsemanage-3.6-2.el9.x86_64                                                  
+#12 17.73   libsmartcols-2.37.4-20.el9.x86_64                                             
+#12 17.73   libsolv-0.7.24-3.el9.x86_64                                                   
+#12 17.73   libstdc++-11.5.0-2.el9.x86_64                                                 
+#12 17.73   libuuid-2.37.4-20.el9.x86_64                                                  
+#12 17.73   libxml2-2.9.13-6.el9.x86_64                                                   
+#12 17.73   nettle-3.9.1-1.el9.x86_64                                                     
+#12 17.73   openldap-2.6.6-3.el9.x86_64                                                   
+#12 17.73   openssl-libs-1:3.2.2-6.el9.x86_64                                             
+#12 17.73   p11-kit-0.25.3-2.el9.x86_64                                                   
+#12 17.73   p11-kit-trust-0.25.3-2.el9.x86_64                                             
+#12 17.73   pcre-8.44-4.el9.x86_64                                                        
+#12 17.73   pcre2-10.40-6.el9.x86_64                                                      
+#12 17.73   pcre2-syntax-10.40-6.el9.noarch                                               
+#12 17.73   python-unversioned-command-3.9.20-1.el9.noarch                                
+#12 17.73   python3-3.9.20-1.el9.x86_64                                                   
+#12 17.73   python3-dnf-4.14.0-21.el9.noarch                                              
+#12 17.73   python3-dnf-plugins-core-4.3.0-17.el9.noarch                                  
+#12 17.73   python3-hawkey-0.69.0-12.el9.x86_64                                           
+#12 17.73   python3-libdnf-0.69.0-12.el9.x86_64                                           
+#12 17.73   python3-libs-3.9.20-1.el9.x86_64                                              
+#12 17.73   python3-pip-wheel-21.3.1-1.el9.noarch                                         
+#12 17.73   python3-rpm-4.16.1.3-34.el9.x86_64                                            
+#12 17.73   python3-setuptools-wheel-53.0.0-13.el9.noarch                                 
+#12 17.73   python3-systemd-234-19.el9.x86_64                                             
+#12 17.73   rpm-4.16.1.3-34.el9.x86_64                                                    
+#12 17.73   rpm-build-libs-4.16.1.3-34.el9.x86_64                                         
+#12 17.73   rpm-libs-4.16.1.3-34.el9.x86_64                                               
+#12 17.73   rpm-sign-libs-4.16.1.3-34.el9.x86_64                                          
+#12 17.73   setup-2.13.7-10.el9.noarch                                                    
+#12 17.73   shadow-utils-2:4.9-9.el9.x86_64                                               
+#12 17.73   systemd-libs-252-48.el9.x86_64                                                
+#12 17.73   tpm2-tss-3.2.3-1.el9.x86_64                                                   
+#12 17.73   tzdata-2024b-2.el9.noarch                                                     
+#12 17.73   yum-4.14.0-21.el9.noarch                                                      
+#12 17.73   yum-utils-4.3.0-17.el9.noarch                                                 
+#12 17.73   zlib-1.2.11-41.el9.x86_64                                                     
+#12 17.73 Installed:
+#12 17.73   attr-2.5.1-3.el9.x86_64           glibc-langpack-en-2.34-133.el9.x86_64      
+#12 17.73   keyutils-1.6.3-1.el9.x86_64      
+#12 17.73 
+#12 17.73 Complete!
+#12 DONE 17.9s
 
 #11 [ 4/10] RUN yum install -y --nogpgcheck --disablerepo=* --repofrompath=c...
-#11 0.408 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
-#11 0.410 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
-#11 0.592 Last metadata expiration check: 0:00:16 ago on Wed Nov  6 09:38:58 2024.
-#11 0.673 Package libcap-2.48-9.el9_2.x86_64 is already installed.
-#11 0.718 Dependencies resolved.
-#11 0.721 ================================================================================
-#11 0.721  Package                    Arch   Version                     Repository  Size
-#11 0.721 ================================================================================
-#11 0.721 Installing:
-#11 0.721  conntrack-tools            x86_64 1.4.7-2.el9                 centos-app 235 k
-#11 0.721  hostname                   x86_64 3.23-6.el9                  centos      29 k
-#11 0.721  iproute                    x86_64 6.2.0-5.el9                 centos     813 k
-#11 0.721  iptables-nft               x86_64 1.8.10-5.el9                centos     206 k
-#11 0.721  kmod                       x86_64 28-10.el9                   centos     126 k
-#11 0.721  logrotate                  x86_64 3.18.0-8.el9                centos      75 k
-#11 0.721  ltrace                     x86_64 0.7.91-43.el9               centos-app 138 k
-#11 0.721  net-tools                  x86_64 2.0-0.64.20160912git.el9    centos     308 k
-#11 0.721  openssl                    x86_64 1:3.2.2-6.el9               centos     1.4 M
-#11 0.721  procps-ng                  x86_64 3.3.17-14.el9               centos     349 k
-#11 0.721  strace                     x86_64 5.18-2.el9                  centos     1.4 M
-#11 0.721  tar                        x86_64 2:1.34-7.el9                centos     885 k
-#11 0.721  tcpdump                    x86_64 14:4.99.0-9.el9             centos-app 544 k
-#11 0.721  vim-minimal                x86_64 2:8.2.2637-21.el9           centos     670 k
-#11 0.721 Installing dependencies:
-#11 0.721  acl                        x86_64 2.3.1-4.el9                 centos      71 k
-#11 0.721  cracklib                   x86_64 2.9.6-27.el9                centos      94 k
-#11 0.721  cracklib-dicts             x86_64 2.9.6-27.el9                centos     3.6 M
-#11 0.721  dbus                       x86_64 1:1.12.20-8.el9             centos     3.8 k
-#11 0.721  dbus-broker                x86_64 28-7.el9                    centos     172 k
-#11 0.721  dbus-common                noarch 1:1.12.20-8.el9             centos      15 k
-#11 0.721  gzip                       x86_64 1.12-1.el9                  centos     163 k
-#11 0.721  iptables-libs              x86_64 1.8.10-5.el9                centos     460 k
-#11 0.721  kmod-libs                  x86_64 28-10.el9                   centos      63 k
-#11 0.721  libbpf                     x86_64 2:1.4.0-1.el9               centos     178 k
-#11 0.721  libdb                      x86_64 5.3.28-55.el9               centos     735 k
-#11 0.721  libeconf                   x86_64 0.4.1-4.el9                 centos      27 k
-#11 0.721  libfdisk                   x86_64 2.37.4-20.el9               centos     154 k
-#11 0.721  libibverbs                 x86_64 51.0-1.el9                  centos     442 k
-#11 0.721  libmnl                     x86_64 1.0.4-16.el9                centos      28 k
-#11 0.721  libnetfilter_conntrack     x86_64 1.0.9-1.el9                 centos      59 k
-#11 0.721  libnetfilter_cthelper      x86_64 1.0.0-22.el9                centos-app  24 k
-#11 0.721  libnetfilter_cttimeout     x86_64 1.0.0-19.el9                centos-app  24 k
-#11 0.721  libnetfilter_queue         x86_64 1.0.5-1.el9                 centos-app  29 k
-#11 0.721  libnfnetlink               x86_64 1.0.1-21.el9                centos      30 k
-#11 0.721  libnftnl                   x86_64 1.2.6-4.el9                 centos      88 k
-#11 0.721  libnl3                     x86_64 3.9.0-1.el9                 centos     355 k
-#11 0.721  libpcap                    x86_64 14:1.10.0-4.el9             centos     173 k
-#11 0.721  libpwquality               x86_64 1.4.4-8.el9                 centos     119 k
-#11 0.721  libseccomp                 x86_64 2.5.2-2.el9                 centos      72 k
-#11 0.721  libutempter                x86_64 1.2.1-6.el9                 centos      27 k
-#11 0.721  pam                        x86_64 1.5.1-20.el9                centos     628 k
-#11 0.721  psmisc                     x86_64 23.4-3.el9                  centos     243 k
-#11 0.721  systemd                    x86_64 252-48.el9                  centos     4.2 M
-#11 0.721  systemd-pam                x86_64 252-48.el9                  centos     285 k
-#11 0.721  systemd-rpm-macros         noarch 252-48.el9                  centos      74 k
-#11 0.721  util-linux                 x86_64 2.37.4-20.el9               centos     2.3 M
-#11 0.721  util-linux-core            x86_64 2.37.4-20.el9               centos     464 k
-#11 0.721 Installing weak dependencies:
-#11 0.721  elfutils-debuginfod-client x86_64 0.191-4.el9                 centos      37 k
-#11 0.721 
-#11 0.721 Transaction Summary
-#11 0.721 ================================================================================
-#11 0.721 Install  48 Packages
-#11 0.721 
-#11 0.724 Total download size: 22 M
-#11 0.724 Installed size: 63 M
-#11 0.724 Downloading Packages:
-#11 0.832 (1/48): acl-2.3.1-4.el9.x86_64.rpm              701 kB/s |  71 kB     00:00    
-#11 0.842 (2/48): cracklib-2.9.6-27.el9.x86_64.rpm        839 kB/s |  94 kB     00:00    
-#11 0.850 (3/48): dbus-1.12.20-8.el9.x86_64.rpm           204 kB/s | 3.8 kB     00:00    
-#11 0.886 (4/48): dbus-broker-28-7.el9.x86_64.rpm         4.0 MB/s | 172 kB     00:00    
-#11 0.892 (5/48): dbus-common-1.12.20-8.el9.noarch.rpm    371 kB/s |  15 kB     00:00    
-#11 0.911 (6/48): cracklib-dicts-2.9.6-27.el9.x86_64.rpm   20 MB/s | 3.6 MB     00:00    
-#11 0.913 (7/48): elfutils-debuginfod-client-0.191-4.el9. 1.5 MB/s |  37 kB     00:00    
-#11 0.917 (8/48): gzip-1.12-1.el9.x86_64.rpm              7.0 MB/s | 163 kB     00:00    
-#11 0.968 (9/48): iproute-6.2.0-5.el9.x86_64.rpm           15 MB/s | 813 kB     00:00    
-#11 0.977 (10/48): hostname-3.23-6.el9.x86_64.rpm         463 kB/s |  29 kB     00:00    
-#11 0.982 (11/48): iptables-libs-1.8.10-5.el9.x86_64.rpm  6.9 MB/s | 460 kB     00:00    
-#11 0.991 (12/48): iptables-nft-1.8.10-5.el9.x86_64.rpm   9.5 MB/s | 206 kB     00:00    
-#11 1.007 (13/48): kmod-libs-28-10.el9.x86_64.rpm         2.6 MB/s |  63 kB     00:00    
-#11 1.011 (14/48): libbpf-1.4.0-1.el9.x86_64.rpm          8.7 MB/s | 178 kB     00:00    
-#11 1.036 (15/48): libdb-5.3.28-55.el9.x86_64.rpm          26 MB/s | 735 kB     00:00    
-#11 1.039 (16/48): libeconf-0.4.1-4.el9.x86_64.rpm        1.0 MB/s |  27 kB     00:00    
-#11 1.055 (17/48): libfdisk-2.37.4-20.el9.x86_64.rpm      8.2 MB/s | 154 kB     00:00    
-#11 1.064 (18/48): libibverbs-51.0-1.el9.x86_64.rpm        18 MB/s | 442 kB     00:00    
-#11 1.071 (19/48): kmod-28-10.el9.x86_64.rpm              1.4 MB/s | 126 kB     00:00    
-#11 1.081 (20/48): libmnl-1.0.4-16.el9.x86_64.rpm         1.1 MB/s |  28 kB     00:00    
-#11 1.084 (21/48): libnetfilter_conntrack-1.0.9-1.el9.x86 2.9 MB/s |  59 kB     00:00    
-#11 1.088 (22/48): libnfnetlink-1.0.1-21.el9.x86_64.rpm   1.8 MB/s |  30 kB     00:00    
-#11 1.100 (23/48): libnftnl-1.2.6-4.el9.x86_64.rpm        4.7 MB/s |  88 kB     00:00    
-#11 1.106 (24/48): libnl3-3.9.0-1.el9.x86_64.rpm           17 MB/s | 355 kB     00:00    
-#11 1.110 (25/48): libpcap-1.10.0-4.el9.x86_64.rpm        7.8 MB/s | 173 kB     00:00    
-#11 1.119 (26/48): libpwquality-1.4.4-8.el9.x86_64.rpm    6.7 MB/s | 119 kB     00:00    
-#11 1.125 (27/48): libseccomp-2.5.2-2.el9.x86_64.rpm      3.9 MB/s |  72 kB     00:00    
-#11 1.128 (28/48): libutempter-1.2.1-6.el9.x86_64.rpm     1.5 MB/s |  27 kB     00:00    
-#11 1.137 (29/48): logrotate-3.18.0-8.el9.x86_64.rpm      4.1 MB/s |  75 kB     00:00    
-#11 1.148 (30/48): net-tools-2.0-0.64.20160912git.el9.x86  14 MB/s | 308 kB     00:00    
-#11 1.164 (31/48): openssl-3.2.2-6.el9.x86_64.rpm          38 MB/s | 1.4 MB     00:00    
-#11 1.175 (32/48): pam-1.5.1-20.el9.x86_64.rpm             17 MB/s | 628 kB     00:00    
-#11 1.191 (33/48): psmisc-23.4-3.el9.x86_64.rpm           9.4 MB/s | 243 kB     00:00    
-#11 1.206 (34/48): strace-5.18-2.el9.x86_64.rpm            44 MB/s | 1.4 MB     00:00    
-#11 1.228 (35/48): systemd-pam-252-48.el9.x86_64.rpm       13 MB/s | 285 kB     00:00    
-#11 1.247 (36/48): systemd-rpm-macros-252-48.el9.noarch.r 4.0 MB/s |  74 kB     00:00    
-#11 1.272 (37/48): tar-1.34-7.el9.x86_64.rpm               35 MB/s | 885 kB     00:00    
-#11 1.331 (38/48): util-linux-2.37.4-20.el9.x86_64.rpm     39 MB/s | 2.3 MB     00:00    
-#11 1.353 (39/48): util-linux-core-2.37.4-20.el9.x86_64.r  21 MB/s | 464 kB     00:00    
-#11 1.376 (40/48): vim-minimal-8.2.2637-21.el9.x86_64.rpm  29 MB/s | 670 kB     00:00    
-#11 1.396 (41/48): conntrack-tools-1.4.7-2.el9.x86_64.rpm  12 MB/s | 235 kB     00:00    
-#11 1.413 (42/48): libnetfilter_cthelper-1.0.0-22.el9.x86 1.4 MB/s |  24 kB     00:00    
-#11 1.433 (43/48): libnetfilter_cttimeout-1.0.0-19.el9.x8 1.2 MB/s |  24 kB     00:00    
-#11 1.451 (44/48): libnetfilter_queue-1.0.5-1.el9.x86_64. 1.6 MB/s |  29 kB     00:00    
-#11 1.469 (45/48): ltrace-0.7.91-43.el9.x86_64.rpm        7.7 MB/s | 138 kB     00:00    
-#11 1.490 (46/48): procps-ng-3.3.17-14.el9.x86_64.rpm     1.0 MB/s | 349 kB     00:00    
-#11 1.498 (47/48): tcpdump-4.99.0-9.el9.x86_64.rpm         19 MB/s | 544 kB     00:00    
-#11 1.801 (48/48): systemd-252-48.el9.x86_64.rpm          7.0 MB/s | 4.2 MB     00:00    
-#11 1.805 --------------------------------------------------------------------------------
-#11 1.806 Total                                            21 MB/s |  22 MB     00:01     
-#11 1.807 Running transaction check
-#11 1.891 Transaction check succeeded.
-#11 1.891 Running transaction test
-#11 2.173 Transaction test succeeded.
-#11 2.174 Running transaction
-#11 2.535   Preparing        :                                                        1/1 
-#11 2.573   Installing       : libmnl-1.0.4-16.el9.x86_64                            1/48 
-#11 2.580   Installing       : libnfnetlink-1.0.1-21.el9.x86_64                      2/48 
-#11 2.587   Installing       : libnetfilter_conntrack-1.0.9-1.el9.x86_64             3/48 
-#11 2.593   Installing       : libfdisk-2.37.4-20.el9.x86_64                         4/48 
-#11 2.609   Installing       : libdb-5.3.28-55.el9.x86_64                            5/48 
-#11 2.646   Installing       : iptables-libs-1.8.10-5.el9.x86_64                     6/48 
-#11 2.656   Installing       : libnetfilter_queue-1.0.5-1.el9.x86_64                 7/48 
-#11 2.662   Installing       : libnftnl-1.2.6-4.el9.x86_64                           8/48 
-#11 2.667   Installing       : libnetfilter_cthelper-1.0.0-22.el9.x86_64             9/48 
-#11 2.672   Installing       : libnetfilter_cttimeout-1.0.0-19.el9.x86_64           10/48 
-#11 2.693   Installing       : util-linux-core-2.37.4-20.el9.x86_64                 11/48 
-#11 2.704   Running scriptlet: util-linux-core-2.37.4-20.el9.x86_64                 11/48 
-#11 2.714   Installing       : systemd-rpm-macros-252-48.el9.noarch                 12/48 
-#11 2.723   Installing       : psmisc-23.4-3.el9.x86_64                             13/48 
-#11 2.764   Installing       : openssl-1:3.2.2-6.el9.x86_64                         14/48 
-#11 2.773   Running scriptlet: libutempter-1.2.1-6.el9.x86_64                       15/48 
-#11 2.813   Installing       : libutempter-1.2.1-6.el9.x86_64                       15/48 
-#11 2.822   Installing       : libseccomp-2.5.2-2.el9.x86_64                        16/48 
-#11 2.835   Installing       : libnl3-3.9.0-1.el9.x86_64                            17/48 
-#11 2.854   Installing       : libibverbs-51.0-1.el9.x86_64                         18/48 
-#11 2.865   Installing       : libpcap-14:1.10.0-4.el9.x86_64                       19/48 
-#11 2.872   Installing       : libeconf-0.4.1-4.el9.x86_64                          20/48 
-#11 2.879   Installing       : libbpf-2:1.4.0-1.el9.x86_64                          21/48 
-#11 2.884   Installing       : kmod-libs-28-10.el9.x86_64                           22/48 
-#11 2.894   Installing       : gzip-1.12-1.el9.x86_64                               23/48 
-#11 2.903   Installing       : cracklib-2.9.6-27.el9.x86_64                         24/48 
-#11 2.988   Installing       : cracklib-dicts-2.9.6-27.el9.x86_64                   25/48 
-#11 3.024   Installing       : pam-1.5.1-20.el9.x86_64                              26/48 
-#11 3.039   Installing       : libpwquality-1.4.4-8.el9.x86_64                      27/48 
-#11 3.109   Installing       : util-linux-2.37.4-20.el9.x86_64                      28/48 
-#11 3.109 warning: /etc/adjtime created as /etc/adjtime.rpmnew
-#11 3.109 
-#11 3.128   Installing       : elfutils-debuginfod-client-0.191-4.el9.x86_64        29/48 
-#11 3.135   Installing       : acl-2.3.1-4.el9.x86_64                               30/48 
-#11 3.140   Installing       : dbus-1:1.12.20-8.el9.x86_64                          31/48 
-#11 3.147   Installing       : systemd-pam-252-48.el9.x86_64                        32/48 
-#11 3.154   Running scriptlet: systemd-252-48.el9.x86_64                            33/48 
-#11 3.414   Installing       : systemd-252-48.el9.x86_64                            33/48 
-#11 3.428   Running scriptlet: systemd-252-48.el9.x86_64                            33/48 
-#11 3.565   Installing       : dbus-common-1:1.12.20-8.el9.noarch                   34/48 
-#11 3.570   Running scriptlet: dbus-common-1:1.12.20-8.el9.noarch                   34/48 
-#11 3.592 Created symlink /etc/systemd/system/sockets.target.wants/dbus.socket → /usr/lib/systemd/system/dbus.socket.
-#11 3.592 Created symlink /etc/systemd/user/sockets.target.wants/dbus.socket → /usr/lib/systemd/user/dbus.socket.
-#11 3.592 
-#11 3.594   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/48 
-#11 3.649   Installing       : dbus-broker-28-7.el9.x86_64                          35/48 
-#11 3.653   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/48 
-#11 3.675 Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service.
-#11 3.675 Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service.
-#11 3.675 
-#11 3.678   Running scriptlet: logrotate-3.18.0-8.el9.x86_64                        36/48 
-#11 3.691   Installing       : logrotate-3.18.0-8.el9.x86_64                        36/48 
-#11 3.697   Running scriptlet: logrotate-3.18.0-8.el9.x86_64                        36/48 
-#11 3.712 Created symlink /etc/systemd/system/timers.target.wants/logrotate.timer → /usr/lib/systemd/system/logrotate.timer.
-#11 3.712 
-#11 3.723   Installing       : net-tools-2.0-0.64.20160912git.el9.x86_64            37/48 
-#11 3.729   Running scriptlet: net-tools-2.0-0.64.20160912git.el9.x86_64            37/48 
-#11 3.743 Created symlink /etc/systemd/system/multi-user.target.wants/arp-ethers.service → /usr/lib/systemd/system/arp-ethers.service.
-#11 3.743 
-#11 3.755   Installing       : conntrack-tools-1.4.7-2.el9.x86_64                   38/48 
-#11 3.762   Running scriptlet: conntrack-tools-1.4.7-2.el9.x86_64                   38/48 
-#11 3.776 Created symlink /etc/systemd/system/multi-user.target.wants/conntrackd.service → /usr/lib/systemd/system/conntrackd.service.
-#11 3.776 
-#11 3.786   Installing       : ltrace-0.7.91-43.el9.x86_64                          39/48 
-#11 3.821   Installing       : iproute-6.2.0-5.el9.x86_64                           40/48 
-#11 3.828   Running scriptlet: tcpdump-14:4.99.0-9.el9.x86_64                       41/48 
-#11 3.887   Installing       : tcpdump-14:4.99.0-9.el9.x86_64                       41/48 
-#11 3.904   Installing       : iptables-nft-1.8.10-5.el9.x86_64                     42/48 
-#11 3.911   Running scriptlet: iptables-nft-1.8.10-5.el9.x86_64                     42/48 
-#11 3.951   Installing       : vim-minimal-2:8.2.2637-21.el9.x86_64                 43/48 
-#11 3.967   Installing       : tar-2:1.34-7.el9.x86_64                              44/48 
-#11 3.989   Installing       : strace-5.18-2.el9.x86_64                             45/48 
-#11 4.008   Installing       : procps-ng-3.3.17-14.el9.x86_64                       46/48 
-#11 4.019   Installing       : kmod-28-10.el9.x86_64                                47/48 
-#11 4.027   Installing       : hostname-3.23-6.el9.x86_64                           48/48 
-#11 4.031   Running scriptlet: hostname-3.23-6.el9.x86_64                           48/48 
-#11 4.321   Verifying        : acl-2.3.1-4.el9.x86_64                                1/48 
-#11 4.321   Verifying        : cracklib-2.9.6-27.el9.x86_64                          2/48 
-#11 4.322   Verifying        : cracklib-dicts-2.9.6-27.el9.x86_64                    3/48 
-#11 4.322   Verifying        : dbus-1:1.12.20-8.el9.x86_64                           4/48 
-#11 4.322   Verifying        : dbus-broker-28-7.el9.x86_64                           5/48 
-#11 4.322   Verifying        : dbus-common-1:1.12.20-8.el9.noarch                    6/48 
-#11 4.322   Verifying        : elfutils-debuginfod-client-0.191-4.el9.x86_64         7/48 
-#11 4.322   Verifying        : gzip-1.12-1.el9.x86_64                                8/48 
-#11 4.322   Verifying        : hostname-3.23-6.el9.x86_64                            9/48 
-#11 4.323   Verifying        : iproute-6.2.0-5.el9.x86_64                           10/48 
-#11 4.323   Verifying        : iptables-libs-1.8.10-5.el9.x86_64                    11/48 
-#11 4.323   Verifying        : iptables-nft-1.8.10-5.el9.x86_64                     12/48 
-#11 4.323   Verifying        : kmod-28-10.el9.x86_64                                13/48 
-#11 4.323   Verifying        : kmod-libs-28-10.el9.x86_64                           14/48 
-#11 4.323   Verifying        : libbpf-2:1.4.0-1.el9.x86_64                          15/48 
-#11 4.324   Verifying        : libdb-5.3.28-55.el9.x86_64                           16/48 
-#11 4.324   Verifying        : libeconf-0.4.1-4.el9.x86_64                          17/48 
-#11 4.324   Verifying        : libfdisk-2.37.4-20.el9.x86_64                        18/48 
-#11 4.324   Verifying        : libibverbs-51.0-1.el9.x86_64                         19/48 
-#11 4.324   Verifying        : libmnl-1.0.4-16.el9.x86_64                           20/48 
-#11 4.324   Verifying        : libnetfilter_conntrack-1.0.9-1.el9.x86_64            21/48 
-#11 4.324   Verifying        : libnfnetlink-1.0.1-21.el9.x86_64                     22/48 
-#11 4.325   Verifying        : libnftnl-1.2.6-4.el9.x86_64                          23/48 
-#11 4.325   Verifying        : libnl3-3.9.0-1.el9.x86_64                            24/48 
-#11 4.325   Verifying        : libpcap-14:1.10.0-4.el9.x86_64                       25/48 
-#11 4.325   Verifying        : libpwquality-1.4.4-8.el9.x86_64                      26/48 
-#11 4.325   Verifying        : libseccomp-2.5.2-2.el9.x86_64                        27/48 
-#11 4.325   Verifying        : libutempter-1.2.1-6.el9.x86_64                       28/48 
-#11 4.326   Verifying        : logrotate-3.18.0-8.el9.x86_64                        29/48 
-#11 4.326   Verifying        : net-tools-2.0-0.64.20160912git.el9.x86_64            30/48 
-#11 4.326   Verifying        : openssl-1:3.2.2-6.el9.x86_64                         31/48 
-#11 4.326   Verifying        : pam-1.5.1-20.el9.x86_64                              32/48 
-#11 4.326   Verifying        : procps-ng-3.3.17-14.el9.x86_64                       33/48 
-#11 4.326   Verifying        : psmisc-23.4-3.el9.x86_64                             34/48 
-#11 4.326   Verifying        : strace-5.18-2.el9.x86_64                             35/48 
-#11 4.327   Verifying        : systemd-252-48.el9.x86_64                            36/48 
-#11 4.327   Verifying        : systemd-pam-252-48.el9.x86_64                        37/48 
-#11 4.327   Verifying        : systemd-rpm-macros-252-48.el9.noarch                 38/48 
-#11 4.327   Verifying        : tar-2:1.34-7.el9.x86_64                              39/48 
-#11 4.327   Verifying        : util-linux-2.37.4-20.el9.x86_64                      40/48 
-#11 4.327   Verifying        : util-linux-core-2.37.4-20.el9.x86_64                 41/48 
-#11 4.327   Verifying        : vim-minimal-2:8.2.2637-21.el9.x86_64                 42/48 
-#11 4.328   Verifying        : conntrack-tools-1.4.7-2.el9.x86_64                   43/48 
-#11 4.328   Verifying        : libnetfilter_cthelper-1.0.0-22.el9.x86_64            44/48 
-#11 4.328   Verifying        : libnetfilter_cttimeout-1.0.0-19.el9.x86_64           45/48 
-#11 4.328   Verifying        : libnetfilter_queue-1.0.5-1.el9.x86_64                46/48 
-#11 4.328   Verifying        : ltrace-0.7.91-43.el9.x86_64                          47/48 
-#11 4.328   Verifying        : tcpdump-14:4.99.0-9.el9.x86_64                       48/48 
-#11 4.417 
-#11 4.417 Installed:
-#11 4.417   acl-2.3.1-4.el9.x86_64                                                        
-#11 4.417   conntrack-tools-1.4.7-2.el9.x86_64                                            
-#11 4.417   cracklib-2.9.6-27.el9.x86_64                                                  
-#11 4.417   cracklib-dicts-2.9.6-27.el9.x86_64                                            
-#11 4.417   dbus-1:1.12.20-8.el9.x86_64                                                   
-#11 4.417   dbus-broker-28-7.el9.x86_64                                                   
-#11 4.417   dbus-common-1:1.12.20-8.el9.noarch                                            
-#11 4.417   elfutils-debuginfod-client-0.191-4.el9.x86_64                                 
-#11 4.417   gzip-1.12-1.el9.x86_64                                                        
-#11 4.417   hostname-3.23-6.el9.x86_64                                                    
-#11 4.417   iproute-6.2.0-5.el9.x86_64                                                    
-#11 4.417   iptables-libs-1.8.10-5.el9.x86_64                                             
-#11 4.417   iptables-nft-1.8.10-5.el9.x86_64                                              
-#11 4.417   kmod-28-10.el9.x86_64                                                         
-#11 4.417   kmod-libs-28-10.el9.x86_64                                                    
-#11 4.417   libbpf-2:1.4.0-1.el9.x86_64                                                   
-#11 4.417   libdb-5.3.28-55.el9.x86_64                                                    
-#11 4.417   libeconf-0.4.1-4.el9.x86_64                                                   
-#11 4.417   libfdisk-2.37.4-20.el9.x86_64                                                 
-#11 4.417   libibverbs-51.0-1.el9.x86_64                                                  
-#11 4.417   libmnl-1.0.4-16.el9.x86_64                                                    
-#11 4.417   libnetfilter_conntrack-1.0.9-1.el9.x86_64                                     
-#11 4.417   libnetfilter_cthelper-1.0.0-22.el9.x86_64                                     
-#11 4.417   libnetfilter_cttimeout-1.0.0-19.el9.x86_64                                    
-#11 4.417   libnetfilter_queue-1.0.5-1.el9.x86_64                                         
-#11 4.417   libnfnetlink-1.0.1-21.el9.x86_64                                              
-#11 4.417   libnftnl-1.2.6-4.el9.x86_64                                                   
-#11 4.417   libnl3-3.9.0-1.el9.x86_64                                                     
-#11 4.417   libpcap-14:1.10.0-4.el9.x86_64                                                
-#11 4.417   libpwquality-1.4.4-8.el9.x86_64                                               
-#11 4.417   libseccomp-2.5.2-2.el9.x86_64                                                 
-#11 4.417   libutempter-1.2.1-6.el9.x86_64                                                
-#11 4.417   logrotate-3.18.0-8.el9.x86_64                                                 
-#11 4.417   ltrace-0.7.91-43.el9.x86_64                                                   
-#11 4.417   net-tools-2.0-0.64.20160912git.el9.x86_64                                     
-#11 4.417   openssl-1:3.2.2-6.el9.x86_64                                                  
-#11 4.417   pam-1.5.1-20.el9.x86_64                                                       
-#11 4.417   procps-ng-3.3.17-14.el9.x86_64                                                
-#11 4.417   psmisc-23.4-3.el9.x86_64                                                      
-#11 4.417   strace-5.18-2.el9.x86_64                                                      
-#11 4.417   systemd-252-48.el9.x86_64                                                     
-#11 4.417   systemd-pam-252-48.el9.x86_64                                                 
-#11 4.417   systemd-rpm-macros-252-48.el9.noarch                                          
-#11 4.417   tar-2:1.34-7.el9.x86_64                                                       
-#11 4.417   tcpdump-14:4.99.0-9.el9.x86_64                                                
-#11 4.417   util-linux-2.37.4-20.el9.x86_64                                               
-#11 4.417   util-linux-core-2.37.4-20.el9.x86_64                                          
-#11 4.417   vim-minimal-2:8.2.2637-21.el9.x86_64                                          
-#11 4.417 
-#11 4.417 Complete!
-#11 4.731 13 files removed
-#11 DONE 4.8s
+#11 0.349 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
+#11 0.350 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
+#11 0.523 Last metadata expiration check: 0:00:16 ago on Mon Nov 11 09:49:10 2024.
+#11 0.602 Package libcap-2.48-9.el9_2.x86_64 is already installed.
+#11 0.645 Dependencies resolved.
+#11 0.650 ================================================================================
+#11 0.650  Package                    Arch   Version                     Repository  Size
+#11 0.650 ================================================================================
+#11 0.650 Installing:
+#11 0.650  conntrack-tools            x86_64 1.4.7-2.el9                 centos-app 235 k
+#11 0.650  hostname                   x86_64 3.23-6.el9                  centos      29 k
+#11 0.650  iproute                    x86_64 6.2.0-5.el9                 centos     813 k
+#11 0.650  iptables-nft               x86_64 1.8.10-5.el9                centos     206 k
+#11 0.650  kmod                       x86_64 28-10.el9                   centos     126 k
+#11 0.650  logrotate                  x86_64 3.18.0-8.el9                centos      75 k
+#11 0.650  ltrace                     x86_64 0.7.91-43.el9               centos-app 138 k
+#11 0.650  net-tools                  x86_64 2.0-0.64.20160912git.el9    centos     308 k
+#11 0.650  openssl                    x86_64 1:3.2.2-6.el9               centos     1.4 M
+#11 0.650  procps-ng                  x86_64 3.3.17-14.el9               centos     349 k
+#11 0.650  strace                     x86_64 5.18-2.el9                  centos     1.4 M
+#11 0.650  tar                        x86_64 2:1.34-7.el9                centos     885 k
+#11 0.650  tcpdump                    x86_64 14:4.99.0-9.el9             centos-app 544 k
+#11 0.650  vim-minimal                x86_64 2:8.2.2637-21.el9           centos     670 k
+#11 0.650 Installing dependencies:
+#11 0.650  acl                        x86_64 2.3.1-4.el9                 centos      71 k
+#11 0.650  cracklib                   x86_64 2.9.6-27.el9                centos      94 k
+#11 0.650  cracklib-dicts             x86_64 2.9.6-27.el9                centos     3.6 M
+#11 0.650  dbus                       x86_64 1:1.12.20-8.el9             centos     3.8 k
+#11 0.650  dbus-broker                x86_64 28-7.el9                    centos     172 k
+#11 0.650  dbus-common                noarch 1:1.12.20-8.el9             centos      15 k
+#11 0.650  gzip                       x86_64 1.12-1.el9                  centos     163 k
+#11 0.650  iptables-libs              x86_64 1.8.10-5.el9                centos     460 k
+#11 0.650  kmod-libs                  x86_64 28-10.el9                   centos      63 k
+#11 0.650  libbpf                     x86_64 2:1.4.0-1.el9               centos     178 k
+#11 0.650  libdb                      x86_64 5.3.28-55.el9               centos     735 k
+#11 0.650  libeconf                   x86_64 0.4.1-4.el9                 centos      27 k
+#11 0.650  libfdisk                   x86_64 2.37.4-20.el9               centos     154 k
+#11 0.650  libibverbs                 x86_64 51.0-1.el9                  centos     442 k
+#11 0.650  libmnl                     x86_64 1.0.4-16.el9                centos      28 k
+#11 0.650  libnetfilter_conntrack     x86_64 1.0.9-1.el9                 centos      59 k
+#11 0.650  libnetfilter_cthelper      x86_64 1.0.0-22.el9                centos-app  24 k
+#11 0.650  libnetfilter_cttimeout     x86_64 1.0.0-19.el9                centos-app  24 k
+#11 0.650  libnetfilter_queue         x86_64 1.0.5-1.el9                 centos-app  29 k
+#11 0.650  libnfnetlink               x86_64 1.0.1-21.el9                centos      30 k
+#11 0.650  libnftnl                   x86_64 1.2.6-4.el9                 centos      88 k
+#11 0.650  libnl3                     x86_64 3.9.0-1.el9                 centos     355 k
+#11 0.650  libpcap                    x86_64 14:1.10.0-4.el9             centos     173 k
+#11 0.650  libpwquality               x86_64 1.4.4-8.el9                 centos     119 k
+#11 0.650  libseccomp                 x86_64 2.5.2-2.el9                 centos      72 k
+#11 0.650  libutempter                x86_64 1.2.1-6.el9                 centos      27 k
+#11 0.650  pam                        x86_64 1.5.1-20.el9                centos     628 k
+#11 0.650  psmisc                     x86_64 23.4-3.el9                  centos     243 k
+#11 0.650  systemd                    x86_64 252-48.el9                  centos     4.2 M
+#11 0.650  systemd-pam                x86_64 252-48.el9                  centos     285 k
+#11 0.650  systemd-rpm-macros         noarch 252-48.el9                  centos      74 k
+#11 0.650  util-linux                 x86_64 2.37.4-20.el9               centos     2.3 M
+#11 0.650  util-linux-core            x86_64 2.37.4-20.el9               centos     464 k
+#11 0.650 Installing weak dependencies:
+#11 0.650  elfutils-debuginfod-client x86_64 0.191-4.el9                 centos      37 k
+#11 0.650 
+#11 0.650 Transaction Summary
+#11 0.650 ================================================================================
+#11 0.650 Install  48 Packages
+#11 0.650 
+#11 0.652 Total download size: 22 M
+#11 0.652 Installed size: 63 M
+#11 0.653 Downloading Packages:
+#11 0.764 (1/48): cracklib-2.9.6-27.el9.x86_64.rpm        877 kB/s |  94 kB     00:00    
+#11 0.804 (2/48): dbus-1.12.20-8.el9.x86_64.rpm           104 kB/s | 3.8 kB     00:00    
+#11 0.854 (3/48): cracklib-dicts-2.9.6-27.el9.x86_64.rpm   19 MB/s | 3.6 MB     00:00    
+#11 0.871 (4/48): dbus-broker-28-7.el9.x86_64.rpm         2.4 MB/s | 172 kB     00:00    
+#11 0.883 (5/48): dbus-common-1.12.20-8.el9.noarch.rpm    490 kB/s |  15 kB     00:00    
+#11 0.903 (6/48): elfutils-debuginfod-client-0.191-4.el9. 1.2 MB/s |  37 kB     00:00    
+#11 0.927 (7/48): gzip-1.12-1.el9.x86_64.rpm              3.7 MB/s | 163 kB     00:00    
+#11 0.930 (8/48): acl-2.3.1-4.el9.x86_64.rpm              261 kB/s |  71 kB     00:00    
+#11 0.934 (9/48): hostname-3.23-6.el9.x86_64.rpm          941 kB/s |  29 kB     00:00    
+#11 0.981 (10/48): iptables-nft-1.8.10-5.el9.x86_64.rpm   4.3 MB/s | 206 kB     00:00    
+#11 0.992 (11/48): iptables-libs-1.8.10-5.el9.x86_64.rpm  7.3 MB/s | 460 kB     00:00    
+#11 0.999 (12/48): iproute-6.2.0-5.el9.x86_64.rpm          11 MB/s | 813 kB     00:00    
+#11 1.025 (13/48): kmod-libs-28-10.el9.x86_64.rpm         2.0 MB/s |  63 kB     00:00    
+#11 1.034 (14/48): libbpf-1.4.0-1.el9.x86_64.rpm          5.0 MB/s | 178 kB     00:00    
+#11 1.063 (15/48): libdb-5.3.28-55.el9.x86_64.rpm          19 MB/s | 735 kB     00:00    
+#11 1.066 (16/48): libeconf-0.4.1-4.el9.x86_64.rpm        856 kB/s |  27 kB     00:00    
+#11 1.076 (17/48): kmod-28-10.el9.x86_64.rpm              1.3 MB/s | 126 kB     00:00    
+#11 1.101 (18/48): libibverbs-51.0-1.el9.x86_64.rpm        13 MB/s | 442 kB     00:00    
+#11 1.107 (19/48): libmnl-1.0.4-16.el9.x86_64.rpm         911 kB/s |  28 kB     00:00    
+#11 1.113 (20/48): libfdisk-2.37.4-20.el9.x86_64.rpm      3.1 MB/s | 154 kB     00:00    
+#11 1.132 (21/48): libnetfilter_conntrack-1.0.9-1.el9.x86 1.9 MB/s |  59 kB     00:00    
+#11 1.146 (22/48): libnftnl-1.2.6-4.el9.x86_64.rpm        2.7 MB/s |  88 kB     00:00    
+#11 1.173 (23/48): libnfnetlink-1.0.1-21.el9.x86_64.rpm   461 kB/s |  30 kB     00:00    
+#11 1.179 (24/48): libpcap-1.10.0-4.el9.x86_64.rpm        5.1 MB/s | 173 kB     00:00    
+#11 1.205 (25/48): libpwquality-1.4.4-8.el9.x86_64.rpm    3.7 MB/s | 119 kB     00:00    
+#11 1.214 (26/48): libnl3-3.9.0-1.el9.x86_64.rpm          4.2 MB/s | 355 kB     00:00    
+#11 1.237 (27/48): libutempter-1.2.1-6.el9.x86_64.rpm     857 kB/s |  27 kB     00:00    
+#11 1.247 (28/48): logrotate-3.18.0-8.el9.x86_64.rpm      2.3 MB/s |  75 kB     00:00    
+#11 1.256 (29/48): libseccomp-2.5.2-2.el9.x86_64.rpm      938 kB/s |  72 kB     00:00    
+#11 1.271 (30/48): net-tools-2.0-0.64.20160912git.el9.x86 8.8 MB/s | 308 kB     00:00    
+#11 1.295 (31/48): pam-1.5.1-20.el9.x86_64.rpm             16 MB/s | 628 kB     00:00    
+#11 1.305 (32/48): openssl-3.2.2-6.el9.x86_64.rpm          24 MB/s | 1.4 MB     00:00    
+#11 1.329 (33/48): psmisc-23.4-3.el9.x86_64.rpm           7.2 MB/s | 243 kB     00:00    
+#11 1.350 (34/48): strace-5.18-2.el9.x86_64.rpm            31 MB/s | 1.4 MB     00:00    
+#11 1.399 (35/48): systemd-252-48.el9.x86_64.rpm           61 MB/s | 4.2 MB     00:00    
+#11 1.404 (36/48): systemd-pam-252-48.el9.x86_64.rpm      5.2 MB/s | 285 kB     00:00    
+#11 1.432 (37/48): systemd-rpm-macros-252-48.el9.noarch.r 2.3 MB/s |  74 kB     00:00    
+#11 1.490 (38/48): util-linux-2.37.4-20.el9.x86_64.rpm     40 MB/s | 2.3 MB     00:00    
+#11 1.541 (39/48): tar-1.34-7.el9.x86_64.rpm              6.3 MB/s | 885 kB     00:00    
+#11 1.551 (40/48): procps-ng-3.3.17-14.el9.x86_64.rpm     1.2 MB/s | 349 kB     00:00    
+#11 1.557 (41/48): util-linux-core-2.37.4-20.el9.x86_64.r 6.8 MB/s | 464 kB     00:00    
+#11 1.586 (42/48): conntrack-tools-1.4.7-2.el9.x86_64.rpm 6.9 MB/s | 235 kB     00:00    
+#11 1.589 (43/48): libnetfilter_cthelper-1.0.0-22.el9.x86 768 kB/s |  24 kB     00:00    
+#11 1.617 (44/48): libnetfilter_cttimeout-1.0.0-19.el9.x8 776 kB/s |  24 kB     00:00    
+#11 1.620 (45/48): libnetfilter_queue-1.0.5-1.el9.x86_64. 931 kB/s |  29 kB     00:00    
+#11 1.638 (46/48): vim-minimal-8.2.2637-21.el9.x86_64.rpm 6.8 MB/s | 670 kB     00:00    
+#11 1.681 (47/48): ltrace-0.7.91-43.el9.x86_64.rpm        2.2 MB/s | 138 kB     00:00    
+#11 1.691 (48/48): tcpdump-4.99.0-9.el9.x86_64.rpm        7.6 MB/s | 544 kB     00:00    
+#11 1.695 --------------------------------------------------------------------------------
+#11 1.696 Total                                            21 MB/s |  22 MB     00:01     
+#11 1.697 Running transaction check
+#11 1.777 Transaction check succeeded.
+#11 1.777 Running transaction test
+#11 2.061 Transaction test succeeded.
+#11 2.062 Running transaction
+#11 2.423   Preparing        :                                                        1/1 
+#11 2.462   Installing       : libmnl-1.0.4-16.el9.x86_64                            1/48 
+#11 2.468   Installing       : libnfnetlink-1.0.1-21.el9.x86_64                      2/48 
+#11 2.474   Installing       : libnetfilter_conntrack-1.0.9-1.el9.x86_64             3/48 
+#11 2.480   Installing       : libfdisk-2.37.4-20.el9.x86_64                         4/48 
+#11 2.496   Installing       : libdb-5.3.28-55.el9.x86_64                            5/48 
+#11 2.531   Installing       : iptables-libs-1.8.10-5.el9.x86_64                     6/48 
+#11 2.544   Installing       : libnetfilter_queue-1.0.5-1.el9.x86_64                 7/48 
+#11 2.550   Installing       : libnftnl-1.2.6-4.el9.x86_64                           8/48 
+#11 2.554   Installing       : libnetfilter_cthelper-1.0.0-22.el9.x86_64             9/48 
+#11 2.559   Installing       : libnetfilter_cttimeout-1.0.0-19.el9.x86_64           10/48 
+#11 2.579   Installing       : util-linux-core-2.37.4-20.el9.x86_64                 11/48 
+#11 2.586   Running scriptlet: util-linux-core-2.37.4-20.el9.x86_64                 11/48 
+#11 2.596   Installing       : systemd-rpm-macros-252-48.el9.noarch                 12/48 
+#11 2.605   Installing       : psmisc-23.4-3.el9.x86_64                             13/48 
+#11 2.645   Installing       : openssl-1:3.2.2-6.el9.x86_64                         14/48 
+#11 2.658   Running scriptlet: libutempter-1.2.1-6.el9.x86_64                       15/48 
+#11 2.699   Installing       : libutempter-1.2.1-6.el9.x86_64                       15/48 
+#11 2.707   Installing       : libseccomp-2.5.2-2.el9.x86_64                        16/48 
+#11 2.720   Installing       : libnl3-3.9.0-1.el9.x86_64                            17/48 
+#11 2.738   Installing       : libibverbs-51.0-1.el9.x86_64                         18/48 
+#11 2.749   Installing       : libpcap-14:1.10.0-4.el9.x86_64                       19/48 
+#11 2.757   Installing       : libeconf-0.4.1-4.el9.x86_64                          20/48 
+#11 2.763   Installing       : libbpf-2:1.4.0-1.el9.x86_64                          21/48 
+#11 2.768   Installing       : kmod-libs-28-10.el9.x86_64                           22/48 
+#11 2.778   Installing       : gzip-1.12-1.el9.x86_64                               23/48 
+#11 2.786   Installing       : cracklib-2.9.6-27.el9.x86_64                         24/48 
+#11 2.859   Installing       : cracklib-dicts-2.9.6-27.el9.x86_64                   25/48 
+#11 2.899   Installing       : pam-1.5.1-20.el9.x86_64                              26/48 
+#11 2.915   Installing       : libpwquality-1.4.4-8.el9.x86_64                      27/48 
+#11 2.983   Installing       : util-linux-2.37.4-20.el9.x86_64                      28/48 
+#11 2.984 warning: /etc/adjtime created as /etc/adjtime.rpmnew
+#11 2.984 
+#11 3.001   Installing       : elfutils-debuginfod-client-0.191-4.el9.x86_64        29/48 
+#11 3.008   Installing       : acl-2.3.1-4.el9.x86_64                               30/48 
+#11 3.012   Installing       : dbus-1:1.12.20-8.el9.x86_64                          31/48 
+#11 3.019   Installing       : systemd-pam-252-48.el9.x86_64                        32/48 
+#11 3.026   Running scriptlet: systemd-252-48.el9.x86_64                            33/48 
+#11 3.274   Installing       : systemd-252-48.el9.x86_64                            33/48 
+#11 3.288   Running scriptlet: systemd-252-48.el9.x86_64                            33/48 
+#11 3.424   Installing       : dbus-common-1:1.12.20-8.el9.noarch                   34/48 
+#11 3.430   Running scriptlet: dbus-common-1:1.12.20-8.el9.noarch                   34/48 
+#11 3.453 Created symlink /etc/systemd/system/sockets.target.wants/dbus.socket → /usr/lib/systemd/system/dbus.socket.
+#11 3.453 Created symlink /etc/systemd/user/sockets.target.wants/dbus.socket → /usr/lib/systemd/user/dbus.socket.
+#11 3.453 
+#11 3.455   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/48 
+#11 3.512   Installing       : dbus-broker-28-7.el9.x86_64                          35/48 
+#11 3.517   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/48 
+#11 3.539 Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service.
+#11 3.539 Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service.
+#11 3.539 
+#11 3.543   Running scriptlet: logrotate-3.18.0-8.el9.x86_64                        36/48 
+#11 3.558   Installing       : logrotate-3.18.0-8.el9.x86_64                        36/48 
+#11 3.564   Running scriptlet: logrotate-3.18.0-8.el9.x86_64                        36/48 
+#11 3.579 Created symlink /etc/systemd/system/timers.target.wants/logrotate.timer → /usr/lib/systemd/system/logrotate.timer.
+#11 3.579 
+#11 3.590   Installing       : net-tools-2.0-0.64.20160912git.el9.x86_64            37/48 
+#11 3.596   Running scriptlet: net-tools-2.0-0.64.20160912git.el9.x86_64            37/48 
+#11 3.611 Created symlink /etc/systemd/system/multi-user.target.wants/arp-ethers.service → /usr/lib/systemd/system/arp-ethers.service.
+#11 3.611 
+#11 3.624   Installing       : conntrack-tools-1.4.7-2.el9.x86_64                   38/48 
+#11 3.631   Running scriptlet: conntrack-tools-1.4.7-2.el9.x86_64                   38/48 
+#11 3.647 Created symlink /etc/systemd/system/multi-user.target.wants/conntrackd.service → /usr/lib/systemd/system/conntrackd.service.
+#11 3.647 
+#11 3.659   Installing       : ltrace-0.7.91-43.el9.x86_64                          39/48 
+#11 3.692   Installing       : iproute-6.2.0-5.el9.x86_64                           40/48 
+#11 3.700   Running scriptlet: tcpdump-14:4.99.0-9.el9.x86_64                       41/48 
+#11 3.762   Installing       : tcpdump-14:4.99.0-9.el9.x86_64                       41/48 
+#11 3.778   Installing       : iptables-nft-1.8.10-5.el9.x86_64                     42/48 
+#11 3.784   Running scriptlet: iptables-nft-1.8.10-5.el9.x86_64                     42/48 
+#11 3.827   Installing       : vim-minimal-2:8.2.2637-21.el9.x86_64                 43/48 
+#11 3.843   Installing       : tar-2:1.34-7.el9.x86_64                              44/48 
+#11 3.865   Installing       : strace-5.18-2.el9.x86_64                             45/48 
+#11 3.884   Installing       : procps-ng-3.3.17-14.el9.x86_64                       46/48 
+#11 3.897   Installing       : kmod-28-10.el9.x86_64                                47/48 
+#11 3.904   Installing       : hostname-3.23-6.el9.x86_64                           48/48 
+#11 3.908   Running scriptlet: hostname-3.23-6.el9.x86_64                           48/48 
+#11 4.211   Verifying        : acl-2.3.1-4.el9.x86_64                                1/48 
+#11 4.211   Verifying        : cracklib-2.9.6-27.el9.x86_64                          2/48 
+#11 4.211   Verifying        : cracklib-dicts-2.9.6-27.el9.x86_64                    3/48 
+#11 4.211   Verifying        : dbus-1:1.12.20-8.el9.x86_64                           4/48 
+#11 4.211   Verifying        : dbus-broker-28-7.el9.x86_64                           5/48 
+#11 4.211   Verifying        : dbus-common-1:1.12.20-8.el9.noarch                    6/48 
+#11 4.211   Verifying        : elfutils-debuginfod-client-0.191-4.el9.x86_64         7/48 
+#11 4.211   Verifying        : gzip-1.12-1.el9.x86_64                                8/48 
+#11 4.211   Verifying        : hostname-3.23-6.el9.x86_64                            9/48 
+#11 4.212   Verifying        : iproute-6.2.0-5.el9.x86_64                           10/48 
+#11 4.212   Verifying        : iptables-libs-1.8.10-5.el9.x86_64                    11/48 
+#11 4.212   Verifying        : iptables-nft-1.8.10-5.el9.x86_64                     12/48 
+#11 4.212   Verifying        : kmod-28-10.el9.x86_64                                13/48 
+#11 4.212   Verifying        : kmod-libs-28-10.el9.x86_64                           14/48 
+#11 4.212   Verifying        : libbpf-2:1.4.0-1.el9.x86_64                          15/48 
+#11 4.212   Verifying        : libdb-5.3.28-55.el9.x86_64                           16/48 
+#11 4.212   Verifying        : libeconf-0.4.1-4.el9.x86_64                          17/48 
+#11 4.212   Verifying        : libfdisk-2.37.4-20.el9.x86_64                        18/48 
+#11 4.212   Verifying        : libibverbs-51.0-1.el9.x86_64                         19/48 
+#11 4.213   Verifying        : libmnl-1.0.4-16.el9.x86_64                           20/48 
+#11 4.213   Verifying        : libnetfilter_conntrack-1.0.9-1.el9.x86_64            21/48 
+#11 4.213   Verifying        : libnfnetlink-1.0.1-21.el9.x86_64                     22/48 
+#11 4.213   Verifying        : libnftnl-1.2.6-4.el9.x86_64                          23/48 
+#11 4.213   Verifying        : libnl3-3.9.0-1.el9.x86_64                            24/48 
+#11 4.213   Verifying        : libpcap-14:1.10.0-4.el9.x86_64                       25/48 
+#11 4.213   Verifying        : libpwquality-1.4.4-8.el9.x86_64                      26/48 
+#11 4.213   Verifying        : libseccomp-2.5.2-2.el9.x86_64                        27/48 
+#11 4.213   Verifying        : libutempter-1.2.1-6.el9.x86_64                       28/48 
+#11 4.213   Verifying        : logrotate-3.18.0-8.el9.x86_64                        29/48 
+#11 4.213   Verifying        : net-tools-2.0-0.64.20160912git.el9.x86_64            30/48 
+#11 4.213   Verifying        : openssl-1:3.2.2-6.el9.x86_64                         31/48 
+#11 4.213   Verifying        : pam-1.5.1-20.el9.x86_64                              32/48 
+#11 4.213   Verifying        : procps-ng-3.3.17-14.el9.x86_64                       33/48 
+#11 4.214   Verifying        : psmisc-23.4-3.el9.x86_64                             34/48 
+#11 4.214   Verifying        : strace-5.18-2.el9.x86_64                             35/48 
+#11 4.214   Verifying        : systemd-252-48.el9.x86_64                            36/48 
+#11 4.214   Verifying        : systemd-pam-252-48.el9.x86_64                        37/48 
+#11 4.214   Verifying        : systemd-rpm-macros-252-48.el9.noarch                 38/48 
+#11 4.214   Verifying        : tar-2:1.34-7.el9.x86_64                              39/48 
+#11 4.214   Verifying        : util-linux-2.37.4-20.el9.x86_64                      40/48 
+#11 4.214   Verifying        : util-linux-core-2.37.4-20.el9.x86_64                 41/48 
+#11 4.214   Verifying        : vim-minimal-2:8.2.2637-21.el9.x86_64                 42/48 
+#11 4.215   Verifying        : conntrack-tools-1.4.7-2.el9.x86_64                   43/48 
+#11 4.215   Verifying        : libnetfilter_cthelper-1.0.0-22.el9.x86_64            44/48 
+#11 4.215   Verifying        : libnetfilter_cttimeout-1.0.0-19.el9.x86_64           45/48 
+#11 4.215   Verifying        : libnetfilter_queue-1.0.5-1.el9.x86_64                46/48 
+#11 4.215   Verifying        : ltrace-0.7.91-43.el9.x86_64                          47/48 
+#11 4.215   Verifying        : tcpdump-14:4.99.0-9.el9.x86_64                       48/48 
+#11 4.305 
+#11 4.305 Installed:
+#11 4.305   acl-2.3.1-4.el9.x86_64                                                        
+#11 4.305   conntrack-tools-1.4.7-2.el9.x86_64                                            
+#11 4.305   cracklib-2.9.6-27.el9.x86_64                                                  
+#11 4.305   cracklib-dicts-2.9.6-27.el9.x86_64                                            
+#11 4.305   dbus-1:1.12.20-8.el9.x86_64                                                   
+#11 4.305   dbus-broker-28-7.el9.x86_64                                                   
+#11 4.305   dbus-common-1:1.12.20-8.el9.noarch                                            
+#11 4.305   elfutils-debuginfod-client-0.191-4.el9.x86_64                                 
+#11 4.305   gzip-1.12-1.el9.x86_64                                                        
+#11 4.305   hostname-3.23-6.el9.x86_64                                                    
+#11 4.305   iproute-6.2.0-5.el9.x86_64                                                    
+#11 4.305   iptables-libs-1.8.10-5.el9.x86_64                                             
+#11 4.305   iptables-nft-1.8.10-5.el9.x86_64                                              
+#11 4.305   kmod-28-10.el9.x86_64                                                         
+#11 4.305   kmod-libs-28-10.el9.x86_64                                                    
+#11 4.305   libbpf-2:1.4.0-1.el9.x86_64                                                   
+#11 4.305   libdb-5.3.28-55.el9.x86_64                                                    
+#11 4.305   libeconf-0.4.1-4.el9.x86_64                                                   
+#11 4.305   libfdisk-2.37.4-20.el9.x86_64                                                 
+#11 4.305   libibverbs-51.0-1.el9.x86_64                                                  
+#11 4.305   libmnl-1.0.4-16.el9.x86_64                                                    
+#11 4.305   libnetfilter_conntrack-1.0.9-1.el9.x86_64                                     
+#11 4.305   libnetfilter_cthelper-1.0.0-22.el9.x86_64                                     
+#11 4.305   libnetfilter_cttimeout-1.0.0-19.el9.x86_64                                    
+#11 4.305   libnetfilter_queue-1.0.5-1.el9.x86_64                                         
+#11 4.305   libnfnetlink-1.0.1-21.el9.x86_64                                              
+#11 4.305   libnftnl-1.2.6-4.el9.x86_64                                                   
+#11 4.305   libnl3-3.9.0-1.el9.x86_64                                                     
+#11 4.305   libpcap-14:1.10.0-4.el9.x86_64                                                
+#11 4.305   libpwquality-1.4.4-8.el9.x86_64                                               
+#11 4.305   libseccomp-2.5.2-2.el9.x86_64                                                 
+#11 4.305   libutempter-1.2.1-6.el9.x86_64                                                
+#11 4.305   logrotate-3.18.0-8.el9.x86_64                                                 
+#11 4.305   ltrace-0.7.91-43.el9.x86_64                                                   
+#11 4.305   net-tools-2.0-0.64.20160912git.el9.x86_64                                     
+#11 4.305   openssl-1:3.2.2-6.el9.x86_64                                                  
+#11 4.305   pam-1.5.1-20.el9.x86_64                                                       
+#11 4.305   procps-ng-3.3.17-14.el9.x86_64                                                
+#11 4.305   psmisc-23.4-3.el9.x86_64                                                      
+#11 4.305   strace-5.18-2.el9.x86_64                                                      
+#11 4.305   systemd-252-48.el9.x86_64                                                     
+#11 4.305   systemd-pam-252-48.el9.x86_64                                                 
+#11 4.305   systemd-rpm-macros-252-48.el9.noarch                                          
+#11 4.305   tar-2:1.34-7.el9.x86_64                                                       
+#11 4.305   tcpdump-14:4.99.0-9.el9.x86_64                                                
+#11 4.305   util-linux-2.37.4-20.el9.x86_64                                               
+#11 4.305   util-linux-core-2.37.4-20.el9.x86_64                                          
+#11 4.305   vim-minimal-2:8.2.2637-21.el9.x86_64                                          
+#11 4.305 
+#11 4.305 Complete!
+#11 4.616 13 files removed
+#11 DONE 4.7s
 
 #10 [ 5/10] RUN yum --nogpgcheck update -y
-#10 0.665 Red Hat Universal Base Image 9 (RPMs) - BaseOS  2.0 MB/s | 524 kB     00:00    
-#10 1.055 Red Hat Universal Base Image 9 (RPMs) - AppStre 7.1 MB/s | 2.1 MB     00:00    
-#10 1.828 Red Hat Universal Base Image 9 (RPMs) - CodeRea 745 kB/s | 278 kB     00:00    
-#10 2.034 Dependencies resolved.
-#10 2.036 ================================================================================
-#10 2.036  Package         Arch   Version                         Repository         Size
-#10 2.036 ================================================================================
-#10 2.036 Upgrading:
-#10 2.036  ca-certificates noarch 2024.2.69_v8.0.303-91.4.el9_4   ubi-9-baseos-rpms 1.0 M
-#10 2.036  gnutls          x86_64 3.8.3-4.el9_4                   ubi-9-baseos-rpms 1.1 M
-#10 2.036  iproute         x86_64 6.2.0-6.el9_4                   ubi-9-baseos-rpms 819 k
-#10 2.036  libevent        x86_64 2.1.12-8.el9_4                  ubi-9-baseos-rpms 266 k
-#10 2.036  libmnl          x86_64 1.0.4-16.el9_4                  ubi-9-baseos-rpms  30 k
-#10 2.036  libnftnl        x86_64 1.2.6-4.el9_4                   ubi-9-baseos-rpms  89 k
-#10 2.036  libxml2         x86_64 2.9.13-6.el9_4                  ubi-9-baseos-rpms 752 k
-#10 2.036  redhat-release  x86_64 9.4-0.5.el9                     ubi-9-baseos-rpms  46 k
-#10 2.036 
-#10 2.036 Transaction Summary
-#10 2.036 ================================================================================
-#10 2.036 Upgrade  8 Packages
-#10 2.036 
-#10 2.037 Total download size: 4.0 M
-#10 2.037 Downloading Packages:
-#10 2.197 (1/8): gnutls-3.8.3-4.el9_4.x86_64.rpm          6.9 MB/s | 1.1 MB     00:00    
-#10 2.210 (2/8): iproute-6.2.0-6.el9_4.x86_64.rpm         4.7 MB/s | 819 kB     00:00    
-#10 2.220 (3/8): ca-certificates-2024.2.69_v8.0.303-91.4. 5.5 MB/s | 1.0 MB     00:00    
-#10 2.225 (4/8): libevent-2.1.12-8.el9_4.x86_64.rpm       9.3 MB/s | 266 kB     00:00    
-#10 2.229 (5/8): libmnl-1.0.4-16.el9_4.x86_64.rpm         1.6 MB/s |  30 kB     00:00    
-#10 2.240 (6/8): libnftnl-1.2.6-4.el9_4.x86_64.rpm        4.6 MB/s |  89 kB     00:00    
-#10 2.248 (7/8): redhat-release-9.4-0.5.el9.x86_64.rpm    2.5 MB/s |  46 kB     00:00    
-#10 2.257 (8/8): libxml2-2.9.13-6.el9_4.x86_64.rpm         24 MB/s | 752 kB     00:00    
-#10 2.261 --------------------------------------------------------------------------------
-#10 2.262 Total                                            18 MB/s | 4.0 MB     00:00     
-#10 2.262 Running transaction check
-#10 2.297 Transaction check succeeded.
-#10 2.297 Running transaction test
-#10 2.388 Transaction test succeeded.
-#10 2.389 Running transaction
-#10 2.517   Preparing        :                                                        1/1 
-#10 2.560   Upgrading        : libmnl-1.0.4-16.el9_4.x86_64                          1/16 
-#10 2.603   Upgrading        : iproute-6.2.0-6.el9_4.x86_64                          2/16 
-#10 2.614   Upgrading        : libnftnl-1.2.6-4.el9_4.x86_64                         3/16 
-#10 2.626   Upgrading        : redhat-release-9.4-0.5.el9.x86_64                     4/16 
-#10 2.645   Upgrading        : libxml2-2.9.13-6.el9_4.x86_64                         5/16 
-#10 2.658   Upgrading        : libevent-2.1.12-8.el9_4.x86_64                        6/16 
-#10 2.682   Upgrading        : gnutls-3.8.3-4.el9_4.x86_64                           7/16 
-#10 2.689   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    8/16 
-#10 2.715   Upgrading        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    8/16 
-#10 2.723   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    8/16 
-#10 3.735   Cleanup          : redhat-release-9.3-0.5.el9.x86_64                     9/16 
-#10 3.744   Cleanup          : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch   10/16 
-#10 3.752   Cleanup          : iproute-6.2.0-5.el9.x86_64                           11/16 
-#10 3.759   Cleanup          : libnftnl-1.2.6-4.el9.x86_64                          12/16 
-#10 3.764   Cleanup          : libmnl-1.0.4-16.el9.x86_64                           13/16 
-#10 3.769   Cleanup          : libxml2-2.9.13-6.el9.x86_64                          14/16 
-#10 3.774   Cleanup          : libevent-2.1.12-8.el9.x86_64                         15/16 
-#10 3.779   Cleanup          : gnutls-3.8.3-4.el9.x86_64                            16/16 
-#10 3.789   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar   16/16 
-#10 4.794   Running scriptlet: gnutls-3.8.3-4.el9.x86_64                            16/16 
-#10 4.893   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    1/16 
-#10 4.893   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch    2/16 
-#10 4.893   Verifying        : gnutls-3.8.3-4.el9_4.x86_64                           3/16 
-#10 4.893   Verifying        : gnutls-3.8.3-4.el9.x86_64                             4/16 
-#10 4.893   Verifying        : iproute-6.2.0-6.el9_4.x86_64                          5/16 
-#10 4.893   Verifying        : iproute-6.2.0-5.el9.x86_64                            6/16 
-#10 4.893   Verifying        : libevent-2.1.12-8.el9_4.x86_64                        7/16 
-#10 4.893   Verifying        : libevent-2.1.12-8.el9.x86_64                          8/16 
-#10 4.893   Verifying        : libmnl-1.0.4-16.el9_4.x86_64                          9/16 
-#10 4.894   Verifying        : libmnl-1.0.4-16.el9.x86_64                           10/16 
-#10 4.894   Verifying        : libnftnl-1.2.6-4.el9_4.x86_64                        11/16 
-#10 4.894   Verifying        : libnftnl-1.2.6-4.el9.x86_64                          12/16 
-#10 4.894   Verifying        : libxml2-2.9.13-6.el9_4.x86_64                        13/16 
-#10 4.894   Verifying        : libxml2-2.9.13-6.el9.x86_64                          14/16 
-#10 4.894   Verifying        : redhat-release-9.4-0.5.el9.x86_64                    15/16 
-#10 4.894   Verifying        : redhat-release-9.3-0.5.el9.x86_64                    16/16 
-#10 4.948 
-#10 4.948 Upgraded:
-#10 4.948   ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch                          
-#10 4.948   gnutls-3.8.3-4.el9_4.x86_64                                                   
-#10 4.948   iproute-6.2.0-6.el9_4.x86_64                                                  
-#10 4.948   libevent-2.1.12-8.el9_4.x86_64                                                
-#10 4.948   libmnl-1.0.4-16.el9_4.x86_64                                                  
-#10 4.948   libnftnl-1.2.6-4.el9_4.x86_64                                                 
-#10 4.948   libxml2-2.9.13-6.el9_4.x86_64                                                 
-#10 4.948   redhat-release-9.4-0.5.el9.x86_64                                             
-#10 4.948 
-#10 4.948 Complete!
-#10 DONE 5.0s
+#10 0.645 Red Hat Universal Base Image 9 (RPMs) - BaseOS  2.0 MB/s | 524 kB     00:00    
+#10 0.978 Red Hat Universal Base Image 9 (RPMs) - AppStre 8.7 MB/s | 2.1 MB     00:00    
+#10 1.577 Red Hat Universal Base Image 9 (RPMs) - CodeRea 1.4 MB/s | 278 kB     00:00    
+#10 1.780 Dependencies resolved.
+#10 1.781 ================================================================================
+#10 1.781  Package         Arch   Version                         Repository         Size
+#10 1.781 ================================================================================
+#10 1.781 Upgrading:
+#10 1.781  ca-certificates noarch 2024.2.69_v8.0.303-91.4.el9_4   ubi-9-baseos-rpms 1.0 M
+#10 1.781  gnutls          x86_64 3.8.3-4.el9_4                   ubi-9-baseos-rpms 1.1 M
+#10 1.781  iproute         x86_64 6.2.0-6.el9_4                   ubi-9-baseos-rpms 819 k
+#10 1.781  libevent        x86_64 2.1.12-8.el9_4                  ubi-9-baseos-rpms 266 k
+#10 1.781  libmnl          x86_64 1.0.4-16.el9_4                  ubi-9-baseos-rpms  30 k
+#10 1.781  libnftnl        x86_64 1.2.6-4.el9_4                   ubi-9-baseos-rpms  89 k
+#10 1.781  libxml2         x86_64 2.9.13-6.el9_4                  ubi-9-baseos-rpms 752 k
+#10 1.781  redhat-release  x86_64 9.4-0.5.el9                     ubi-9-baseos-rpms  46 k
+#10 1.781 
+#10 1.781 Transaction Summary
+#10 1.781 ================================================================================
+#10 1.781 Upgrade  8 Packages
+#10 1.781 
+#10 1.782 Total download size: 4.0 M
+#10 1.783 Downloading Packages:
+#10 1.912 (1/8): iproute-6.2.0-6.el9_4.x86_64.rpm         6.3 MB/s | 819 kB     00:00    
+#10 1.920 (2/8): ca-certificates-2024.2.69_v8.0.303-91.4. 7.4 MB/s | 1.0 MB     00:00    
+#10 1.929 (3/8): gnutls-3.8.3-4.el9_4.x86_64.rpm          7.5 MB/s | 1.1 MB     00:00    
+#10 1.934 (4/8): libevent-2.1.12-8.el9_4.x86_64.rpm        12 MB/s | 266 kB     00:00    
+#10 1.937 (5/8): libmnl-1.0.4-16.el9_4.x86_64.rpm         1.8 MB/s |  30 kB     00:00    
+#10 1.962 (6/8): libxml2-2.9.13-6.el9_4.x86_64.rpm         27 MB/s | 752 kB     00:00    
+#10 1.965 (7/8): redhat-release-9.4-0.5.el9.x86_64.rpm    1.6 MB/s |  46 kB     00:00    
+#10 1.969 (8/8): libnftnl-1.2.6-4.el9_4.x86_64.rpm        2.2 MB/s |  89 kB     00:00    
+#10 1.973 --------------------------------------------------------------------------------
+#10 1.974 Total                                            21 MB/s | 4.0 MB     00:00     
+#10 1.975 Running transaction check
+#10 2.010 Transaction check succeeded.
+#10 2.010 Running transaction test
+#10 2.101 Transaction test succeeded.
+#10 2.103 Running transaction
+#10 2.233   Preparing        :                                                        1/1 
+#10 2.280   Upgrading        : libmnl-1.0.4-16.el9_4.x86_64                          1/16 
+#10 2.322   Upgrading        : iproute-6.2.0-6.el9_4.x86_64                          2/16 
+#10 2.333   Upgrading        : libnftnl-1.2.6-4.el9_4.x86_64                         3/16 
+#10 2.348   Upgrading        : redhat-release-9.4-0.5.el9.x86_64                     4/16 
+#10 2.366   Upgrading        : libxml2-2.9.13-6.el9_4.x86_64                         5/16 
+#10 2.380   Upgrading        : libevent-2.1.12-8.el9_4.x86_64                        6/16 
+#10 2.403   Upgrading        : gnutls-3.8.3-4.el9_4.x86_64                           7/16 
+#10 2.410   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    8/16 
+#10 2.435   Upgrading        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    8/16 
+#10 2.446   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    8/16 
+#10 3.437   Cleanup          : redhat-release-9.3-0.5.el9.x86_64                     9/16 
+#10 3.447   Cleanup          : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch   10/16 
+#10 3.455   Cleanup          : iproute-6.2.0-5.el9.x86_64                           11/16 
+#10 3.462   Cleanup          : libnftnl-1.2.6-4.el9.x86_64                          12/16 
+#10 3.466   Cleanup          : libmnl-1.0.4-16.el9.x86_64                           13/16 
+#10 3.471   Cleanup          : libxml2-2.9.13-6.el9.x86_64                          14/16 
+#10 3.477   Cleanup          : libevent-2.1.12-8.el9.x86_64                         15/16 
+#10 3.482   Cleanup          : gnutls-3.8.3-4.el9.x86_64                            16/16 
+#10 3.488   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar   16/16 
+#10 4.506   Running scriptlet: gnutls-3.8.3-4.el9.x86_64                            16/16 
+#10 4.610   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noar    1/16 
+#10 4.610   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9.noarch    2/16 
+#10 4.612   Verifying        : gnutls-3.8.3-4.el9_4.x86_64                           3/16 
+#10 4.612   Verifying        : gnutls-3.8.3-4.el9.x86_64                             4/16 
+#10 4.612   Verifying        : iproute-6.2.0-6.el9_4.x86_64                          5/16 
+#10 4.612   Verifying        : iproute-6.2.0-5.el9.x86_64                            6/16 
+#10 4.612   Verifying        : libevent-2.1.12-8.el9_4.x86_64                        7/16 
+#10 4.612   Verifying        : libevent-2.1.12-8.el9.x86_64                          8/16 
+#10 4.612   Verifying        : libmnl-1.0.4-16.el9_4.x86_64                          9/16 
+#10 4.612   Verifying        : libmnl-1.0.4-16.el9.x86_64                           10/16 
+#10 4.612   Verifying        : libnftnl-1.2.6-4.el9_4.x86_64                        11/16 
+#10 4.612   Verifying        : libnftnl-1.2.6-4.el9.x86_64                          12/16 
+#10 4.612   Verifying        : libxml2-2.9.13-6.el9_4.x86_64                        13/16 
+#10 4.612   Verifying        : libxml2-2.9.13-6.el9.x86_64                          14/16 
+#10 4.612   Verifying        : redhat-release-9.4-0.5.el9.x86_64                    15/16 
+#10 4.612   Verifying        : redhat-release-9.3-0.5.el9.x86_64                    16/16 
+#10 4.659 
+#10 4.659 Upgraded:
+#10 4.659   ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch                          
+#10 4.659   gnutls-3.8.3-4.el9_4.x86_64                                                   
+#10 4.659   iproute-6.2.0-6.el9_4.x86_64                                                  
+#10 4.659   libevent-2.1.12-8.el9_4.x86_64                                                
+#10 4.659   libmnl-1.0.4-16.el9_4.x86_64                                                  
+#10 4.659   libnftnl-1.2.6-4.el9_4.x86_64                                                 
+#10 4.659   libxml2-2.9.13-6.el9_4.x86_64                                                 
+#10 4.659   redhat-release-9.4-0.5.el9.x86_64                                             
+#10 4.659 
+#10 4.659 Complete!
+#10 DONE 4.7s
 
 #8 [ 6/10] COPY licenses /licenses
 #8 DONE 0.1s
@@ -9487,14 +9486,14 @@ building final image
 
 #15 exporting to image
 #15 exporting layers
-#15 exporting layers 3.8s done
-#15 writing image sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e done
+#15 exporting layers 2.6s done
+#15 writing image sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69 done
 #15 naming to quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 done
-#15 DONE 3.8s
+#15 DONE 2.6s
 +docker images
 REPOSITORY                            TAG                 IMAGE ID       CREATED              SIZE
-quay.io/noirolabs/openvswitch         6.0.4.4.81c2369     abc733d75b12   4 seconds ago        660MB
-quay.io/noirolabs/openvswitch-base    6.0.4.4.81c2369     60cf24bb0508   About a minute ago   1.31GB
+quay.io/noirolabs/openvswitch         6.0.4.4.81c2369     c85998ec121b   2 seconds ago        660MB
+quay.io/noirolabs/openvswitch-base    6.0.4.4.81c2369     076b30c0055f   About a minute ago   1.31GB
 quay.io/noirolabs/opflex-build-base   6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
 +docker build -t quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-cnideploy .
 #1 [internal] load build definition from Dockerfile-cnideploy
@@ -9502,1601 +9501,1605 @@ quay.io/noirolabs/opflex-build-base   6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi:9.3
-#2 DONE 1.4s
+#2 DONE 0.9s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
 #3 DONE 0.0s
 
+#9 [1/5] FROM registry.access.redhat.com/ubi9/ubi:9.3@sha256:66233eebd72bb5...
+#9 resolve registry.access.redhat.com/ubi9/ubi:9.3@sha256:66233eebd72bb5baa25190d4f55e1dc3fff3a9b77186c1f91a0abdb274452072 0.0s done
+#9 ...
+
 #7 [internal] load build context
 #7 transferring context: 947B 0.0s done
 #7 DONE 0.0s
 
 #9 [1/5] FROM registry.access.redhat.com/ubi9/ubi:9.3@sha256:66233eebd72bb5...
-#9 resolve registry.access.redhat.com/ubi9/ubi:9.3@sha256:66233eebd72bb5baa25190d4f55e1dc3fff3a9b77186c1f91a0abdb274452072 done
 #9 sha256:66233eebd72bb5baa25190d4f55e1dc3fff3a9b77186c1f91a0abdb274452072 1.47kB / 1.47kB done
 #9 sha256:cf3e0e65fe43e74411b5a8240f8eb2e2333cea07cce2ff596323cb9e7184fcf4 429B / 429B done
 #9 sha256:8d2a8803cfca17a81eb9412e1f33ae1c6fe3797553e9b819899dc03f1657cf12 6.43kB / 6.43kB done
 #9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 0B / 78.78MB 0.1s
-#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 38.80MB / 78.78MB 0.5s
-#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 59.77MB / 78.78MB 0.6s
+#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 29.36MB / 78.78MB 0.3s
+#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 51.17MB / 78.78MB 0.4s
+#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 71.30MB / 78.78MB 0.5s
 #9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 78.78MB / 78.78MB 0.7s
-#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 78.78MB / 78.78MB 0.9s done
+#9 sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 78.78MB / 78.78MB 0.8s done
 #9 extracting sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306
-#9 extracting sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 4.6s done
-#9 DONE 5.7s
+#9 extracting sha256:1153e061da4ea9623b0dcdb9e8638b9432d5aa919217cc7c115b5a858f40f306 4.7s done
+#9 DONE 5.6s
 
 #8 [2/5] RUN yum update --disablerepo=* --enablerepo=ubi-9-appstream-rpms -...
-#8 0.433 Updating Subscription Management repositories.
-#8 0.433 Unable to read consumer identity
-#8 0.438 
-#8 0.438 This system is not registered with an entitlement server. You can use subscription-manager to register.
-#8 0.438 
-#8 0.871 Red Hat Universal Base Image 9 (RPMs) - BaseOS  1.3 MB/s | 524 kB     00:00    
-#8 1.277 Red Hat Universal Base Image 9 (RPMs) - AppStre 6.7 MB/s | 2.1 MB     00:00    
-#8 1.814 Dependencies resolved.
-#8 1.823 =======================================================================================================
-#8 1.823  Package                              Arch    Version                       Repository             Size
-#8 1.823 =======================================================================================================
-#8 1.823 Upgrading:
-#8 1.823  acl                                  x86_64  2.3.1-4.el9                   ubi-9-baseos-rpms      75 k
-#8 1.823  audit-libs                           x86_64  3.1.2-2.el9                   ubi-9-baseos-rpms     121 k
-#8 1.823  bash                                 x86_64  5.1.8-9.el9                   ubi-9-baseos-rpms     1.7 M
-#8 1.823  ca-certificates                      noarch  2024.2.69_v8.0.303-91.4.el9_4 ubi-9-baseos-rpms     1.0 M
-#8 1.823  coreutils-single                     x86_64  8.32-35.el9                   ubi-9-baseos-rpms     625 k
-#8 1.823  crypto-policies                      noarch  20240202-1.git283706d.el9     ubi-9-baseos-rpms      88 k
-#8 1.823  crypto-policies-scripts              noarch  20240202-1.git283706d.el9     ubi-9-baseos-rpms      98 k
-#8 1.823  curl-minimal                         x86_64  7.76.1-29.el9_4.1             ubi-9-baseos-rpms     129 k
-#8 1.823  dmidecode                            x86_64  1:3.5-3.el9                   ubi-9-baseos-rpms     101 k
-#8 1.823  dnf                                  noarch  4.14.0-9.el9                  ubi-9-baseos-rpms     486 k
-#8 1.823  dnf-data                             noarch  4.14.0-9.el9                  ubi-9-baseos-rpms      44 k
-#8 1.823  elfutils-default-yama-scope          noarch  0.190-2.el9                   ubi-9-baseos-rpms      12 k
-#8 1.823  elfutils-libelf                      x86_64  0.190-2.el9                   ubi-9-baseos-rpms     196 k
-#8 1.823  elfutils-libs                        x86_64  0.190-2.el9                   ubi-9-baseos-rpms     258 k
-#8 1.823  expat                                x86_64  2.5.0-2.el9_4.1               ubi-9-baseos-rpms     119 k
-#8 1.823  file-libs                            x86_64  5.39-16.el9                   ubi-9-baseos-rpms     593 k
-#8 1.823  gdb-gdbserver                        x86_64  10.2-13.el9                   ubi-9-appstream-rpms  282 k
-#8 1.823  glib2                                x86_64  2.68.4-14.el9_4.1             ubi-9-baseos-rpms     2.6 M
-#8 1.823  glibc                                x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms     2.0 M
-#8 1.823  glibc-common                         x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms     307 k
-#8 1.823  glibc-minimal-langpack               x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms      21 k
-#8 1.823  gnutls                               x86_64  3.8.3-4.el9_4                 ubi-9-baseos-rpms     1.1 M
-#8 1.823  iproute                              x86_64  6.2.0-6.el9_4                 ubi-9-baseos-rpms     819 k
-#8 1.823  krb5-libs                            x86_64  1.21.1-2.el9_4                ubi-9-baseos-rpms     770 k
-#8 1.823  libacl                               x86_64  2.3.1-4.el9                   ubi-9-baseos-rpms      24 k
-#8 1.823  libblkid                             x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     110 k
-#8 1.823  libbpf                               x86_64  2:1.3.0-2.el9                 ubi-9-baseos-rpms     174 k
-#8 1.823  libcom_err                           x86_64  1.46.5-5.el9                  ubi-9-baseos-rpms      28 k
-#8 1.823  libcurl-minimal                      x86_64  7.76.1-29.el9_4.1             ubi-9-baseos-rpms     228 k
-#8 1.823  libdnf                               x86_64  0.69.0-8.el9_4.1              ubi-9-baseos-rpms     664 k
-#8 1.823  libdnf-plugin-subscription-manager   x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms      64 k
-#8 1.823  libevent                             x86_64  2.1.12-8.el9_4                ubi-9-baseos-rpms     266 k
-#8 1.823  libfdisk                             x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     157 k
-#8 1.823  libgcc                               x86_64  11.4.1-3.el9                  ubi-9-baseos-rpms      95 k
-#8 1.823  libgomp                              x86_64  11.4.1-3.el9                  ubi-9-baseos-rpms     270 k
-#8 1.823  libmnl                               x86_64  1.0.4-16.el9_4                ubi-9-baseos-rpms      30 k
-#8 1.823  libmount                             x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     138 k
-#8 1.823  libnghttp2                           x86_64  1.43.0-5.el9_4.3              ubi-9-baseos-rpms      75 k
-#8 1.823  librepo                              x86_64  1.14.5-2.el9                  ubi-9-baseos-rpms      90 k
-#8 1.823  libselinux                           x86_64  3.6-1.el9                     ubi-9-baseos-rpms      88 k
-#8 1.823  libsemanage                          x86_64  3.6-1.el9                     ubi-9-baseos-rpms     121 k
-#8 1.823  libsepol                             x86_64  3.6-1.el9                     ubi-9-baseos-rpms     331 k
-#8 1.823  libsmartcols                         x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms      66 k
-#8 1.823  libstdc++                            x86_64  11.4.1-3.el9                  ubi-9-baseos-rpms     747 k
-#8 1.823  libuuid                              x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms      30 k
-#8 1.823  libxml2                              x86_64  2.9.13-6.el9_4                ubi-9-baseos-rpms     752 k
-#8 1.823  nettle                               x86_64  3.9.1-1.el9                   ubi-9-baseos-rpms     564 k
-#8 1.823  openldap                             x86_64  2.6.6-3.el9                   ubi-9-baseos-rpms     286 k
-#8 1.823  openssl                              x86_64  1:3.0.7-28.el9_4              ubi-9-baseos-rpms     1.2 M
-#8 1.823  openssl-libs                         x86_64  1:3.0.7-28.el9_4              ubi-9-baseos-rpms     1.9 M
-#8 1.823  p11-kit                              x86_64  0.25.3-2.el9                  ubi-9-baseos-rpms     537 k
-#8 1.823  p11-kit-trust                        x86_64  0.25.3-2.el9                  ubi-9-baseos-rpms     145 k
-#8 1.823  pam                                  x86_64  1.5.1-19.el9                  ubi-9-baseos-rpms     631 k
-#8 1.823  pcre2                                x86_64  10.40-5.el9                   ubi-9-baseos-rpms     236 k
-#8 1.823  pcre2-syntax                         noarch  10.40-5.el9                   ubi-9-baseos-rpms     145 k
-#8 1.823  python3                              x86_64  3.9.18-3.el9_4.6              ubi-9-baseos-rpms      29 k
-#8 1.823  python3-cloud-what                   x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms      81 k
-#8 1.823  python3-dnf                          noarch  4.14.0-9.el9                  ubi-9-baseos-rpms     466 k
-#8 1.823  python3-dnf-plugins-core             noarch  4.3.0-13.el9                  ubi-9-baseos-rpms     268 k
-#8 1.823  python3-hawkey                       x86_64  0.69.0-8.el9_4.1              ubi-9-baseos-rpms     106 k
-#8 1.823  python3-idna                         noarch  2.10-7.el9_4.1                ubi-9-baseos-rpms     106 k
-#8 1.823  python3-libdnf                       x86_64  0.69.0-8.el9_4.1              ubi-9-baseos-rpms     783 k
-#8 1.823  python3-librepo                      x86_64  1.14.5-2.el9                  ubi-9-baseos-rpms      50 k
-#8 1.823  python3-libs                         x86_64  3.9.18-3.el9_4.6              ubi-9-baseos-rpms     7.9 M
-#8 1.823  python3-pip-wheel                    noarch  21.2.3-8.el9                  ubi-9-baseos-rpms     1.1 M
-#8 1.823  python3-requests                     noarch  2.25.1-8.el9                  ubi-9-baseos-rpms     129 k
-#8 1.823  python3-rpm                          x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms      69 k
-#8 1.823  python3-setuptools                   noarch  53.0.0-12.el9_4.1             ubi-9-baseos-rpms     947 k
-#8 1.823  python3-setuptools-wheel             noarch  53.0.0-12.el9_4.1             ubi-9-baseos-rpms     469 k
-#8 1.823  python3-subscription-manager-rhsm    x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms     166 k
-#8 1.823  python3-urllib3                      noarch  1.26.5-5.el9_4.1              ubi-9-baseos-rpms     219 k
-#8 1.823  redhat-release                       x86_64  9.4-0.5.el9                   ubi-9-baseos-rpms      46 k
-#8 1.823  rpm                                  x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms     541 k
-#8 1.823  rpm-build-libs                       x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms      90 k
-#8 1.823  rpm-libs                             x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms     310 k
-#8 1.823  rpm-sign-libs                        x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms      22 k
-#8 1.823  setup                                noarch  2.13.7-10.el9                 ubi-9-baseos-rpms     150 k
-#8 1.823  subscription-manager                 x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms     917 k
-#8 1.823  systemd                              x86_64  252-32.el9_4.7                ubi-9-baseos-rpms     4.2 M
-#8 1.823  systemd-libs                         x86_64  252-32.el9_4.7                ubi-9-baseos-rpms     679 k
-#8 1.823  systemd-pam                          x86_64  252-32.el9_4.7                ubi-9-baseos-rpms     282 k
-#8 1.823  systemd-rpm-macros                   noarch  252-32.el9_4.7                ubi-9-baseos-rpms      71 k
-#8 1.823  tar                                  x86_64  2:1.34-6.el9_4.1              ubi-9-baseos-rpms     889 k
-#8 1.823  tzdata                               noarch  2024b-2.el9                   ubi-9-baseos-rpms     841 k
-#8 1.823  util-linux                           x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     2.3 M
-#8 1.823  util-linux-core                      x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     469 k
-#8 1.823  yum                                  noarch  4.14.0-9.el9                  ubi-9-baseos-rpms      93 k
-#8 1.823 Installing dependencies:
-#8 1.823  diffutils                            x86_64  3.7-12.el9                    ubi-9-baseos-rpms     402 k
-#8 1.823  libselinux-utils                     x86_64  3.6-1.el9                     ubi-9-baseos-rpms     194 k
-#8 1.823  openssl-fips-provider                x86_64  3.0.7-2.el9                   ubi-9-baseos-rpms     576 k
-#8 1.823  policycoreutils                      x86_64  3.6-2.1.el9                   ubi-9-baseos-rpms     246 k
-#8 1.823 Installing weak dependencies:
-#8 1.823  glibc-langpack-en                    x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms     659 k
-#8 1.823  libxcrypt-compat                     x86_64  4.4.18-3.el9                  ubi-9-appstream-rpms   91 k
-#8 1.823  rpm-plugin-systemd-inhibit           x86_64  4.16.1.3-29.el9               ubi-9-appstream-rpms   18 k
-#8 1.823 
-#8 1.823 Transaction Summary
-#8 1.823 =======================================================================================================
-#8 1.823 Install   7 Packages
-#8 1.823 Upgrade  87 Packages
-#8 1.823 
-#8 1.828 Total download size: 50 M
-#8 1.830 Downloading Packages:
-#8 2.117 (1/94): libselinux-utils-3.6-1.el9.x86_64.rpm   703 kB/s | 194 kB     00:00    
-#8 2.149 (2/94): glibc-langpack-en-2.34-100.el9_4.4.x86_ 2.1 MB/s | 659 kB     00:00    
-#8 2.156 (3/94): diffutils-3.7-12.el9.x86_64.rpm         1.2 MB/s | 402 kB     00:00    
-#8 2.178 (4/94): policycoreutils-3.6-2.1.el9.x86_64.rpm  8.5 MB/s | 246 kB     00:00    
-#8 2.186 (5/94): openssl-fips-provider-3.0.7-2.el9.x86_6 8.3 MB/s | 576 kB     00:00    
-#8 2.188 (6/94): libxcrypt-compat-4.4.18-3.el9.x86_64.rp 2.8 MB/s |  91 kB     00:00    
-#8 2.201 (7/94): rpm-plugin-systemd-inhibit-4.16.1.3-29. 801 kB/s |  18 kB     00:00    
-#8 2.213 (8/94): acl-2.3.1-4.el9.x86_64.rpm              3.1 MB/s |  75 kB     00:00    
-#8 2.217 (9/94): audit-libs-3.1.2-2.el9.x86_64.rpm       4.2 MB/s | 121 kB     00:00    
-#8 2.258 (10/94): coreutils-single-8.32-35.el9.x86_64.rp  15 MB/s | 625 kB     00:00    
-#8 2.270 (11/94): bash-5.1.8-9.el9.x86_64.rpm             25 MB/s | 1.7 MB     00:00    
-#8 2.280 (12/94): ca-certificates-2024.2.69_v8.0.303-91.  15 MB/s | 1.0 MB     00:00    
-#8 2.283 (13/94): crypto-policies-20240202-1.git283706d. 3.4 MB/s |  88 kB     00:00    
-#8 2.294 (14/94): crypto-policies-scripts-20240202-1.git 4.1 MB/s |  98 kB     00:00    
-#8 2.304 (15/94): curl-minimal-7.76.1-29.el9_4.1.x86_64. 5.3 MB/s | 129 kB     00:00    
-#8 2.308 (16/94): dmidecode-3.5-3.el9.x86_64.rpm         4.1 MB/s | 101 kB     00:00    
-#8 2.322 (17/94): dnf-4.14.0-9.el9.noarch.rpm             17 MB/s | 486 kB     00:00    
-#8 2.331 (18/94): dnf-data-4.14.0-9.el9.noarch.rpm       1.8 MB/s |  44 kB     00:00    
-#8 2.333 (19/94): elfutils-default-yama-scope-0.190-2.el 511 kB/s |  12 kB     00:00    
-#8 2.346 (20/94): elfutils-libelf-0.190-2.el9.x86_64.rpm 8.2 MB/s | 196 kB     00:00    
-#8 2.355 (21/94): elfutils-libs-0.190-2.el9.x86_64.rpm   9.6 MB/s | 258 kB     00:00    
-#8 2.359 (22/94): expat-2.5.0-2.el9_4.1.x86_64.rpm       4.5 MB/s | 119 kB     00:00    
-#8 2.375 (23/94): file-libs-5.39-16.el9.x86_64.rpm        20 MB/s | 593 kB     00:00    
-#8 2.401 (24/94): glibc-common-2.34-100.el9_4.4.x86_64.r  12 MB/s | 307 kB     00:00    
-#8 2.422 (25/94): glib2-2.68.4-14.el9_4.1.x86_64.rpm      40 MB/s | 2.6 MB     00:00    
-#8 2.427 (26/94): glibc-minimal-langpack-2.34-100.el9_4. 824 kB/s |  21 kB     00:00    
-#8 2.443 (27/94): glibc-2.34-100.el9_4.4.x86_64.rpm       24 MB/s | 2.0 MB     00:00    
-#8 2.458 (28/94): gnutls-3.8.3-4.el9_4.x86_64.rpm         31 MB/s | 1.1 MB     00:00    
-#8 2.467 (29/94): iproute-6.2.0-6.el9_4.x86_64.rpm        20 MB/s | 819 kB     00:00    
-#8 2.478 (30/94): krb5-libs-1.21.1-2.el9_4.x86_64.rpm     23 MB/s | 770 kB     00:00    
-#8 2.481 (31/94): libacl-2.3.1-4.el9.x86_64.rpm          1.1 MB/s |  24 kB     00:00    
-#8 2.493 (32/94): libblkid-2.37.4-18.el9.x86_64.rpm      4.3 MB/s | 110 kB     00:00    
-#8 2.502 (33/94): libbpf-1.3.0-2.el9.x86_64.rpm          7.0 MB/s | 174 kB     00:00    
-#8 2.505 (34/94): libcom_err-1.46.5-5.el9.x86_64.rpm     1.2 MB/s |  28 kB     00:00    
-#8 2.517 (35/94): libcurl-minimal-7.76.1-29.el9_4.1.x86_ 9.3 MB/s | 228 kB     00:00    
-#8 2.529 (36/94): libdnf-plugin-subscription-manager-1.2 2.7 MB/s |  64 kB     00:00    
-#8 2.544 (37/94): libdnf-0.69.0-8.el9_4.1.x86_64.rpm      16 MB/s | 664 kB     00:00    
-#8 2.549 (38/94): libevent-2.1.12-8.el9_4.x86_64.rpm     8.3 MB/s | 266 kB     00:00    
-#8 2.553 (39/94): libfdisk-2.37.4-18.el9.x86_64.rpm      6.3 MB/s | 157 kB     00:00    
-#8 2.570 (40/94): libgcc-11.4.1-3.el9.x86_64.rpm         3.6 MB/s |  95 kB     00:00    
-#8 2.576 (41/94): libgomp-11.4.1-3.el9.x86_64.rpm         10 MB/s | 270 kB     00:00    
-#8 2.579 (42/94): libmnl-1.0.4-16.el9_4.x86_64.rpm       1.2 MB/s |  30 kB     00:00    
-#8 2.595 (43/94): libmount-2.37.4-18.el9.x86_64.rpm      5.6 MB/s | 138 kB     00:00    
-#8 2.599 (44/94): libnghttp2-1.43.0-5.el9_4.3.x86_64.rpm 3.3 MB/s |  75 kB     00:00    
-#8 2.602 (45/94): librepo-1.14.5-2.el9.x86_64.rpm        3.7 MB/s |  90 kB     00:00    
-#8 2.620 (46/94): libselinux-3.6-1.el9.x86_64.rpm        3.6 MB/s |  88 kB     00:00    
-#8 2.624 (47/94): libsemanage-3.6-1.el9.x86_64.rpm       4.9 MB/s | 121 kB     00:00    
-#8 2.630 (48/94): libsepol-3.6-1.el9.x86_64.rpm           12 MB/s | 331 kB     00:00    
-#8 2.645 (49/94): libsmartcols-2.37.4-18.el9.x86_64.rpm  2.6 MB/s |  66 kB     00:00    
-#8 2.656 (50/94): libstdc++-11.4.1-3.el9.x86_64.rpm       23 MB/s | 747 kB     00:00    
-#8 2.659 (51/94): libuuid-2.37.4-18.el9.x86_64.rpm       1.0 MB/s |  30 kB     00:00    
-#8 2.677 (52/94): libxml2-2.9.13-6.el9_4.x86_64.rpm       23 MB/s | 752 kB     00:00    
-#8 2.687 (53/94): nettle-3.9.1-1.el9.x86_64.rpm           18 MB/s | 564 kB     00:00    
-#8 2.691 (54/94): openldap-2.6.6-3.el9.x86_64.rpm        8.9 MB/s | 286 kB     00:00    
-#8 2.716 (55/94): openssl-3.0.7-28.el9_4.x86_64.rpm       33 MB/s | 1.2 MB     00:00    
-#8 2.726 (56/94): p11-kit-0.25.3-2.el9.x86_64.rpm         15 MB/s | 537 kB     00:00    
-#8 2.743 (57/94): openssl-libs-3.0.7-28.el9_4.x86_64.rpm  34 MB/s | 1.9 MB     00:00    
-#8 2.751 (58/94): p11-kit-trust-0.25.3-2.el9.x86_64.rpm  4.2 MB/s | 145 kB     00:00    
-#8 2.763 (59/94): pam-1.5.1-19.el9.x86_64.rpm             17 MB/s | 631 kB     00:00    
-#8 2.768 (60/94): pcre2-10.40-5.el9.x86_64.rpm           9.6 MB/s | 236 kB     00:00    
-#8 2.777 (61/94): pcre2-syntax-10.40-5.el9.noarch.rpm    5.9 MB/s | 145 kB     00:00    
-#8 2.786 (62/94): python3-3.9.18-3.el9_4.6.x86_64.rpm    1.3 MB/s |  29 kB     00:00    
-#8 2.792 (63/94): python3-cloud-what-1.29.40-1.el9.x86_6 3.4 MB/s |  81 kB     00:00    
-#8 2.805 (64/94): python3-dnf-4.14.0-9.el9.noarch.rpm     17 MB/s | 466 kB     00:00    
-#8 2.811 (65/94): python3-dnf-plugins-core-4.3.0-13.el9.  11 MB/s | 268 kB     00:00    
-#8 2.815 (66/94): python3-hawkey-0.69.0-8.el9_4.1.x86_64 4.5 MB/s | 106 kB     00:00    
-#8 2.830 (67/94): python3-idna-2.10-7.el9_4.1.noarch.rpm 4.3 MB/s | 106 kB     00:00    
-#8 2.838 (68/94): python3-librepo-1.14.5-2.el9.x86_64.rp 2.2 MB/s |  50 kB     00:00    
-#8 2.846 (69/94): python3-libdnf-0.69.0-8.el9_4.1.x86_64  23 MB/s | 783 kB     00:00    
-#8 2.871 (70/94): python3-requests-2.25.1-8.el9.noarch.r 5.2 MB/s | 129 kB     00:00    
-#8 2.882 (71/94): python3-pip-wheel-21.2.3-8.el9.noarch.  26 MB/s | 1.1 MB     00:00    
-#8 2.895 (72/94): python3-rpm-4.16.1.3-29.el9.x86_64.rpm 2.9 MB/s |  69 kB     00:00    
-#8 2.918 (73/94): python3-setuptools-53.0.0-12.el9_4.1.n  27 MB/s | 947 kB     00:00    
-#8 2.926 (74/94): python3-setuptools-wheel-53.0.0-12.el9  15 MB/s | 469 kB     00:00    
-#8 2.974 (75/94): python3-libs-3.9.18-3.el9_4.6.x86_64.r  55 MB/s | 7.9 MB     00:00    
-#8 2.982 (76/94): python3-subscription-manager-rhsm-1.29 2.6 MB/s | 166 kB     00:00    
-#8 2.986 (77/94): python3-urllib3-1.26.5-5.el9_4.1.noarc 3.6 MB/s | 219 kB     00:00    
-#8 2.997 (78/94): redhat-release-9.4-0.5.el9.x86_64.rpm  2.0 MB/s |  46 kB     00:00    
-#8 3.011 (79/94): rpm-4.16.1.3-29.el9.x86_64.rpm          19 MB/s | 541 kB     00:00    
-#8 3.014 (80/94): rpm-build-libs-4.16.1.3-29.el9.x86_64. 3.2 MB/s |  90 kB     00:00    
-#8 3.024 (81/94): rpm-libs-4.16.1.3-29.el9.x86_64.rpm     12 MB/s | 310 kB     00:00    
-#8 3.033 (82/94): rpm-sign-libs-4.16.1.3-29.el9.x86_64.r 1.0 MB/s |  22 kB     00:00    
-#8 3.038 (83/94): setup-2.13.7-10.el9.noarch.rpm         6.2 MB/s | 150 kB     00:00    
-#8 3.059 (84/94): subscription-manager-1.29.40-1.el9.x86  26 MB/s | 917 kB     00:00    
-#8 3.072 (85/94): systemd-libs-252-32.el9_4.7.x86_64.rpm  20 MB/s | 679 kB     00:00    
-#8 3.086 (86/94): systemd-pam-252-32.el9_4.7.x86_64.rpm   10 MB/s | 282 kB     00:00    
-#8 3.101 (87/94): systemd-rpm-macros-252-32.el9_4.7.noar 2.6 MB/s |  71 kB     00:00    
-#8 3.124 (88/94): systemd-252-32.el9_4.7.x86_64.rpm       46 MB/s | 4.2 MB     00:00    
-#8 3.138 (89/94): tzdata-2024b-2.el9.noarch.rpm           22 MB/s | 841 kB     00:00    
-#8 3.149 (90/94): tar-1.34-6.el9_4.1.x86_64.rpm           14 MB/s | 889 kB     00:00    
-#8 3.171 (91/94): util-linux-2.37.4-18.el9.x86_64.rpm     51 MB/s | 2.3 MB     00:00    
-#8 3.175 (92/94): yum-4.14.0-9.el9.noarch.rpm            3.5 MB/s |  93 kB     00:00    
-#8 3.181 (93/94): util-linux-core-2.37.4-18.el9.x86_64.r  11 MB/s | 469 kB     00:00    
-#8 3.196 (94/94): gdb-gdbserver-10.2-13.el9.x86_64.rpm    11 MB/s | 282 kB     00:00    
-#8 3.205 --------------------------------------------------------------------------------
-#8 3.206 Total                                            36 MB/s |  50 MB     00:01     
-#8 4.737 Running transaction check
-#8 4.943 Transaction check succeeded.
-#8 4.943 Running transaction test
-#8 5.605 Transaction test succeeded.
-#8 5.605 Running transaction
-#8 6.849   Preparing        :                                                        1/1 
-#8 6.910   Upgrading        : libgcc-11.4.1-3.el9.x86_64                           1/181 
-#8 6.917   Running scriptlet: libgcc-11.4.1-3.el9.x86_64                           1/181 
-#8 6.947   Upgrading        : crypto-policies-20240202-1.git283706d.el9.noarch     2/181 
-#8 6.953   Running scriptlet: crypto-policies-20240202-1.git283706d.el9.noarch     2/181 
-#8 7.097   Upgrading        : tzdata-2024b-2.el9.noarch                            3/181 
-#8 7.146   Upgrading        : bash-5.1.8-9.el9.x86_64                              4/181 
-#8 7.154   Running scriptlet: bash-5.1.8-9.el9.x86_64                              4/181 
-#8 7.168   Upgrading        : glibc-common-2.34-100.el9_4.4.x86_64                 5/181 
-#8 7.176   Upgrading        : glibc-minimal-langpack-2.34-100.el9_4.4.x86_64       6/181 
-#8 7.179   Running scriptlet: glibc-2.34-100.el9_4.4.x86_64                        7/181 
-#8 7.230   Upgrading        : glibc-2.34-100.el9_4.4.x86_64                        7/181 
-#8 7.238   Running scriptlet: glibc-2.34-100.el9_4.4.x86_64                        7/181 
-#8 7.330   Installing       : glibc-langpack-en-2.34-100.el9_4.4.x86_64            8/181 
-#8 7.344   Upgrading        : audit-libs-3.1.2-2.el9.x86_64                        9/181 
-#8 7.350   Upgrading        : libacl-2.3.1-4.el9.x86_64                           10/181 
-#8 7.355   Upgrading        : libuuid-2.37.4-18.el9.x86_64                        11/181 
-#8 7.373   Upgrading        : p11-kit-0.25.3-2.el9.x86_64                         12/181 
-#8 7.384   Upgrading        : elfutils-libelf-0.190-2.el9.x86_64                  13/181 
-#8 7.395   Upgrading        : libsepol-3.6-1.el9.x86_64                           14/181 
-#8 7.401   Upgrading        : libsmartcols-2.37.4-18.el9.x86_64                   15/181 
-#8 7.428   Upgrading        : libstdc++-11.4.1-3.el9.x86_64                       16/181 
-#8 7.444   Upgrading        : p11-kit-trust-0.25.3-2.el9.x86_64                   17/181 
-#8 7.449   Running scriptlet: p11-kit-trust-0.25.3-2.el9.x86_64                   17/181 
-#8 7.462   Upgrading        : dmidecode-1:3.5-3.el9.x86_64                        18/181 
-#8 7.469   Upgrading        : libcom_err-1.46.5-5.el9.x86_64                      19/181 
-#8 7.476   Upgrading        : libbpf-2:1.3.0-2.el9.x86_64                         20/181 
-#8 7.483   Upgrading        : acl-2.3.1-4.el9.x86_64                              21/181 
-#8 7.496   Installing       : diffutils-3.7-12.el9.x86_64                         22/181 
-#8 7.504   Installing       : libxcrypt-compat-4.4.18-3.el9.x86_64                23/181 
-#8 7.512   Upgrading        : expat-2.5.0-2.el9_4.1.x86_64                        24/181 
-#8 7.552   Upgrading        : file-libs-5.39-16.el9.x86_64                        25/181 
-#8 7.567   Upgrading        : libgomp-11.4.1-3.el9.x86_64                         26/181 
-#8 7.573   Upgrading        : libmnl-1.0.4-16.el9_4.x86_64                        27/181 
-#8 7.580   Upgrading        : libnghttp2-1.43.0-5.el9_4.3.x86_64                  28/181 
-#8 7.598   Upgrading        : libxml2-2.9.13-6.el9_4.x86_64                       29/181 
-#8 7.612   Upgrading        : nettle-3.9.1-1.el9.x86_64                           30/181 
-#8 7.636   Upgrading        : gnutls-3.8.3-4.el9_4.x86_64                         31/181 
-#8 7.644   Upgrading        : systemd-rpm-macros-252-32.el9_4.7.noarch            32/181 
-#8 7.658   Upgrading        : redhat-release-9.4-0.5.el9.x86_64                   33/181 
-#8 7.670   Upgrading        : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc    34/181 
-#8 7.677   Upgrading        : pcre2-syntax-10.40-5.el9.noarch                     35/181 
-#8 7.686   Upgrading        : pcre2-10.40-5.el9.x86_64                            36/181 
-#8 7.693   Upgrading        : libselinux-3.6-1.el9.x86_64                         37/181 
-#8 7.718   Upgrading        : coreutils-single-8.32-35.el9.x86_64                 38/181 
-#8 7.728   Upgrading        : libblkid-2.37.4-18.el9.x86_64                       39/181 
-#8 7.733   Running scriptlet: libblkid-2.37.4-18.el9.x86_64                       39/181 
-#8 7.746   Upgrading        : libmount-2.37.4-18.el9.x86_64                       40/181 
-#8 7.800   Upgrading        : glib2-2.68.4-14.el9_4.1.x86_64                      41/181 
-#8 7.817   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    42/181 
-#8 7.844   Upgrading        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    42/181 
-#8 7.853   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    42/181 
-#8 8.844   Upgrading        : libfdisk-2.37.4-18.el9.x86_64                       43/181 
-#8 8.862   Installing       : libselinux-utils-3.6-1.el9.x86_64                   44/181 
-#8 8.876   Upgrading        : python3-pip-wheel-21.2.3-8.el9.noarch               45/181 
-#8 8.888   Installing       : openssl-fips-provider-3.0.7-2.el9.x86_64            46/181 
-#8 8.928   Upgrading        : openssl-libs-1:3.0.7-28.el9_4.x86_64                47/181 
-#8 8.937   Upgrading        : python3-3.9.18-3.el9_4.6.x86_64                     48/181 
-#8 9.329   Upgrading        : python3-libs-3.9.18-3.el9_4.6.x86_64                49/181 
-#8 9.369   Upgrading        : systemd-libs-252-32.el9_4.7.x86_64                  50/181 
-#8 9.445   Running scriptlet: systemd-libs-252-32.el9_4.7.x86_64                  50/181 
-#8 9.472   Upgrading        : python3-idna-2.10-7.el9_4.1.noarch                  51/181 
-#8 9.610   Upgrading        : python3-urllib3-1.26.5-5.el9_4.1.noarch             52/181 
-#8 9.659   Upgrading        : python3-requests-2.25.1-8.el9.noarch                53/181 
-#8 9.719   Upgrading        : python3-cloud-what-1.29.40-1.el9.x86_64             54/181 
-#8 9.903   Upgrading        : util-linux-core-2.37.4-18.el9.x86_64                55/181 
-#8 10.01   Running scriptlet: util-linux-core-2.37.4-18.el9.x86_64                55/181 
-#8 10.09   Upgrading        : python3-setuptools-53.0.0-12.el9_4.1.noarch         56/181 
-#8 10.12   Upgrading        : krb5-libs-1.21.1-2.el9_4.x86_64                     57/181 
-#8 10.14   Upgrading        : libcurl-minimal-7.76.1-29.el9_4.1.x86_64            58/181 
-#8 10.14   Upgrading        : librepo-1.14.5-2.el9.x86_64                         59/181 
-#8 10.15   Upgrading        : python3-librepo-1.14.5-2.el9.x86_64                 60/181 
-#8 10.16   Upgrading        : curl-minimal-7.76.1-29.el9_4.1.x86_64               61/181 
-#8 10.19   Upgrading        : rpm-4.16.1.3-29.el9.x86_64                          62/181 
-#8 10.20   Upgrading        : rpm-libs-4.16.1.3-29.el9.x86_64                     63/181 
-#8 10.22   Upgrading        : libdnf-0.69.0-8.el9_4.1.x86_64                      64/181 
-#8 10.25   Upgrading        : python3-libdnf-0.69.0-8.el9_4.1.x86_64              65/181 
-#8 10.27   Upgrading        : python3-hawkey-0.69.0-8.el9_4.1.x86_64              66/181 
-#8 10.27   Upgrading        : libdnf-plugin-subscription-manager-1.29.40-1.el9    67/181 
-#8 10.28   Installing       : rpm-plugin-systemd-inhibit-4.16.1.3-29.el9.x86_6    68/181 
-#8 10.28   Upgrading        : rpm-sign-libs-4.16.1.3-29.el9.x86_64                69/181 
-#8 10.30   Upgrading        : libevent-2.1.12-8.el9_4.x86_64                      70/181 
-#8 10.33   Upgrading        : openssl-1:3.0.7-28.el9_4.x86_64                     71/181 
-#8 10.44   Upgrading        : pam-1.5.1-19.el9.x86_64                             72/181 
-#8 10.53   Upgrading        : util-linux-2.37.4-18.el9.x86_64                     73/181 
-#8 10.58   Upgrading        : iproute-6.2.0-6.el9_4.x86_64                        74/181 
-#8 10.59   Upgrading        : libsemanage-3.6-1.el9.x86_64                        75/181 
-#8 10.61   Installing       : policycoreutils-3.6-2.1.el9.x86_64                  76/181 
-#8 10.62   Running scriptlet: policycoreutils-3.6-2.1.el9.x86_64                  76/181 
-#8 10.63 Created symlink /etc/systemd/system/sysinit.target.wants/selinux-autorelabel-mark.service → /usr/lib/systemd/system/selinux-autorelabel-mark.service.
-#8 10.63 
-#8 10.65   Upgrading        : systemd-pam-252-32.el9_4.7.x86_64                   77/181 
-#8 10.66   Running scriptlet: systemd-252-32.el9_4.7.x86_64                       78/181 
-#8 10.82   Upgrading        : systemd-252-32.el9_4.7.x86_64                       78/181 
-#8 10.84   Running scriptlet: systemd-252-32.el9_4.7.x86_64                       78/181 
-#8 10.87   Upgrading        : elfutils-default-yama-scope-0.190-2.el9.noarch      79/181 
-#8 10.87   Running scriptlet: elfutils-default-yama-scope-0.190-2.el9.noarch      79/181 
-#8 10.88   Upgrading        : elfutils-libs-0.190-2.el9.x86_64                    80/181 
-#8 10.90   Upgrading        : rpm-build-libs-4.16.1.3-29.el9.x86_64               81/181 
-#8 10.92   Upgrading        : python3-rpm-4.16.1.3-29.el9.x86_64                  82/181 
-#8 11.01   Upgrading        : python3-subscription-manager-rhsm-1.29.40-1.el9.    83/181 
-#8 11.05   Upgrading        : dnf-data-4.14.0-9.el9.noarch                        84/181 
-#8 11.09   Upgrading        : python3-dnf-4.14.0-9.el9.noarch                     85/181 
-#8 11.10   Upgrading        : dnf-4.14.0-9.el9.noarch                             86/181 
-#8 11.11   Running scriptlet: dnf-4.14.0-9.el9.noarch                             86/181 
-#8 11.13   Upgrading        : python3-dnf-plugins-core-4.3.0-13.el9.noarch        87/181 
-#8 11.14   Running scriptlet: subscription-manager-1.29.40-1.el9.x86_64           88/181 
-#8 11.21   Upgrading        : subscription-manager-1.29.40-1.el9.x86_64           88/181 
-#8 11.22   Running scriptlet: subscription-manager-1.29.40-1.el9.x86_64           88/181 
-#8 11.24   Upgrading        : yum-4.14.0-9.el9.noarch                             89/181 
-#8 11.26   Upgrading        : openldap-2.6.6-3.el9.x86_64                         90/181 
-#8 11.27   Upgrading        : crypto-policies-scripts-20240202-1.git283706d.el    91/181 
-#8 11.29   Upgrading        : tar-2:1.34-6.el9_4.1.x86_64                         92/181 
-#8 11.32   Upgrading        : setup-2.13.7-10.el9.noarch                          93/181 
-#8 11.32 warning: /etc/shadow created as /etc/shadow.rpmnew
-#8 11.32 
-#8 11.33   Running scriptlet: setup-2.13.7-10.el9.noarch                          93/181 
-#8 11.34   Upgrading        : gdb-gdbserver-10.2-13.el9.x86_64                    94/181 
-#8 11.34   Cleanup          : crypto-policies-scripts-20230731-1.git94f0e2c.el    95/181 
-#8 11.35   Cleanup          : gdb-gdbserver-10.2-11.1.el9_3.x86_64                96/181 
-#8 11.36   Running scriptlet: subscription-manager-1.29.38-1.el9_3.x86_64         97/181 
-#8 11.37   Cleanup          : subscription-manager-1.29.38-1.el9_3.x86_64         97/181 
-#8 11.37   Running scriptlet: subscription-manager-1.29.38-1.el9_3.x86_64         97/181 
-#8 11.39   Cleanup          : iproute-6.2.0-5.el9.x86_64                          98/181 
-#8 11.40   Cleanup          : libbpf-2:1.2.0-1.el9.x86_64                         99/181 
-#8 11.41   Cleanup          : libsemanage-3.5-2.el9.x86_64                       100/181 
-#8 11.41   Cleanup          : tar-2:1.34-6.el9_1.x86_64                          101/181 
-#8 11.42   Cleanup          : openldap-2.6.3-1.el9.x86_64                        102/181 
-#8 11.43   Cleanup          : python3-dnf-plugins-core-4.3.0-11.el9_3.noarch     103/181 
-#8 11.44   Cleanup          : python3-setuptools-53.0.0-12.el9.noarch            104/181 
-#8 11.45   Cleanup          : yum-4.14.0-8.el9.noarch                            105/181 
-#8 11.45   Running scriptlet: dnf-4.14.0-8.el9.noarch                            106/181 
-#8 11.47   Cleanup          : dnf-4.14.0-8.el9.noarch                            106/181 
-#8 11.47   Running scriptlet: dnf-4.14.0-8.el9.noarch                            106/181 
-#8 11.49   Cleanup          : python3-dnf-4.14.0-8.el9.noarch                    107/181 
-#8 11.49   Cleanup          : setup-2.13.7-9.el9.noarch                          108/181 
-#8 11.50   Cleanup          : libevent-2.1.12-6.el9.x86_64                       109/181 
-#8 11.51   Cleanup          : python3-hawkey-0.69.0-6.el9_3.x86_64               110/181 
-#8 11.51   Cleanup          : python3-libdnf-0.69.0-6.el9_3.x86_64               111/181 
-#8 11.52   Cleanup          : python3-librepo-1.14.5-1.el9.x86_64                112/181 
-#8 11.53   Cleanup          : libdnf-plugin-subscription-manager-1.29.38-1.el9   113/181 
-#8 11.53   Cleanup          : libdnf-0.69.0-6.el9_3.x86_64                       114/181 
-#8 11.54   Cleanup          : libstdc++-11.4.1-2.1.el9.x86_64                    115/181 
-#8 11.54   Cleanup          : librepo-1.14.5-1.el9.x86_64                        116/181 
-#8 11.55   Cleanup          : glib2-2.68.4-11.el9.x86_64                         117/181 
-#8 11.57   Cleanup          : gnutls-3.7.6-23.el9_3.3.x86_64                     118/181 
-#8 11.57   Cleanup          : libxml2-2.9.13-5.el9_3.x86_64                      119/181 
-#8 11.58   Cleanup          : python3-subscription-manager-rhsm-1.29.38-1.el9_   120/181 
-#8 11.59   Cleanup          : python3-rpm-4.16.1.3-27.el9_3.x86_64               121/181 
-#8 11.59   Cleanup          : rpm-build-libs-4.16.1.3-27.el9_3.x86_64            122/181 
-#8 11.60   Cleanup          : elfutils-libs-0.189-3.el9.x86_64                   123/181 
-#8 11.60   Cleanup          : rpm-sign-libs-4.16.1.3-27.el9_3.x86_64             124/181 
-#8 11.61   Cleanup          : rpm-4.16.1.3-27.el9_3.x86_64                       125/181 
-#8 11.62   Cleanup          : rpm-libs-4.16.1.3-27.el9_3.x86_64                  126/181 
-#8 11.62   Cleanup          : file-libs-5.39-14.el9.x86_64                       127/181 
-#8 11.63   Cleanup          : curl-minimal-7.76.1-26.el9_3.3.x86_64              128/181 
-#8 11.63   Cleanup          : libcurl-minimal-7.76.1-26.el9_3.3.x86_64           129/181 
-#8 11.64   Cleanup          : krb5-libs-1.21.1-1.el9.x86_64                      130/181 
-#8 11.65   Cleanup          : libgomp-11.4.1-2.1.el9.x86_64                      131/181 
-#8 11.65   Cleanup          : elfutils-libelf-0.189-3.el9.x86_64                 132/181 
-#8 11.66   Cleanup          : libcom_err-1.46.5-3.el9.x86_64                     133/181 
-#8 11.67   Cleanup          : nettle-3.8-3.el9_0.x86_64                          134/181 
-#8 11.68   Cleanup          : libnghttp2-1.43.0-5.el9_3.1.x86_64                 135/181 
-#8 11.68   Cleanup          : libmnl-1.0.4-15.el9.x86_64                         136/181 
-#8 11.69   Cleanup          : python3-cloud-what-1.29.38-1.el9_3.x86_64          137/181 
-#8 11.69   Cleanup          : python3-requests-2.25.1-7.el9_2.noarch             138/181 
-#8 11.70   Cleanup          : python3-urllib3-1.26.5-3.el9_3.1.noarch            139/181 
-#8 11.71   Cleanup          : elfutils-default-yama-scope-0.189-3.el9.noarch     140/181 
-#8 11.71   Cleanup          : python3-idna-2.10-7.el9.noarch                     141/181 
-#8 11.72   Cleanup          : redhat-release-9.3-0.5.el9.x86_64                  142/181 
-#8 11.72   Cleanup          : dnf-data-4.14.0-8.el9.noarch                       143/181 
-#8 11.73   Cleanup          : systemd-252-18.el9.x86_64                          144/181 
-#8 11.73   Running scriptlet: systemd-252-18.el9.x86_64                          144/181 
-#8 11.79   Cleanup          : util-linux-2.37.4-15.el9.x86_64                    145/181 
-#8 11.81   Cleanup          : util-linux-core-2.37.4-15.el9.x86_64               146/181 
-#8 11.82   Cleanup          : systemd-libs-252-18.el9.x86_64                     147/181 
-#8 11.82   Cleanup          : systemd-pam-252-18.el9.x86_64                      148/181 
-#8 11.83   Cleanup          : pam-1.5.1-15.el9.x86_64                            149/181 
-#8 11.84   Cleanup          : libmount-2.37.4-15.el9.x86_64                      150/181 
-#8 11.85   Cleanup          : libfdisk-2.37.4-15.el9.x86_64                      151/181 
-#8 11.86   Cleanup          : openssl-1:3.0.7-25.el9_3.x86_64                    152/181 
-#8 11.86   Cleanup          : libblkid-2.37.4-15.el9.x86_64                      153/181 
-#8 11.87   Cleanup          : audit-libs-3.0.7-104.el9.x86_64                    154/181 
-#8 11.87   Cleanup          : acl-2.3.1-3.el9.x86_64                             155/181 
-#8 11.88   Cleanup          : dmidecode-1:3.5-1.el9.x86_64                       156/181 
-#8 11.88   Cleanup          : libsmartcols-2.37.4-15.el9.x86_64                  157/181 
-#8 11.90   Cleanup          : python3-libs-3.9.18-1.el9_3.1.x86_64               158/181 
-#8 11.92   Cleanup          : python3-3.9.18-1.el9_3.1.x86_64                    159/181 
-#8 11.93   Cleanup          : python3-pip-wheel-21.2.3-7.el9_3.1.noarch          160/181 
-#8 11.93   Cleanup          : systemd-rpm-macros-252-18.el9.noarch               161/181 
-#8 11.94   Cleanup          : python3-setuptools-wheel-53.0.0-12.el9.noarch      162/181 
-#8 11.94   Cleanup          : openssl-libs-1:3.0.7-25.el9_3.x86_64               163/181 
-#8 11.95   Cleanup          : libuuid-2.37.4-15.el9.x86_64                       164/181 
-#8 11.95   Cleanup          : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no   165/181 
-#8 11.96   Cleanup          : coreutils-single-8.32-34.el9.x86_64                166/181 
-#8 11.96   Cleanup          : p11-kit-trust-0.24.1-2.el9.x86_64                  167/181 
-#8 11.97   Running scriptlet: p11-kit-trust-0.24.1-2.el9.x86_64                  167/181 
-#8 11.98   Cleanup          : libselinux-3.5-1.el9.x86_64                        168/181 
-#8 11.98   Cleanup          : p11-kit-0.24.1-2.el9.x86_64                        169/181 
-#8 11.99   Cleanup          : libsepol-3.5-1.el9.x86_64                          170/181 
-#8 12.00   Cleanup          : expat-2.5.0-1.el9.x86_64                           171/181 
-#8 12.01   Cleanup          : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no   172/181 
-#8 12.02   Cleanup          : pcre2-10.40-2.el9.x86_64                           173/181 
-#8 12.02   Cleanup          : libacl-2.3.1-3.el9.x86_64                          174/181 
-#8 12.03   Cleanup          : pcre2-syntax-10.40-2.el9.noarch                    175/181 
-#8 12.03   Cleanup          : bash-5.1.8-6.el9_1.x86_64                          176/181 
-#8 12.03   Running scriptlet: bash-5.1.8-6.el9_1.x86_64                          176/181 
-#8 12.04   Cleanup          : glibc-2.34-83.el9_3.12.x86_64                      177/181 
-#8 12.05   Cleanup          : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64     178/181 
-#8 12.05   Cleanup          : glibc-common-2.34-83.el9_3.12.x86_64               179/181 
-#8 12.07   Cleanup          : tzdata-2023d-1.el9.noarch                          180/181 
-#8 12.08   Cleanup          : libgcc-11.4.1-2.1.el9.x86_64                       181/181 
-#8 12.08   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       181/181 
-#8 12.09   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no   181/181 
-#8 13.11   Running scriptlet: rpm-4.16.1.3-29.el9.x86_64                         181/181 
-#8 13.12   Running scriptlet: subscription-manager-1.29.40-1.el9.x86_64          181/181 
-#8 13.13   Running scriptlet: crypto-policies-scripts-20240202-1.git283706d.el   181/181 
-#8 13.28   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       181/181 
-#8 13.86   Verifying        : diffutils-3.7-12.el9.x86_64                          1/181 
-#8 13.86   Verifying        : glibc-langpack-en-2.34-100.el9_4.4.x86_64            2/181 
-#8 13.86   Verifying        : libselinux-utils-3.6-1.el9.x86_64                    3/181 
-#8 13.86   Verifying        : openssl-fips-provider-3.0.7-2.el9.x86_64             4/181 
-#8 13.86   Verifying        : policycoreutils-3.6-2.1.el9.x86_64                   5/181 
-#8 13.86   Verifying        : libxcrypt-compat-4.4.18-3.el9.x86_64                 6/181 
-#8 13.86   Verifying        : rpm-plugin-systemd-inhibit-4.16.1.3-29.el9.x86_6     7/181 
-#8 13.86   Verifying        : acl-2.3.1-4.el9.x86_64                               8/181 
-#8 13.86   Verifying        : acl-2.3.1-3.el9.x86_64                               9/181 
-#8 13.86   Verifying        : audit-libs-3.1.2-2.el9.x86_64                       10/181 
-#8 13.86   Verifying        : audit-libs-3.0.7-104.el9.x86_64                     11/181 
-#8 13.86   Verifying        : bash-5.1.8-9.el9.x86_64                             12/181 
-#8 13.86   Verifying        : bash-5.1.8-6.el9_1.x86_64                           13/181 
-#8 13.86   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    14/181 
-#8 13.86   Verifying        : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no    15/181 
-#8 13.86   Verifying        : coreutils-single-8.32-35.el9.x86_64                 16/181 
-#8 13.86   Verifying        : coreutils-single-8.32-34.el9.x86_64                 17/181 
-#8 13.86   Verifying        : crypto-policies-20240202-1.git283706d.el9.noarch    18/181 
-#8 13.86   Verifying        : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no    19/181 
-#8 13.86   Verifying        : crypto-policies-scripts-20240202-1.git283706d.el    20/181 
-#8 13.86   Verifying        : crypto-policies-scripts-20230731-1.git94f0e2c.el    21/181 
-#8 13.86   Verifying        : curl-minimal-7.76.1-29.el9_4.1.x86_64               22/181 
-#8 13.86   Verifying        : curl-minimal-7.76.1-26.el9_3.3.x86_64               23/181 
-#8 13.86   Verifying        : dmidecode-1:3.5-3.el9.x86_64                        24/181 
-#8 13.86   Verifying        : dmidecode-1:3.5-1.el9.x86_64                        25/181 
-#8 13.86   Verifying        : dnf-4.14.0-9.el9.noarch                             26/181 
-#8 13.86   Verifying        : dnf-4.14.0-8.el9.noarch                             27/181 
-#8 13.86   Verifying        : dnf-data-4.14.0-9.el9.noarch                        28/181 
-#8 13.86   Verifying        : dnf-data-4.14.0-8.el9.noarch                        29/181 
-#8 13.86   Verifying        : elfutils-default-yama-scope-0.190-2.el9.noarch      30/181 
-#8 13.86   Verifying        : elfutils-default-yama-scope-0.189-3.el9.noarch      31/181 
-#8 13.87   Verifying        : elfutils-libelf-0.190-2.el9.x86_64                  32/181 
-#8 13.87   Verifying        : elfutils-libelf-0.189-3.el9.x86_64                  33/181 
-#8 13.87   Verifying        : elfutils-libs-0.190-2.el9.x86_64                    34/181 
-#8 13.87   Verifying        : elfutils-libs-0.189-3.el9.x86_64                    35/181 
-#8 13.87   Verifying        : expat-2.5.0-2.el9_4.1.x86_64                        36/181 
-#8 13.87   Verifying        : expat-2.5.0-1.el9.x86_64                            37/181 
-#8 13.87   Verifying        : file-libs-5.39-16.el9.x86_64                        38/181 
-#8 13.87   Verifying        : file-libs-5.39-14.el9.x86_64                        39/181 
-#8 13.87   Verifying        : glib2-2.68.4-14.el9_4.1.x86_64                      40/181 
-#8 13.87   Verifying        : glib2-2.68.4-11.el9.x86_64                          41/181 
-#8 13.87   Verifying        : glibc-2.34-100.el9_4.4.x86_64                       42/181 
-#8 13.87   Verifying        : glibc-2.34-83.el9_3.12.x86_64                       43/181 
-#8 13.87   Verifying        : glibc-common-2.34-100.el9_4.4.x86_64                44/181 
-#8 13.87   Verifying        : glibc-common-2.34-83.el9_3.12.x86_64                45/181 
-#8 13.87   Verifying        : glibc-minimal-langpack-2.34-100.el9_4.4.x86_64      46/181 
-#8 13.87   Verifying        : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64      47/181 
-#8 13.87   Verifying        : gnutls-3.8.3-4.el9_4.x86_64                         48/181 
-#8 13.87   Verifying        : gnutls-3.7.6-23.el9_3.3.x86_64                      49/181 
-#8 13.87   Verifying        : iproute-6.2.0-6.el9_4.x86_64                        50/181 
-#8 13.87   Verifying        : iproute-6.2.0-5.el9.x86_64                          51/181 
-#8 13.87   Verifying        : krb5-libs-1.21.1-2.el9_4.x86_64                     52/181 
-#8 13.87   Verifying        : krb5-libs-1.21.1-1.el9.x86_64                       53/181 
-#8 13.87   Verifying        : libacl-2.3.1-4.el9.x86_64                           54/181 
-#8 13.87   Verifying        : libacl-2.3.1-3.el9.x86_64                           55/181 
-#8 13.87   Verifying        : libblkid-2.37.4-18.el9.x86_64                       56/181 
-#8 13.87   Verifying        : libblkid-2.37.4-15.el9.x86_64                       57/181 
-#8 13.87   Verifying        : libbpf-2:1.3.0-2.el9.x86_64                         58/181 
-#8 13.87   Verifying        : libbpf-2:1.2.0-1.el9.x86_64                         59/181 
-#8 13.87   Verifying        : libcom_err-1.46.5-5.el9.x86_64                      60/181 
-#8 13.87   Verifying        : libcom_err-1.46.5-3.el9.x86_64                      61/181 
-#8 13.87   Verifying        : libcurl-minimal-7.76.1-29.el9_4.1.x86_64            62/181 
-#8 13.87   Verifying        : libcurl-minimal-7.76.1-26.el9_3.3.x86_64            63/181 
-#8 13.87   Verifying        : libdnf-0.69.0-8.el9_4.1.x86_64                      64/181 
-#8 13.87   Verifying        : libdnf-0.69.0-6.el9_3.x86_64                        65/181 
-#8 13.87   Verifying        : libdnf-plugin-subscription-manager-1.29.40-1.el9    66/181 
-#8 13.87   Verifying        : libdnf-plugin-subscription-manager-1.29.38-1.el9    67/181 
-#8 13.87   Verifying        : libevent-2.1.12-8.el9_4.x86_64                      68/181 
-#8 13.87   Verifying        : libevent-2.1.12-6.el9.x86_64                        69/181 
-#8 13.87   Verifying        : libfdisk-2.37.4-18.el9.x86_64                       70/181 
-#8 13.87   Verifying        : libfdisk-2.37.4-15.el9.x86_64                       71/181 
-#8 13.87   Verifying        : libgcc-11.4.1-3.el9.x86_64                          72/181 
-#8 13.87   Verifying        : libgcc-11.4.1-2.1.el9.x86_64                        73/181 
-#8 13.87   Verifying        : libgomp-11.4.1-3.el9.x86_64                         74/181 
-#8 13.87   Verifying        : libgomp-11.4.1-2.1.el9.x86_64                       75/181 
-#8 13.87   Verifying        : libmnl-1.0.4-16.el9_4.x86_64                        76/181 
-#8 13.87   Verifying        : libmnl-1.0.4-15.el9.x86_64                          77/181 
-#8 13.87   Verifying        : libmount-2.37.4-18.el9.x86_64                       78/181 
-#8 13.87   Verifying        : libmount-2.37.4-15.el9.x86_64                       79/181 
-#8 13.87   Verifying        : libnghttp2-1.43.0-5.el9_4.3.x86_64                  80/181 
-#8 13.87   Verifying        : libnghttp2-1.43.0-5.el9_3.1.x86_64                  81/181 
-#8 13.87   Verifying        : librepo-1.14.5-2.el9.x86_64                         82/181 
-#8 13.87   Verifying        : librepo-1.14.5-1.el9.x86_64                         83/181 
-#8 13.87   Verifying        : libselinux-3.6-1.el9.x86_64                         84/181 
-#8 13.87   Verifying        : libselinux-3.5-1.el9.x86_64                         85/181 
-#8 13.87   Verifying        : libsemanage-3.6-1.el9.x86_64                        86/181 
-#8 13.87   Verifying        : libsemanage-3.5-2.el9.x86_64                        87/181 
-#8 13.87   Verifying        : libsepol-3.6-1.el9.x86_64                           88/181 
-#8 13.87   Verifying        : libsepol-3.5-1.el9.x86_64                           89/181 
-#8 13.87   Verifying        : libsmartcols-2.37.4-18.el9.x86_64                   90/181 
-#8 13.87   Verifying        : libsmartcols-2.37.4-15.el9.x86_64                   91/181 
-#8 13.87   Verifying        : libstdc++-11.4.1-3.el9.x86_64                       92/181 
-#8 13.87   Verifying        : libstdc++-11.4.1-2.1.el9.x86_64                     93/181 
-#8 13.87   Verifying        : libuuid-2.37.4-18.el9.x86_64                        94/181 
-#8 13.87   Verifying        : libuuid-2.37.4-15.el9.x86_64                        95/181 
-#8 13.87   Verifying        : libxml2-2.9.13-6.el9_4.x86_64                       96/181 
-#8 13.87   Verifying        : libxml2-2.9.13-5.el9_3.x86_64                       97/181 
-#8 13.87   Verifying        : nettle-3.9.1-1.el9.x86_64                           98/181 
-#8 13.87   Verifying        : nettle-3.8-3.el9_0.x86_64                           99/181 
-#8 13.87   Verifying        : openldap-2.6.6-3.el9.x86_64                        100/181 
-#8 13.87   Verifying        : openldap-2.6.3-1.el9.x86_64                        101/181 
-#8 13.87   Verifying        : openssl-1:3.0.7-28.el9_4.x86_64                    102/181 
-#8 13.87   Verifying        : openssl-1:3.0.7-25.el9_3.x86_64                    103/181 
-#8 13.87   Verifying        : openssl-libs-1:3.0.7-28.el9_4.x86_64               104/181 
-#8 13.87   Verifying        : openssl-libs-1:3.0.7-25.el9_3.x86_64               105/181 
-#8 13.87   Verifying        : p11-kit-0.25.3-2.el9.x86_64                        106/181 
-#8 13.87   Verifying        : p11-kit-0.24.1-2.el9.x86_64                        107/181 
-#8 13.87   Verifying        : p11-kit-trust-0.25.3-2.el9.x86_64                  108/181 
-#8 13.87   Verifying        : p11-kit-trust-0.24.1-2.el9.x86_64                  109/181 
-#8 13.87   Verifying        : pam-1.5.1-19.el9.x86_64                            110/181 
-#8 13.87   Verifying        : pam-1.5.1-15.el9.x86_64                            111/181 
-#8 13.87   Verifying        : pcre2-10.40-5.el9.x86_64                           112/181 
-#8 13.87   Verifying        : pcre2-10.40-2.el9.x86_64                           113/181 
-#8 13.87   Verifying        : pcre2-syntax-10.40-5.el9.noarch                    114/181 
-#8 13.87   Verifying        : pcre2-syntax-10.40-2.el9.noarch                    115/181 
-#8 13.87   Verifying        : python3-3.9.18-3.el9_4.6.x86_64                    116/181 
-#8 13.87   Verifying        : python3-3.9.18-1.el9_3.1.x86_64                    117/181 
-#8 13.87   Verifying        : python3-cloud-what-1.29.40-1.el9.x86_64            118/181 
-#8 13.87   Verifying        : python3-cloud-what-1.29.38-1.el9_3.x86_64          119/181 
-#8 13.87   Verifying        : python3-dnf-4.14.0-9.el9.noarch                    120/181 
-#8 13.87   Verifying        : python3-dnf-4.14.0-8.el9.noarch                    121/181 
-#8 13.87   Verifying        : python3-dnf-plugins-core-4.3.0-13.el9.noarch       122/181 
-#8 13.87   Verifying        : python3-dnf-plugins-core-4.3.0-11.el9_3.noarch     123/181 
-#8 13.87   Verifying        : python3-hawkey-0.69.0-8.el9_4.1.x86_64             124/181 
-#8 13.87   Verifying        : python3-hawkey-0.69.0-6.el9_3.x86_64               125/181 
-#8 13.87   Verifying        : python3-idna-2.10-7.el9_4.1.noarch                 126/181 
-#8 13.87   Verifying        : python3-idna-2.10-7.el9.noarch                     127/181 
-#8 13.87   Verifying        : python3-libdnf-0.69.0-8.el9_4.1.x86_64             128/181 
-#8 13.87   Verifying        : python3-libdnf-0.69.0-6.el9_3.x86_64               129/181 
-#8 13.87   Verifying        : python3-librepo-1.14.5-2.el9.x86_64                130/181 
-#8 13.87   Verifying        : python3-librepo-1.14.5-1.el9.x86_64                131/181 
-#8 13.87   Verifying        : python3-libs-3.9.18-3.el9_4.6.x86_64               132/181 
-#8 13.87   Verifying        : python3-libs-3.9.18-1.el9_3.1.x86_64               133/181 
-#8 13.87   Verifying        : python3-pip-wheel-21.2.3-8.el9.noarch              134/181 
-#8 13.87   Verifying        : python3-pip-wheel-21.2.3-7.el9_3.1.noarch          135/181 
-#8 13.87   Verifying        : python3-requests-2.25.1-8.el9.noarch               136/181 
-#8 13.87   Verifying        : python3-requests-2.25.1-7.el9_2.noarch             137/181 
-#8 13.88   Verifying        : python3-rpm-4.16.1.3-29.el9.x86_64                 138/181 
-#8 13.88   Verifying        : python3-rpm-4.16.1.3-27.el9_3.x86_64               139/181 
-#8 13.88   Verifying        : python3-setuptools-53.0.0-12.el9_4.1.noarch        140/181 
-#8 13.88   Verifying        : python3-setuptools-53.0.0-12.el9.noarch            141/181 
-#8 13.88   Verifying        : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc   142/181 
-#8 13.88   Verifying        : python3-setuptools-wheel-53.0.0-12.el9.noarch      143/181 
-#8 13.88   Verifying        : python3-subscription-manager-rhsm-1.29.40-1.el9.   144/181 
-#8 13.88   Verifying        : python3-subscription-manager-rhsm-1.29.38-1.el9_   145/181 
-#8 13.88   Verifying        : python3-urllib3-1.26.5-5.el9_4.1.noarch            146/181 
-#8 13.88   Verifying        : python3-urllib3-1.26.5-3.el9_3.1.noarch            147/181 
-#8 13.88   Verifying        : redhat-release-9.4-0.5.el9.x86_64                  148/181 
-#8 13.88   Verifying        : redhat-release-9.3-0.5.el9.x86_64                  149/181 
-#8 13.88   Verifying        : rpm-4.16.1.3-29.el9.x86_64                         150/181 
-#8 13.88   Verifying        : rpm-4.16.1.3-27.el9_3.x86_64                       151/181 
-#8 13.88   Verifying        : rpm-build-libs-4.16.1.3-29.el9.x86_64              152/181 
-#8 13.88   Verifying        : rpm-build-libs-4.16.1.3-27.el9_3.x86_64            153/181 
-#8 13.88   Verifying        : rpm-libs-4.16.1.3-29.el9.x86_64                    154/181 
-#8 13.88   Verifying        : rpm-libs-4.16.1.3-27.el9_3.x86_64                  155/181 
-#8 13.88   Verifying        : rpm-sign-libs-4.16.1.3-29.el9.x86_64               156/181 
-#8 13.88   Verifying        : rpm-sign-libs-4.16.1.3-27.el9_3.x86_64             157/181 
-#8 13.88   Verifying        : setup-2.13.7-10.el9.noarch                         158/181 
-#8 13.88   Verifying        : setup-2.13.7-9.el9.noarch                          159/181 
-#8 13.88   Verifying        : subscription-manager-1.29.40-1.el9.x86_64          160/181 
-#8 13.88   Verifying        : subscription-manager-1.29.38-1.el9_3.x86_64        161/181 
-#8 13.88   Verifying        : systemd-252-32.el9_4.7.x86_64                      162/181 
-#8 13.88   Verifying        : systemd-252-18.el9.x86_64                          163/181 
-#8 13.88   Verifying        : systemd-libs-252-32.el9_4.7.x86_64                 164/181 
-#8 13.88   Verifying        : systemd-libs-252-18.el9.x86_64                     165/181 
-#8 13.88   Verifying        : systemd-pam-252-32.el9_4.7.x86_64                  166/181 
-#8 13.88   Verifying        : systemd-pam-252-18.el9.x86_64                      167/181 
-#8 13.88   Verifying        : systemd-rpm-macros-252-32.el9_4.7.noarch           168/181 
-#8 13.88   Verifying        : systemd-rpm-macros-252-18.el9.noarch               169/181 
-#8 13.88   Verifying        : tar-2:1.34-6.el9_4.1.x86_64                        170/181 
-#8 13.88   Verifying        : tar-2:1.34-6.el9_1.x86_64                          171/181 
-#8 13.88   Verifying        : tzdata-2024b-2.el9.noarch                          172/181 
-#8 13.88   Verifying        : tzdata-2023d-1.el9.noarch                          173/181 
-#8 13.88   Verifying        : util-linux-2.37.4-18.el9.x86_64                    174/181 
-#8 13.88   Verifying        : util-linux-2.37.4-15.el9.x86_64                    175/181 
-#8 13.88   Verifying        : util-linux-core-2.37.4-18.el9.x86_64               176/181 
-#8 13.88   Verifying        : util-linux-core-2.37.4-15.el9.x86_64               177/181 
-#8 13.88   Verifying        : yum-4.14.0-9.el9.noarch                            178/181 
-#8 13.88   Verifying        : yum-4.14.0-8.el9.noarch                            179/181 
-#8 13.88   Verifying        : gdb-gdbserver-10.2-13.el9.x86_64                   180/181 
-#8 13.88   Verifying        : gdb-gdbserver-10.2-11.1.el9_3.x86_64               181/181 
-#8 14.17 Installed products updated.
-#8 14.20 
-#8 14.20 Upgraded:
-#8 14.20   acl-2.3.1-4.el9.x86_64                                                        
-#8 14.20   audit-libs-3.1.2-2.el9.x86_64                                                 
-#8 14.20   bash-5.1.8-9.el9.x86_64                                                       
-#8 14.20   ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch                          
-#8 14.20   coreutils-single-8.32-35.el9.x86_64                                           
-#8 14.20   crypto-policies-20240202-1.git283706d.el9.noarch                              
-#8 14.20   crypto-policies-scripts-20240202-1.git283706d.el9.noarch                      
-#8 14.20   curl-minimal-7.76.1-29.el9_4.1.x86_64                                         
-#8 14.20   dmidecode-1:3.5-3.el9.x86_64                                                  
-#8 14.20   dnf-4.14.0-9.el9.noarch                                                       
-#8 14.20   dnf-data-4.14.0-9.el9.noarch                                                  
-#8 14.20   elfutils-default-yama-scope-0.190-2.el9.noarch                                
-#8 14.20   elfutils-libelf-0.190-2.el9.x86_64                                            
-#8 14.20   elfutils-libs-0.190-2.el9.x86_64                                              
-#8 14.20   expat-2.5.0-2.el9_4.1.x86_64                                                  
-#8 14.20   file-libs-5.39-16.el9.x86_64                                                  
-#8 14.20   gdb-gdbserver-10.2-13.el9.x86_64                                              
-#8 14.20   glib2-2.68.4-14.el9_4.1.x86_64                                                
-#8 14.20   glibc-2.34-100.el9_4.4.x86_64                                                 
-#8 14.20   glibc-common-2.34-100.el9_4.4.x86_64                                          
-#8 14.20   glibc-minimal-langpack-2.34-100.el9_4.4.x86_64                                
-#8 14.20   gnutls-3.8.3-4.el9_4.x86_64                                                   
-#8 14.20   iproute-6.2.0-6.el9_4.x86_64                                                  
-#8 14.20   krb5-libs-1.21.1-2.el9_4.x86_64                                               
-#8 14.20   libacl-2.3.1-4.el9.x86_64                                                     
-#8 14.20   libblkid-2.37.4-18.el9.x86_64                                                 
-#8 14.20   libbpf-2:1.3.0-2.el9.x86_64                                                   
-#8 14.20   libcom_err-1.46.5-5.el9.x86_64                                                
-#8 14.20   libcurl-minimal-7.76.1-29.el9_4.1.x86_64                                      
-#8 14.20   libdnf-0.69.0-8.el9_4.1.x86_64                                                
-#8 14.20   libdnf-plugin-subscription-manager-1.29.40-1.el9.x86_64                       
-#8 14.20   libevent-2.1.12-8.el9_4.x86_64                                                
-#8 14.20   libfdisk-2.37.4-18.el9.x86_64                                                 
-#8 14.20   libgcc-11.4.1-3.el9.x86_64                                                    
-#8 14.20   libgomp-11.4.1-3.el9.x86_64                                                   
-#8 14.20   libmnl-1.0.4-16.el9_4.x86_64                                                  
-#8 14.20   libmount-2.37.4-18.el9.x86_64                                                 
-#8 14.20   libnghttp2-1.43.0-5.el9_4.3.x86_64                                            
-#8 14.20   librepo-1.14.5-2.el9.x86_64                                                   
-#8 14.20   libselinux-3.6-1.el9.x86_64                                                   
-#8 14.20   libsemanage-3.6-1.el9.x86_64                                                  
-#8 14.20   libsepol-3.6-1.el9.x86_64                                                     
-#8 14.20   libsmartcols-2.37.4-18.el9.x86_64                                             
-#8 14.20   libstdc++-11.4.1-3.el9.x86_64                                                 
-#8 14.20   libuuid-2.37.4-18.el9.x86_64                                                  
-#8 14.20   libxml2-2.9.13-6.el9_4.x86_64                                                 
-#8 14.20   nettle-3.9.1-1.el9.x86_64                                                     
-#8 14.20   openldap-2.6.6-3.el9.x86_64                                                   
-#8 14.20   openssl-1:3.0.7-28.el9_4.x86_64                                               
-#8 14.20   openssl-libs-1:3.0.7-28.el9_4.x86_64                                          
-#8 14.20   p11-kit-0.25.3-2.el9.x86_64                                                   
-#8 14.20   p11-kit-trust-0.25.3-2.el9.x86_64                                             
-#8 14.20   pam-1.5.1-19.el9.x86_64                                                       
-#8 14.20   pcre2-10.40-5.el9.x86_64                                                      
-#8 14.20   pcre2-syntax-10.40-5.el9.noarch                                               
-#8 14.20   python3-3.9.18-3.el9_4.6.x86_64                                               
-#8 14.20   python3-cloud-what-1.29.40-1.el9.x86_64                                       
-#8 14.20   python3-dnf-4.14.0-9.el9.noarch                                               
-#8 14.20   python3-dnf-plugins-core-4.3.0-13.el9.noarch                                  
-#8 14.20   python3-hawkey-0.69.0-8.el9_4.1.x86_64                                        
-#8 14.20   python3-idna-2.10-7.el9_4.1.noarch                                            
-#8 14.20   python3-libdnf-0.69.0-8.el9_4.1.x86_64                                        
-#8 14.20   python3-librepo-1.14.5-2.el9.x86_64                                           
-#8 14.20   python3-libs-3.9.18-3.el9_4.6.x86_64                                          
-#8 14.20   python3-pip-wheel-21.2.3-8.el9.noarch                                         
-#8 14.20   python3-requests-2.25.1-8.el9.noarch                                          
-#8 14.20   python3-rpm-4.16.1.3-29.el9.x86_64                                            
-#8 14.20   python3-setuptools-53.0.0-12.el9_4.1.noarch                                   
-#8 14.20   python3-setuptools-wheel-53.0.0-12.el9_4.1.noarch                             
-#8 14.20   python3-subscription-manager-rhsm-1.29.40-1.el9.x86_64                        
-#8 14.20   python3-urllib3-1.26.5-5.el9_4.1.noarch                                       
-#8 14.20   redhat-release-9.4-0.5.el9.x86_64                                             
-#8 14.20   rpm-4.16.1.3-29.el9.x86_64                                                    
-#8 14.20   rpm-build-libs-4.16.1.3-29.el9.x86_64                                         
-#8 14.20   rpm-libs-4.16.1.3-29.el9.x86_64                                               
-#8 14.20   rpm-sign-libs-4.16.1.3-29.el9.x86_64                                          
-#8 14.20   setup-2.13.7-10.el9.noarch                                                    
-#8 14.20   subscription-manager-1.29.40-1.el9.x86_64                                     
-#8 14.20   systemd-252-32.el9_4.7.x86_64                                                 
-#8 14.20   systemd-libs-252-32.el9_4.7.x86_64                                            
-#8 14.20   systemd-pam-252-32.el9_4.7.x86_64                                             
-#8 14.20   systemd-rpm-macros-252-32.el9_4.7.noarch                                      
-#8 14.20   tar-2:1.34-6.el9_4.1.x86_64                                                   
-#8 14.20   tzdata-2024b-2.el9.noarch                                                     
-#8 14.20   util-linux-2.37.4-18.el9.x86_64                                               
-#8 14.20   util-linux-core-2.37.4-18.el9.x86_64                                          
-#8 14.20   yum-4.14.0-9.el9.noarch                                                       
-#8 14.20 Installed:
-#8 14.20   diffutils-3.7-12.el9.x86_64                                                   
-#8 14.20   glibc-langpack-en-2.34-100.el9_4.4.x86_64                                     
-#8 14.20   libselinux-utils-3.6-1.el9.x86_64                                             
-#8 14.20   libxcrypt-compat-4.4.18-3.el9.x86_64                                          
-#8 14.20   openssl-fips-provider-3.0.7-2.el9.x86_64                                      
-#8 14.20   policycoreutils-3.6-2.1.el9.x86_64                                            
-#8 14.20   rpm-plugin-systemd-inhibit-4.16.1.3-29.el9.x86_64                             
-#8 14.20 
-#8 14.20 Complete!
-#8 DONE 14.5s
+#8 0.479 Updating Subscription Management repositories.
+#8 0.479 Unable to read consumer identity
+#8 0.484 
+#8 0.484 This system is not registered with an entitlement server. You can use subscription-manager to register.
+#8 0.484 
+#8 0.806 Red Hat Universal Base Image 9 (RPMs) - BaseOS  1.9 MB/s | 524 kB     00:00    
+#8 1.331 Red Hat Universal Base Image 9 (RPMs) - AppStre 4.9 MB/s | 2.1 MB     00:00    
+#8 1.862 Dependencies resolved.
+#8 1.871 =======================================================================================================
+#8 1.871  Package                              Arch    Version                       Repository             Size
+#8 1.871 =======================================================================================================
+#8 1.871 Upgrading:
+#8 1.871  acl                                  x86_64  2.3.1-4.el9                   ubi-9-baseos-rpms      75 k
+#8 1.871  audit-libs                           x86_64  3.1.2-2.el9                   ubi-9-baseos-rpms     121 k
+#8 1.871  bash                                 x86_64  5.1.8-9.el9                   ubi-9-baseos-rpms     1.7 M
+#8 1.871  ca-certificates                      noarch  2024.2.69_v8.0.303-91.4.el9_4 ubi-9-baseos-rpms     1.0 M
+#8 1.871  coreutils-single                     x86_64  8.32-35.el9                   ubi-9-baseos-rpms     625 k
+#8 1.871  crypto-policies                      noarch  20240202-1.git283706d.el9     ubi-9-baseos-rpms      88 k
+#8 1.871  crypto-policies-scripts              noarch  20240202-1.git283706d.el9     ubi-9-baseos-rpms      98 k
+#8 1.871  curl-minimal                         x86_64  7.76.1-29.el9_4.1             ubi-9-baseos-rpms     129 k
+#8 1.871  dmidecode                            x86_64  1:3.5-3.el9                   ubi-9-baseos-rpms     101 k
+#8 1.871  dnf                                  noarch  4.14.0-9.el9                  ubi-9-baseos-rpms     486 k
+#8 1.871  dnf-data                             noarch  4.14.0-9.el9                  ubi-9-baseos-rpms      44 k
+#8 1.871  elfutils-default-yama-scope          noarch  0.190-2.el9                   ubi-9-baseos-rpms      12 k
+#8 1.871  elfutils-libelf                      x86_64  0.190-2.el9                   ubi-9-baseos-rpms     196 k
+#8 1.871  elfutils-libs                        x86_64  0.190-2.el9                   ubi-9-baseos-rpms     258 k
+#8 1.871  expat                                x86_64  2.5.0-2.el9_4.1               ubi-9-baseos-rpms     119 k
+#8 1.871  file-libs                            x86_64  5.39-16.el9                   ubi-9-baseos-rpms     593 k
+#8 1.871  gdb-gdbserver                        x86_64  10.2-13.el9                   ubi-9-appstream-rpms  282 k
+#8 1.871  glib2                                x86_64  2.68.4-14.el9_4.1             ubi-9-baseos-rpms     2.6 M
+#8 1.871  glibc                                x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms     2.0 M
+#8 1.871  glibc-common                         x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms     307 k
+#8 1.871  glibc-minimal-langpack               x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms      21 k
+#8 1.871  gnutls                               x86_64  3.8.3-4.el9_4                 ubi-9-baseos-rpms     1.1 M
+#8 1.871  iproute                              x86_64  6.2.0-6.el9_4                 ubi-9-baseos-rpms     819 k
+#8 1.871  krb5-libs                            x86_64  1.21.1-2.el9_4                ubi-9-baseos-rpms     770 k
+#8 1.871  libacl                               x86_64  2.3.1-4.el9                   ubi-9-baseos-rpms      24 k
+#8 1.871  libblkid                             x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     110 k
+#8 1.871  libbpf                               x86_64  2:1.3.0-2.el9                 ubi-9-baseos-rpms     174 k
+#8 1.871  libcom_err                           x86_64  1.46.5-5.el9                  ubi-9-baseos-rpms      28 k
+#8 1.871  libcurl-minimal                      x86_64  7.76.1-29.el9_4.1             ubi-9-baseos-rpms     228 k
+#8 1.871  libdnf                               x86_64  0.69.0-8.el9_4.1              ubi-9-baseos-rpms     664 k
+#8 1.871  libdnf-plugin-subscription-manager   x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms      64 k
+#8 1.871  libevent                             x86_64  2.1.12-8.el9_4                ubi-9-baseos-rpms     266 k
+#8 1.871  libfdisk                             x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     157 k
+#8 1.871  libgcc                               x86_64  11.4.1-3.el9                  ubi-9-baseos-rpms      95 k
+#8 1.871  libgomp                              x86_64  11.4.1-3.el9                  ubi-9-baseos-rpms     270 k
+#8 1.871  libmnl                               x86_64  1.0.4-16.el9_4                ubi-9-baseos-rpms      30 k
+#8 1.871  libmount                             x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     138 k
+#8 1.871  libnghttp2                           x86_64  1.43.0-5.el9_4.3              ubi-9-baseos-rpms      75 k
+#8 1.871  librepo                              x86_64  1.14.5-2.el9                  ubi-9-baseos-rpms      90 k
+#8 1.871  libselinux                           x86_64  3.6-1.el9                     ubi-9-baseos-rpms      88 k
+#8 1.871  libsemanage                          x86_64  3.6-1.el9                     ubi-9-baseos-rpms     121 k
+#8 1.871  libsepol                             x86_64  3.6-1.el9                     ubi-9-baseos-rpms     331 k
+#8 1.871  libsmartcols                         x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms      66 k
+#8 1.871  libstdc++                            x86_64  11.4.1-3.el9                  ubi-9-baseos-rpms     747 k
+#8 1.871  libuuid                              x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms      30 k
+#8 1.871  libxml2                              x86_64  2.9.13-6.el9_4                ubi-9-baseos-rpms     752 k
+#8 1.871  nettle                               x86_64  3.9.1-1.el9                   ubi-9-baseos-rpms     564 k
+#8 1.871  openldap                             x86_64  2.6.6-3.el9                   ubi-9-baseos-rpms     286 k
+#8 1.871  openssl                              x86_64  1:3.0.7-28.el9_4              ubi-9-baseos-rpms     1.2 M
+#8 1.871  openssl-libs                         x86_64  1:3.0.7-28.el9_4              ubi-9-baseos-rpms     1.9 M
+#8 1.871  p11-kit                              x86_64  0.25.3-2.el9                  ubi-9-baseos-rpms     537 k
+#8 1.871  p11-kit-trust                        x86_64  0.25.3-2.el9                  ubi-9-baseos-rpms     145 k
+#8 1.871  pam                                  x86_64  1.5.1-19.el9                  ubi-9-baseos-rpms     631 k
+#8 1.871  pcre2                                x86_64  10.40-5.el9                   ubi-9-baseos-rpms     236 k
+#8 1.871  pcre2-syntax                         noarch  10.40-5.el9                   ubi-9-baseos-rpms     145 k
+#8 1.871  python3                              x86_64  3.9.18-3.el9_4.6              ubi-9-baseos-rpms      29 k
+#8 1.871  python3-cloud-what                   x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms      81 k
+#8 1.871  python3-dnf                          noarch  4.14.0-9.el9                  ubi-9-baseos-rpms     466 k
+#8 1.871  python3-dnf-plugins-core             noarch  4.3.0-13.el9                  ubi-9-baseos-rpms     268 k
+#8 1.871  python3-hawkey                       x86_64  0.69.0-8.el9_4.1              ubi-9-baseos-rpms     106 k
+#8 1.871  python3-idna                         noarch  2.10-7.el9_4.1                ubi-9-baseos-rpms     106 k
+#8 1.871  python3-libdnf                       x86_64  0.69.0-8.el9_4.1              ubi-9-baseos-rpms     783 k
+#8 1.871  python3-librepo                      x86_64  1.14.5-2.el9                  ubi-9-baseos-rpms      50 k
+#8 1.871  python3-libs                         x86_64  3.9.18-3.el9_4.6              ubi-9-baseos-rpms     7.9 M
+#8 1.871  python3-pip-wheel                    noarch  21.2.3-8.el9                  ubi-9-baseos-rpms     1.1 M
+#8 1.871  python3-requests                     noarch  2.25.1-8.el9                  ubi-9-baseos-rpms     129 k
+#8 1.871  python3-rpm                          x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms      69 k
+#8 1.871  python3-setuptools                   noarch  53.0.0-12.el9_4.1             ubi-9-baseos-rpms     947 k
+#8 1.871  python3-setuptools-wheel             noarch  53.0.0-12.el9_4.1             ubi-9-baseos-rpms     469 k
+#8 1.871  python3-subscription-manager-rhsm    x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms     166 k
+#8 1.871  python3-urllib3                      noarch  1.26.5-5.el9_4.1              ubi-9-baseos-rpms     219 k
+#8 1.871  redhat-release                       x86_64  9.4-0.5.el9                   ubi-9-baseos-rpms      46 k
+#8 1.871  rpm                                  x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms     541 k
+#8 1.871  rpm-build-libs                       x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms      90 k
+#8 1.871  rpm-libs                             x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms     310 k
+#8 1.871  rpm-sign-libs                        x86_64  4.16.1.3-29.el9               ubi-9-baseos-rpms      22 k
+#8 1.871  setup                                noarch  2.13.7-10.el9                 ubi-9-baseos-rpms     150 k
+#8 1.871  subscription-manager                 x86_64  1.29.40-1.el9                 ubi-9-baseos-rpms     917 k
+#8 1.871  systemd                              x86_64  252-32.el9_4.7                ubi-9-baseos-rpms     4.2 M
+#8 1.871  systemd-libs                         x86_64  252-32.el9_4.7                ubi-9-baseos-rpms     679 k
+#8 1.871  systemd-pam                          x86_64  252-32.el9_4.7                ubi-9-baseos-rpms     282 k
+#8 1.871  systemd-rpm-macros                   noarch  252-32.el9_4.7                ubi-9-baseos-rpms      71 k
+#8 1.871  tar                                  x86_64  2:1.34-6.el9_4.1              ubi-9-baseos-rpms     889 k
+#8 1.871  tzdata                               noarch  2024b-2.el9                   ubi-9-baseos-rpms     841 k
+#8 1.871  util-linux                           x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     2.3 M
+#8 1.871  util-linux-core                      x86_64  2.37.4-18.el9                 ubi-9-baseos-rpms     469 k
+#8 1.871  yum                                  noarch  4.14.0-9.el9                  ubi-9-baseos-rpms      93 k
+#8 1.871 Installing dependencies:
+#8 1.871  diffutils                            x86_64  3.7-12.el9                    ubi-9-baseos-rpms     402 k
+#8 1.871  libselinux-utils                     x86_64  3.6-1.el9                     ubi-9-baseos-rpms     194 k
+#8 1.871  openssl-fips-provider                x86_64  3.0.7-2.el9                   ubi-9-baseos-rpms     576 k
+#8 1.871  policycoreutils                      x86_64  3.6-2.1.el9                   ubi-9-baseos-rpms     246 k
+#8 1.871 Installing weak dependencies:
+#8 1.871  glibc-langpack-en                    x86_64  2.34-100.el9_4.4              ubi-9-baseos-rpms     659 k
+#8 1.871  libxcrypt-compat                     x86_64  4.4.18-3.el9                  ubi-9-appstream-rpms   91 k
+#8 1.871  rpm-plugin-systemd-inhibit           x86_64  4.16.1.3-29.el9               ubi-9-appstream-rpms   18 k
+#8 1.871 
+#8 1.871 Transaction Summary
+#8 1.871 =======================================================================================================
+#8 1.871 Install   7 Packages
+#8 1.871 Upgrade  87 Packages
+#8 1.871 
+#8 1.875 Total download size: 50 M
+#8 1.876 Downloading Packages:
+#8 2.112 (1/94): diffutils-3.7-12.el9.x86_64.rpm         1.7 MB/s | 402 kB     00:00    
+#8 2.117 (2/94): libselinux-utils-3.6-1.el9.x86_64.rpm   829 kB/s | 194 kB     00:00    
+#8 2.133 (3/94): glibc-langpack-en-2.34-100.el9_4.4.x86_ 2.6 MB/s | 659 kB     00:00    
+#8 2.147 (4/94): policycoreutils-3.6-2.1.el9.x86_64.rpm  8.3 MB/s | 246 kB     00:00    
+#8 2.162 (5/94): openssl-fips-provider-3.0.7-2.el9.x86_6  11 MB/s | 576 kB     00:00    
+#8 2.164 (6/94): rpm-plugin-systemd-inhibit-4.16.1.3-29. 1.0 MB/s |  18 kB     00:00    
+#8 2.171 (7/94): libxcrypt-compat-4.4.18-3.el9.x86_64.rp 2.3 MB/s |  91 kB     00:00    
+#8 2.179 (8/94): acl-2.3.1-4.el9.x86_64.rpm              4.5 MB/s |  75 kB     00:00    
+#8 2.183 (9/94): audit-libs-3.1.2-2.el9.x86_64.rpm       6.7 MB/s | 121 kB     00:00    
+#8 2.210 (10/94): ca-certificates-2024.2.69_v8.0.303-91.  32 MB/s | 1.0 MB     00:00    
+#8 2.219 (11/94): coreutils-single-8.32-35.el9.x86_64.rp  17 MB/s | 625 kB     00:00    
+#8 2.231 (12/94): bash-5.1.8-9.el9.x86_64.rpm             29 MB/s | 1.7 MB     00:00    
+#8 2.235 (13/94): crypto-policies-20240202-1.git283706d. 3.6 MB/s |  88 kB     00:00    
+#8 2.238 (14/94): crypto-policies-scripts-20240202-1.git 5.0 MB/s |  98 kB     00:00    
+#8 2.248 (15/94): curl-minimal-7.76.1-29.el9_4.1.x86_64. 7.6 MB/s | 129 kB     00:00    
+#8 2.252 (16/94): dmidecode-3.5-3.el9.x86_64.rpm         5.9 MB/s | 101 kB     00:00    
+#8 2.260 (17/94): dnf-4.14.0-9.el9.noarch.rpm             22 MB/s | 486 kB     00:00    
+#8 2.264 (18/94): dnf-data-4.14.0-9.el9.noarch.rpm       2.8 MB/s |  44 kB     00:00    
+#8 2.268 (19/94): elfutils-default-yama-scope-0.190-2.el 842 kB/s |  12 kB     00:00    
+#8 2.278 (20/94): elfutils-libelf-0.190-2.el9.x86_64.rpm  11 MB/s | 196 kB     00:00    
+#8 2.284 (21/94): expat-2.5.0-2.el9_4.1.x86_64.rpm       7.3 MB/s | 119 kB     00:00    
+#8 2.298 (22/94): elfutils-libs-0.190-2.el9.x86_64.rpm   8.3 MB/s | 258 kB     00:00    
+#8 2.310 (23/94): file-libs-5.39-16.el9.x86_64.rpm        19 MB/s | 593 kB     00:00    
+#8 2.336 (24/94): glibc-2.34-100.el9_4.4.x86_64.rpm       49 MB/s | 2.0 MB     00:00    
+#8 2.351 (25/94): glib2-2.68.4-14.el9_4.1.x86_64.rpm      40 MB/s | 2.6 MB     00:00    
+#8 2.355 (26/94): glibc-common-2.34-100.el9_4.4.x86_64.r 6.8 MB/s | 307 kB     00:00    
+#8 2.363 (27/94): glibc-minimal-langpack-2.34-100.el9_4. 777 kB/s |  21 kB     00:00    
+#8 2.383 (28/94): iproute-6.2.0-6.el9_4.x86_64.rpm        29 MB/s | 819 kB     00:00    
+#8 2.393 (29/94): gnutls-3.8.3-4.el9_4.x86_64.rpm         29 MB/s | 1.1 MB     00:00    
+#8 2.400 (30/94): libacl-2.3.1-4.el9.x86_64.rpm          1.5 MB/s |  24 kB     00:00    
+#8 2.409 (31/94): krb5-libs-1.21.1-2.el9_4.x86_64.rpm     17 MB/s | 770 kB     00:00    
+#8 2.413 (32/94): libblkid-2.37.4-18.el9.x86_64.rpm      5.7 MB/s | 110 kB     00:00    
+#8 2.420 (33/94): libbpf-1.3.0-2.el9.x86_64.rpm          8.9 MB/s | 174 kB     00:00    
+#8 2.425 (34/94): libcom_err-1.46.5-5.el9.x86_64.rpm     1.8 MB/s |  28 kB     00:00    
+#8 2.432 (35/94): libcurl-minimal-7.76.1-29.el9_4.1.x86_  12 MB/s | 228 kB     00:00    
+#8 2.443 (36/94): libdnf-0.69.0-8.el9_4.1.x86_64.rpm      29 MB/s | 664 kB     00:00    
+#8 2.446 (37/94): libdnf-plugin-subscription-manager-1.2 3.0 MB/s |  64 kB     00:00    
+#8 2.452 (38/94): libevent-2.1.12-8.el9_4.x86_64.rpm      14 MB/s | 266 kB     00:00    
+#8 2.461 (39/94): libfdisk-2.37.4-18.el9.x86_64.rpm      8.8 MB/s | 157 kB     00:00    
+#8 2.465 (40/94): libgcc-11.4.1-3.el9.x86_64.rpm         5.2 MB/s |  95 kB     00:00    
+#8 2.470 (41/94): libgomp-11.4.1-3.el9.x86_64.rpm         15 MB/s | 270 kB     00:00    
+#8 2.478 (42/94): libmnl-1.0.4-16.el9_4.x86_64.rpm       1.9 MB/s |  30 kB     00:00    
+#8 2.483 (43/94): libmount-2.37.4-18.el9.x86_64.rpm      7.6 MB/s | 138 kB     00:00    
+#8 2.487 (44/94): libnghttp2-1.43.0-5.el9_4.3.x86_64.rpm 4.5 MB/s |  75 kB     00:00    
+#8 2.495 (45/94): librepo-1.14.5-2.el9.x86_64.rpm        5.2 MB/s |  90 kB     00:00    
+#8 2.503 (46/94): libselinux-3.6-1.el9.x86_64.rpm        5.3 MB/s |  88 kB     00:00    
+#8 2.507 (47/94): libsemanage-3.6-1.el9.x86_64.rpm       6.1 MB/s | 121 kB     00:00    
+#8 2.519 (48/94): libsepol-3.6-1.el9.x86_64.rpm           14 MB/s | 331 kB     00:00    
+#8 2.522 (49/94): libsmartcols-2.37.4-18.el9.x86_64.rpm  3.1 MB/s |  66 kB     00:00    
+#8 2.545 (50/94): libstdc++-11.4.1-3.el9.x86_64.rpm       21 MB/s | 747 kB     00:00    
+#8 2.547 (51/94): libuuid-2.37.4-18.el9.x86_64.rpm       1.1 MB/s |  30 kB     00:00    
+#8 2.556 (52/94): libxml2-2.9.13-6.el9_4.x86_64.rpm       22 MB/s | 752 kB     00:00    
+#8 2.569 (53/94): nettle-3.9.1-1.el9.x86_64.rpm           23 MB/s | 564 kB     00:00    
+#8 2.575 (54/94): openldap-2.6.6-3.el9.x86_64.rpm         10 MB/s | 286 kB     00:00    
+#8 2.588 (55/94): openssl-3.0.7-28.el9_4.x86_64.rpm       38 MB/s | 1.2 MB     00:00    
+#8 2.600 (56/94): p11-kit-0.25.3-2.el9.x86_64.rpm         21 MB/s | 537 kB     00:00    
+#8 2.608 (57/94): p11-kit-trust-0.25.3-2.el9.x86_64.rpm  7.4 MB/s | 145 kB     00:00    
+#8 2.629 (58/94): openssl-libs-3.0.7-28.el9_4.x86_64.rpm  32 MB/s | 1.9 MB     00:00    
+#8 2.636 (59/94): pam-1.5.1-19.el9.x86_64.rpm             18 MB/s | 631 kB     00:00    
+#8 2.641 (60/94): pcre2-10.40-5.el9.x86_64.rpm           7.3 MB/s | 236 kB     00:00    
+#8 2.647 (61/94): pcre2-syntax-10.40-5.el9.noarch.rpm    8.2 MB/s | 145 kB     00:00    
+#8 2.653 (62/94): python3-3.9.18-3.el9_4.6.x86_64.rpm    1.8 MB/s |  29 kB     00:00    
+#8 2.657 (63/94): python3-cloud-what-1.29.40-1.el9.x86_6 5.0 MB/s |  81 kB     00:00    
+#8 2.667 (64/94): python3-dnf-4.14.0-9.el9.noarch.rpm     23 MB/s | 466 kB     00:00    
+#8 2.673 (65/94): python3-dnf-plugins-core-4.3.0-13.el9.  14 MB/s | 268 kB     00:00    
+#8 2.676 (66/94): python3-hawkey-0.69.0-8.el9_4.1.x86_64 5.5 MB/s | 106 kB     00:00    
+#8 2.685 (67/94): python3-idna-2.10-7.el9_4.1.noarch.rpm 6.3 MB/s | 106 kB     00:00    
+#8 2.698 (68/94): python3-libdnf-0.69.0-8.el9_4.1.x86_64  31 MB/s | 783 kB     00:00    
+#8 2.704 (69/94): python3-librepo-1.14.5-2.el9.x86_64.rp 1.8 MB/s |  50 kB     00:00    
+#8 2.727 (70/94): python3-requests-2.25.1-8.el9.noarch.r 5.9 MB/s | 129 kB     00:00    
+#8 2.740 (71/94): python3-pip-wheel-21.2.3-8.el9.noarch.  27 MB/s | 1.1 MB     00:00    
+#8 2.746 (72/94): python3-rpm-4.16.1.3-29.el9.x86_64.rpm 3.7 MB/s |  69 kB     00:00    
+#8 2.770 (73/94): python3-setuptools-53.0.0-12.el9_4.1.n  33 MB/s | 947 kB     00:00    
+#8 2.777 (74/94): python3-setuptools-wheel-53.0.0-12.el9  15 MB/s | 469 kB     00:00    
+#8 2.788 (75/94): python3-subscription-manager-rhsm-1.29 9.1 MB/s | 166 kB     00:00    
+#8 2.830 (76/94): python3-libs-3.9.18-3.el9_4.6.x86_64.r  54 MB/s | 7.9 MB     00:00    
+#8 2.836 (77/94): redhat-release-9.4-0.5.el9.x86_64.rpm  966 kB/s |  46 kB     00:00    
+#8 2.843 (78/94): python3-urllib3-1.26.5-5.el9_4.1.noarc 3.3 MB/s | 219 kB     00:00    
+#8 2.852 (79/94): rpm-4.16.1.3-29.el9.x86_64.rpm          25 MB/s | 541 kB     00:00    
+#8 2.856 (80/94): rpm-build-libs-4.16.1.3-29.el9.x86_64. 4.9 MB/s |  90 kB     00:00    
+#8 2.862 (81/94): rpm-libs-4.16.1.3-29.el9.x86_64.rpm     16 MB/s | 310 kB     00:00    
+#8 2.868 (82/94): rpm-sign-libs-4.16.1.3-29.el9.x86_64.r 1.4 MB/s |  22 kB     00:00    
+#8 2.873 (83/94): setup-2.13.7-10.el9.noarch.rpm         8.7 MB/s | 150 kB     00:00    
+#8 2.890 (84/94): subscription-manager-1.29.40-1.el9.x86  34 MB/s | 917 kB     00:00    
+#8 2.904 (85/94): systemd-libs-252-32.el9_4.7.x86_64.rpm  22 MB/s | 679 kB     00:00    
+#8 2.910 (86/94): systemd-pam-252-32.el9_4.7.x86_64.rpm   14 MB/s | 282 kB     00:00    
+#8 2.921 (87/94): systemd-rpm-macros-252-32.el9_4.7.noar 4.4 MB/s |  71 kB     00:00    
+#8 2.938 (88/94): tar-1.34-6.el9_4.1.x86_64.rpm           32 MB/s | 889 kB     00:00    
+#8 2.974 (89/94): systemd-252-32.el9_4.7.x86_64.rpm       40 MB/s | 4.2 MB     00:00    
+#8 2.986 (90/94): tzdata-2024b-2.el9.noarch.rpm           13 MB/s | 841 kB     00:00    
+#8 2.996 (91/94): util-linux-core-2.37.4-18.el9.x86_64.r  21 MB/s | 469 kB     00:00    
+#8 3.004 (92/94): yum-4.14.0-9.el9.noarch.rpm            5.4 MB/s |  93 kB     00:00    
+#8 3.016 (93/94): util-linux-2.37.4-18.el9.x86_64.rpm     30 MB/s | 2.3 MB     00:00    
+#8 3.021 (94/94): gdb-gdbserver-10.2-13.el9.x86_64.rpm    11 MB/s | 282 kB     00:00    
+#8 3.025 --------------------------------------------------------------------------------
+#8 3.026 Total                                            44 MB/s |  50 MB     00:01     
+#8 4.592 Running transaction check
+#8 4.795 Transaction check succeeded.
+#8 4.795 Running transaction test
+#8 5.457 Transaction test succeeded.
+#8 5.460 Running transaction
+#8 6.771   Preparing        :                                                        1/1 
+#8 6.835   Upgrading        : libgcc-11.4.1-3.el9.x86_64                           1/181 
+#8 6.841   Running scriptlet: libgcc-11.4.1-3.el9.x86_64                           1/181 
+#8 6.871   Upgrading        : crypto-policies-20240202-1.git283706d.el9.noarch     2/181 
+#8 6.877   Running scriptlet: crypto-policies-20240202-1.git283706d.el9.noarch     2/181 
+#8 7.025   Upgrading        : tzdata-2024b-2.el9.noarch                            3/181 
+#8 7.077   Upgrading        : bash-5.1.8-9.el9.x86_64                              4/181 
+#8 7.085   Running scriptlet: bash-5.1.8-9.el9.x86_64                              4/181 
+#8 7.098   Upgrading        : glibc-common-2.34-100.el9_4.4.x86_64                 5/181 
+#8 7.105   Upgrading        : glibc-minimal-langpack-2.34-100.el9_4.4.x86_64       6/181 
+#8 7.108   Running scriptlet: glibc-2.34-100.el9_4.4.x86_64                        7/181 
+#8 7.157   Upgrading        : glibc-2.34-100.el9_4.4.x86_64                        7/181 
+#8 7.167   Running scriptlet: glibc-2.34-100.el9_4.4.x86_64                        7/181 
+#8 7.254   Installing       : glibc-langpack-en-2.34-100.el9_4.4.x86_64            8/181 
+#8 7.269   Upgrading        : audit-libs-3.1.2-2.el9.x86_64                        9/181 
+#8 7.275   Upgrading        : libacl-2.3.1-4.el9.x86_64                           10/181 
+#8 7.280   Upgrading        : libuuid-2.37.4-18.el9.x86_64                        11/181 
+#8 7.299   Upgrading        : p11-kit-0.25.3-2.el9.x86_64                         12/181 
+#8 7.310   Upgrading        : elfutils-libelf-0.190-2.el9.x86_64                  13/181 
+#8 7.320   Upgrading        : libsepol-3.6-1.el9.x86_64                           14/181 
+#8 7.326   Upgrading        : libsmartcols-2.37.4-18.el9.x86_64                   15/181 
+#8 7.345   Upgrading        : libstdc++-11.4.1-3.el9.x86_64                       16/181 
+#8 7.355   Upgrading        : p11-kit-trust-0.25.3-2.el9.x86_64                   17/181 
+#8 7.359   Running scriptlet: p11-kit-trust-0.25.3-2.el9.x86_64                   17/181 
+#8 7.372   Upgrading        : dmidecode-1:3.5-3.el9.x86_64                        18/181 
+#8 7.385   Upgrading        : libcom_err-1.46.5-5.el9.x86_64                      19/181 
+#8 7.391   Upgrading        : libbpf-2:1.3.0-2.el9.x86_64                         20/181 
+#8 7.398   Upgrading        : acl-2.3.1-4.el9.x86_64                              21/181 
+#8 7.409   Installing       : diffutils-3.7-12.el9.x86_64                         22/181 
+#8 7.417   Installing       : libxcrypt-compat-4.4.18-3.el9.x86_64                23/181 
+#8 7.424   Upgrading        : expat-2.5.0-2.el9_4.1.x86_64                        24/181 
+#8 7.473   Upgrading        : file-libs-5.39-16.el9.x86_64                        25/181 
+#8 7.494   Upgrading        : libgomp-11.4.1-3.el9.x86_64                         26/181 
+#8 7.501   Upgrading        : libmnl-1.0.4-16.el9_4.x86_64                        27/181 
+#8 7.509   Upgrading        : libnghttp2-1.43.0-5.el9_4.3.x86_64                  28/181 
+#8 7.526   Upgrading        : libxml2-2.9.13-6.el9_4.x86_64                       29/181 
+#8 7.540   Upgrading        : nettle-3.9.1-1.el9.x86_64                           30/181 
+#8 7.563   Upgrading        : gnutls-3.8.3-4.el9_4.x86_64                         31/181 
+#8 7.570   Upgrading        : systemd-rpm-macros-252-32.el9_4.7.noarch            32/181 
+#8 7.583   Upgrading        : redhat-release-9.4-0.5.el9.x86_64                   33/181 
+#8 7.595   Upgrading        : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc    34/181 
+#8 7.602   Upgrading        : pcre2-syntax-10.40-5.el9.noarch                     35/181 
+#8 7.611   Upgrading        : pcre2-10.40-5.el9.x86_64                            36/181 
+#8 7.617   Upgrading        : libselinux-3.6-1.el9.x86_64                         37/181 
+#8 7.641   Upgrading        : coreutils-single-8.32-35.el9.x86_64                 38/181 
+#8 7.651   Upgrading        : libblkid-2.37.4-18.el9.x86_64                       39/181 
+#8 7.655   Running scriptlet: libblkid-2.37.4-18.el9.x86_64                       39/181 
+#8 7.667   Upgrading        : libmount-2.37.4-18.el9.x86_64                       40/181 
+#8 7.719   Upgrading        : glib2-2.68.4-14.el9_4.1.x86_64                      41/181 
+#8 7.734   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    42/181 
+#8 7.760   Upgrading        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    42/181 
+#8 7.769   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    42/181 
+#8 8.752   Upgrading        : libfdisk-2.37.4-18.el9.x86_64                       43/181 
+#8 8.770   Installing       : libselinux-utils-3.6-1.el9.x86_64                   44/181 
+#8 8.783   Upgrading        : python3-pip-wheel-21.2.3-8.el9.noarch               45/181 
+#8 8.795   Installing       : openssl-fips-provider-3.0.7-2.el9.x86_64            46/181 
+#8 8.835   Upgrading        : openssl-libs-1:3.0.7-28.el9_4.x86_64                47/181 
+#8 8.844   Upgrading        : python3-3.9.18-3.el9_4.6.x86_64                     48/181 
+#8 9.231   Upgrading        : python3-libs-3.9.18-3.el9_4.6.x86_64                49/181 
+#8 9.264   Upgrading        : systemd-libs-252-32.el9_4.7.x86_64                  50/181 
+#8 9.271   Running scriptlet: systemd-libs-252-32.el9_4.7.x86_64                  50/181 
+#8 9.293   Upgrading        : python3-idna-2.10-7.el9_4.1.noarch                  51/181 
+#8 9.313   Upgrading        : python3-urllib3-1.26.5-5.el9_4.1.noarch             52/181 
+#8 9.328   Upgrading        : python3-requests-2.25.1-8.el9.noarch                53/181 
+#8 9.339   Upgrading        : python3-cloud-what-1.29.40-1.el9.x86_64             54/181 
+#8 9.367   Upgrading        : util-linux-core-2.37.4-18.el9.x86_64                55/181 
+#8 9.375   Running scriptlet: util-linux-core-2.37.4-18.el9.x86_64                55/181 
+#8 9.442   Upgrading        : python3-setuptools-53.0.0-12.el9_4.1.noarch         56/181 
+#8 9.481   Upgrading        : krb5-libs-1.21.1-2.el9_4.x86_64                     57/181 
+#8 9.496   Upgrading        : libcurl-minimal-7.76.1-29.el9_4.1.x86_64            58/181 
+#8 9.504   Upgrading        : librepo-1.14.5-2.el9.x86_64                         59/181 
+#8 9.510   Upgrading        : python3-librepo-1.14.5-2.el9.x86_64                 60/181 
+#8 9.517   Upgrading        : curl-minimal-7.76.1-29.el9_4.1.x86_64               61/181 
+#8 9.545   Upgrading        : rpm-4.16.1.3-29.el9.x86_64                          62/181 
+#8 9.562   Upgrading        : rpm-libs-4.16.1.3-29.el9.x86_64                     63/181 
+#8 9.579   Upgrading        : libdnf-0.69.0-8.el9_4.1.x86_64                      64/181 
+#8 9.608   Upgrading        : python3-libdnf-0.69.0-8.el9_4.1.x86_64              65/181 
+#8 9.618   Upgrading        : python3-hawkey-0.69.0-8.el9_4.1.x86_64              66/181 
+#8 9.625   Upgrading        : libdnf-plugin-subscription-manager-1.29.40-1.el9    67/181 
+#8 9.630   Installing       : rpm-plugin-systemd-inhibit-4.16.1.3-29.el9.x86_6    68/181 
+#8 9.634   Upgrading        : rpm-sign-libs-4.16.1.3-29.el9.x86_64                69/181 
+#8 9.646   Upgrading        : libevent-2.1.12-8.el9_4.x86_64                      70/181 
+#8 9.686   Upgrading        : openssl-1:3.0.7-28.el9_4.x86_64                     71/181 
+#8 9.757   Upgrading        : pam-1.5.1-19.el9.x86_64                             72/181 
+#8 9.847   Upgrading        : util-linux-2.37.4-18.el9.x86_64                     73/181 
+#8 9.899   Upgrading        : iproute-6.2.0-6.el9_4.x86_64                        74/181 
+#8 9.914   Upgrading        : libsemanage-3.6-1.el9.x86_64                        75/181 
+#8 9.930   Installing       : policycoreutils-3.6-2.1.el9.x86_64                  76/181 
+#8 9.947   Running scriptlet: policycoreutils-3.6-2.1.el9.x86_64                  76/181 
+#8 9.963 Created symlink /etc/systemd/system/sysinit.target.wants/selinux-autorelabel-mark.service → /usr/lib/systemd/system/selinux-autorelabel-mark.service.
+#8 9.963 
+#8 9.969   Upgrading        : systemd-pam-252-32.el9_4.7.x86_64                   77/181 
+#8 9.978   Running scriptlet: systemd-252-32.el9_4.7.x86_64                       78/181 
+#8 10.15   Upgrading        : systemd-252-32.el9_4.7.x86_64                       78/181 
+#8 10.17   Running scriptlet: systemd-252-32.el9_4.7.x86_64                       78/181 
+#8 10.20   Upgrading        : elfutils-default-yama-scope-0.190-2.el9.noarch      79/181 
+#8 10.20   Running scriptlet: elfutils-default-yama-scope-0.190-2.el9.noarch      79/181 
+#8 10.21   Upgrading        : elfutils-libs-0.190-2.el9.x86_64                    80/181 
+#8 10.22   Upgrading        : rpm-build-libs-4.16.1.3-29.el9.x86_64               81/181 
+#8 10.23   Upgrading        : python3-rpm-4.16.1.3-29.el9.x86_64                  82/181 
+#8 10.24   Upgrading        : python3-subscription-manager-rhsm-1.29.40-1.el9.    83/181 
+#8 10.25   Upgrading        : dnf-data-4.14.0-9.el9.noarch                        84/181 
+#8 10.28   Upgrading        : python3-dnf-4.14.0-9.el9.noarch                     85/181 
+#8 10.31   Upgrading        : dnf-4.14.0-9.el9.noarch                             86/181 
+#8 10.31   Running scriptlet: dnf-4.14.0-9.el9.noarch                             86/181 
+#8 10.33   Upgrading        : python3-dnf-plugins-core-4.3.0-13.el9.noarch        87/181 
+#8 10.34   Running scriptlet: subscription-manager-1.29.40-1.el9.x86_64           88/181 
+#8 10.41   Upgrading        : subscription-manager-1.29.40-1.el9.x86_64           88/181 
+#8 10.43   Running scriptlet: subscription-manager-1.29.40-1.el9.x86_64           88/181 
+#8 10.44   Upgrading        : yum-4.14.0-9.el9.noarch                             89/181 
+#8 10.46   Upgrading        : openldap-2.6.6-3.el9.x86_64                         90/181 
+#8 10.47   Upgrading        : crypto-policies-scripts-20240202-1.git283706d.el    91/181 
+#8 10.49   Upgrading        : tar-2:1.34-6.el9_4.1.x86_64                         92/181 
+#8 10.53   Upgrading        : setup-2.13.7-10.el9.noarch                          93/181 
+#8 10.53 warning: /etc/shadow created as /etc/shadow.rpmnew
+#8 10.53 
+#8 10.53   Running scriptlet: setup-2.13.7-10.el9.noarch                          93/181 
+#8 10.54   Upgrading        : gdb-gdbserver-10.2-13.el9.x86_64                    94/181 
+#8 10.55   Cleanup          : crypto-policies-scripts-20230731-1.git94f0e2c.el    95/181 
+#8 10.55   Cleanup          : gdb-gdbserver-10.2-11.1.el9_3.x86_64                96/181 
+#8 10.56   Running scriptlet: subscription-manager-1.29.38-1.el9_3.x86_64         97/181 
+#8 10.57   Cleanup          : subscription-manager-1.29.38-1.el9_3.x86_64         97/181 
+#8 10.57   Running scriptlet: subscription-manager-1.29.38-1.el9_3.x86_64         97/181 
+#8 10.59   Cleanup          : iproute-6.2.0-5.el9.x86_64                          98/181 
+#8 10.60   Cleanup          : libbpf-2:1.2.0-1.el9.x86_64                         99/181 
+#8 10.60   Cleanup          : libsemanage-3.5-2.el9.x86_64                       100/181 
+#8 10.61   Cleanup          : tar-2:1.34-6.el9_1.x86_64                          101/181 
+#8 10.62   Cleanup          : openldap-2.6.3-1.el9.x86_64                        102/181 
+#8 10.63   Cleanup          : python3-dnf-plugins-core-4.3.0-11.el9_3.noarch     103/181 
+#8 10.65   Cleanup          : python3-setuptools-53.0.0-12.el9.noarch            104/181 
+#8 10.66   Cleanup          : yum-4.14.0-8.el9.noarch                            105/181 
+#8 10.66   Running scriptlet: dnf-4.14.0-8.el9.noarch                            106/181 
+#8 10.67   Cleanup          : dnf-4.14.0-8.el9.noarch                            106/181 
+#8 10.67   Running scriptlet: dnf-4.14.0-8.el9.noarch                            106/181 
+#8 10.69   Cleanup          : python3-dnf-4.14.0-8.el9.noarch                    107/181 
+#8 10.69   Cleanup          : setup-2.13.7-9.el9.noarch                          108/181 
+#8 10.70   Cleanup          : libevent-2.1.12-6.el9.x86_64                       109/181 
+#8 10.71   Cleanup          : python3-hawkey-0.69.0-6.el9_3.x86_64               110/181 
+#8 10.71   Cleanup          : python3-libdnf-0.69.0-6.el9_3.x86_64               111/181 
+#8 10.72   Cleanup          : python3-librepo-1.14.5-1.el9.x86_64                112/181 
+#8 10.73   Cleanup          : libdnf-plugin-subscription-manager-1.29.38-1.el9   113/181 
+#8 10.73   Cleanup          : libdnf-0.69.0-6.el9_3.x86_64                       114/181 
+#8 10.75   Cleanup          : libstdc++-11.4.1-2.1.el9.x86_64                    115/181 
+#8 10.76   Cleanup          : librepo-1.14.5-1.el9.x86_64                        116/181 
+#8 10.76   Cleanup          : glib2-2.68.4-11.el9.x86_64                         117/181 
+#8 10.77   Cleanup          : gnutls-3.7.6-23.el9_3.3.x86_64                     118/181 
+#8 10.78   Cleanup          : libxml2-2.9.13-5.el9_3.x86_64                      119/181 
+#8 10.79   Cleanup          : python3-subscription-manager-rhsm-1.29.38-1.el9_   120/181 
+#8 10.79   Cleanup          : python3-rpm-4.16.1.3-27.el9_3.x86_64               121/181 
+#8 10.80   Cleanup          : rpm-build-libs-4.16.1.3-27.el9_3.x86_64            122/181 
+#8 10.80   Cleanup          : elfutils-libs-0.189-3.el9.x86_64                   123/181 
+#8 10.81   Cleanup          : rpm-sign-libs-4.16.1.3-27.el9_3.x86_64             124/181 
+#8 10.82   Cleanup          : rpm-4.16.1.3-27.el9_3.x86_64                       125/181 
+#8 10.83   Cleanup          : rpm-libs-4.16.1.3-27.el9_3.x86_64                  126/181 
+#8 10.83   Cleanup          : file-libs-5.39-14.el9.x86_64                       127/181 
+#8 10.84   Cleanup          : curl-minimal-7.76.1-26.el9_3.3.x86_64              128/181 
+#8 10.85   Cleanup          : libcurl-minimal-7.76.1-26.el9_3.3.x86_64           129/181 
+#8 10.86   Cleanup          : krb5-libs-1.21.1-1.el9.x86_64                      130/181 
+#8 10.86   Cleanup          : libgomp-11.4.1-2.1.el9.x86_64                      131/181 
+#8 10.87   Cleanup          : elfutils-libelf-0.189-3.el9.x86_64                 132/181 
+#8 10.87   Cleanup          : libcom_err-1.46.5-3.el9.x86_64                     133/181 
+#8 10.88   Cleanup          : nettle-3.8-3.el9_0.x86_64                          134/181 
+#8 10.89   Cleanup          : libnghttp2-1.43.0-5.el9_3.1.x86_64                 135/181 
+#8 10.89   Cleanup          : libmnl-1.0.4-15.el9.x86_64                         136/181 
+#8 10.90   Cleanup          : python3-cloud-what-1.29.38-1.el9_3.x86_64          137/181 
+#8 10.90   Cleanup          : python3-requests-2.25.1-7.el9_2.noarch             138/181 
+#8 10.91   Cleanup          : python3-urllib3-1.26.5-3.el9_3.1.noarch            139/181 
+#8 10.91   Cleanup          : elfutils-default-yama-scope-0.189-3.el9.noarch     140/181 
+#8 10.92   Cleanup          : python3-idna-2.10-7.el9.noarch                     141/181 
+#8 10.92   Cleanup          : redhat-release-9.3-0.5.el9.x86_64                  142/181 
+#8 10.93   Cleanup          : dnf-data-4.14.0-8.el9.noarch                       143/181 
+#8 10.94   Cleanup          : systemd-252-18.el9.x86_64                          144/181 
+#8 10.94   Running scriptlet: systemd-252-18.el9.x86_64                          144/181 
+#8 11.01   Cleanup          : util-linux-2.37.4-15.el9.x86_64                    145/181 
+#8 11.02   Cleanup          : util-linux-core-2.37.4-15.el9.x86_64               146/181 
+#8 11.03   Cleanup          : systemd-libs-252-18.el9.x86_64                     147/181 
+#8 11.04   Cleanup          : systemd-pam-252-18.el9.x86_64                      148/181 
+#8 11.05   Cleanup          : pam-1.5.1-15.el9.x86_64                            149/181 
+#8 11.06   Cleanup          : libmount-2.37.4-15.el9.x86_64                      150/181 
+#8 11.07   Cleanup          : libfdisk-2.37.4-15.el9.x86_64                      151/181 
+#8 11.08   Cleanup          : openssl-1:3.0.7-25.el9_3.x86_64                    152/181 
+#8 11.09   Cleanup          : libblkid-2.37.4-15.el9.x86_64                      153/181 
+#8 11.10   Cleanup          : audit-libs-3.0.7-104.el9.x86_64                    154/181 
+#8 11.10   Cleanup          : acl-2.3.1-3.el9.x86_64                             155/181 
+#8 11.11   Cleanup          : dmidecode-1:3.5-1.el9.x86_64                       156/181 
+#8 11.11   Cleanup          : libsmartcols-2.37.4-15.el9.x86_64                  157/181 
+#8 11.13   Cleanup          : python3-libs-3.9.18-1.el9_3.1.x86_64               158/181 
+#8 11.21   Cleanup          : python3-3.9.18-1.el9_3.1.x86_64                    159/181 
+#8 11.34   Cleanup          : python3-pip-wheel-21.2.3-7.el9_3.1.noarch          160/181 
+#8 11.39   Cleanup          : systemd-rpm-macros-252-18.el9.noarch               161/181 
+#8 11.42   Cleanup          : python3-setuptools-wheel-53.0.0-12.el9.noarch      162/181 
+#8 11.47   Cleanup          : openssl-libs-1:3.0.7-25.el9_3.x86_64               163/181 
+#8 11.52   Cleanup          : libuuid-2.37.4-15.el9.x86_64                       164/181 
+#8 11.61   Cleanup          : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no   165/181 
+#8 11.67   Cleanup          : coreutils-single-8.32-34.el9.x86_64                166/181 
+#8 11.76   Cleanup          : p11-kit-trust-0.24.1-2.el9.x86_64                  167/181 
+#8 11.76   Running scriptlet: p11-kit-trust-0.24.1-2.el9.x86_64                  167/181 
+#8 11.79   Cleanup          : libselinux-3.5-1.el9.x86_64                        168/181 
+#8 11.85   Cleanup          : p11-kit-0.24.1-2.el9.x86_64                        169/181 
+#8 11.86   Cleanup          : libsepol-3.5-1.el9.x86_64                          170/181 
+#8 11.87   Cleanup          : expat-2.5.0-1.el9.x86_64                           171/181 
+#8 11.88   Cleanup          : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no   172/181 
+#8 11.88   Cleanup          : pcre2-10.40-2.el9.x86_64                           173/181 
+#8 11.89   Cleanup          : libacl-2.3.1-3.el9.x86_64                          174/181 
+#8 11.89   Cleanup          : pcre2-syntax-10.40-2.el9.noarch                    175/181 
+#8 11.90   Cleanup          : bash-5.1.8-6.el9_1.x86_64                          176/181 
+#8 11.90   Running scriptlet: bash-5.1.8-6.el9_1.x86_64                          176/181 
+#8 11.91   Cleanup          : glibc-2.34-83.el9_3.12.x86_64                      177/181 
+#8 11.92   Cleanup          : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64     178/181 
+#8 11.93   Cleanup          : glibc-common-2.34-83.el9_3.12.x86_64               179/181 
+#8 11.94   Cleanup          : tzdata-2023d-1.el9.noarch                          180/181 
+#8 11.95   Cleanup          : libgcc-11.4.1-2.1.el9.x86_64                       181/181 
+#8 11.95   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       181/181 
+#8 11.97   Running scriptlet: ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no   181/181 
+#8 12.99   Running scriptlet: rpm-4.16.1.3-29.el9.x86_64                         181/181 
+#8 13.00   Running scriptlet: subscription-manager-1.29.40-1.el9.x86_64          181/181 
+#8 13.00   Running scriptlet: crypto-policies-scripts-20240202-1.git283706d.el   181/181 
+#8 13.15   Running scriptlet: libgcc-11.4.1-2.1.el9.x86_64                       181/181 
+#8 13.99   Verifying        : diffutils-3.7-12.el9.x86_64                          1/181 
+#8 13.99   Verifying        : glibc-langpack-en-2.34-100.el9_4.4.x86_64            2/181 
+#8 13.99   Verifying        : libselinux-utils-3.6-1.el9.x86_64                    3/181 
+#8 13.99   Verifying        : openssl-fips-provider-3.0.7-2.el9.x86_64             4/181 
+#8 13.99   Verifying        : policycoreutils-3.6-2.1.el9.x86_64                   5/181 
+#8 13.99   Verifying        : libxcrypt-compat-4.4.18-3.el9.x86_64                 6/181 
+#8 13.99   Verifying        : rpm-plugin-systemd-inhibit-4.16.1.3-29.el9.x86_6     7/181 
+#8 13.99   Verifying        : acl-2.3.1-4.el9.x86_64                               8/181 
+#8 13.99   Verifying        : acl-2.3.1-3.el9.x86_64                               9/181 
+#8 13.99   Verifying        : audit-libs-3.1.2-2.el9.x86_64                       10/181 
+#8 13.99   Verifying        : audit-libs-3.0.7-104.el9.x86_64                     11/181 
+#8 13.99   Verifying        : bash-5.1.8-9.el9.x86_64                             12/181 
+#8 13.99   Verifying        : bash-5.1.8-6.el9_1.x86_64                           13/181 
+#8 13.99   Verifying        : ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.no    14/181 
+#8 13.99   Verifying        : ca-certificates-2023.2.60_v7.0.306-90.1.el9_2.no    15/181 
+#8 13.99   Verifying        : coreutils-single-8.32-35.el9.x86_64                 16/181 
+#8 13.99   Verifying        : coreutils-single-8.32-34.el9.x86_64                 17/181 
+#8 13.99   Verifying        : crypto-policies-20240202-1.git283706d.el9.noarch    18/181 
+#8 13.99   Verifying        : crypto-policies-20230731-1.git94f0e2c.el9_3.1.no    19/181 
+#8 13.99   Verifying        : crypto-policies-scripts-20240202-1.git283706d.el    20/181 
+#8 13.99   Verifying        : crypto-policies-scripts-20230731-1.git94f0e2c.el    21/181 
+#8 13.99   Verifying        : curl-minimal-7.76.1-29.el9_4.1.x86_64               22/181 
+#8 13.99   Verifying        : curl-minimal-7.76.1-26.el9_3.3.x86_64               23/181 
+#8 13.99   Verifying        : dmidecode-1:3.5-3.el9.x86_64                        24/181 
+#8 13.99   Verifying        : dmidecode-1:3.5-1.el9.x86_64                        25/181 
+#8 13.99   Verifying        : dnf-4.14.0-9.el9.noarch                             26/181 
+#8 13.99   Verifying        : dnf-4.14.0-8.el9.noarch                             27/181 
+#8 13.99   Verifying        : dnf-data-4.14.0-9.el9.noarch                        28/181 
+#8 13.99   Verifying        : dnf-data-4.14.0-8.el9.noarch                        29/181 
+#8 13.99   Verifying        : elfutils-default-yama-scope-0.190-2.el9.noarch      30/181 
+#8 13.99   Verifying        : elfutils-default-yama-scope-0.189-3.el9.noarch      31/181 
+#8 13.99   Verifying        : elfutils-libelf-0.190-2.el9.x86_64                  32/181 
+#8 13.99   Verifying        : elfutils-libelf-0.189-3.el9.x86_64                  33/181 
+#8 13.99   Verifying        : elfutils-libs-0.190-2.el9.x86_64                    34/181 
+#8 13.99   Verifying        : elfutils-libs-0.189-3.el9.x86_64                    35/181 
+#8 13.99   Verifying        : expat-2.5.0-2.el9_4.1.x86_64                        36/181 
+#8 13.99   Verifying        : expat-2.5.0-1.el9.x86_64                            37/181 
+#8 13.99   Verifying        : file-libs-5.39-16.el9.x86_64                        38/181 
+#8 13.99   Verifying        : file-libs-5.39-14.el9.x86_64                        39/181 
+#8 13.99   Verifying        : glib2-2.68.4-14.el9_4.1.x86_64                      40/181 
+#8 13.99   Verifying        : glib2-2.68.4-11.el9.x86_64                          41/181 
+#8 13.99   Verifying        : glibc-2.34-100.el9_4.4.x86_64                       42/181 
+#8 13.99   Verifying        : glibc-2.34-83.el9_3.12.x86_64                       43/181 
+#8 13.99   Verifying        : glibc-common-2.34-100.el9_4.4.x86_64                44/181 
+#8 13.99   Verifying        : glibc-common-2.34-83.el9_3.12.x86_64                45/181 
+#8 13.99   Verifying        : glibc-minimal-langpack-2.34-100.el9_4.4.x86_64      46/181 
+#8 13.99   Verifying        : glibc-minimal-langpack-2.34-83.el9_3.12.x86_64      47/181 
+#8 13.99   Verifying        : gnutls-3.8.3-4.el9_4.x86_64                         48/181 
+#8 13.99   Verifying        : gnutls-3.7.6-23.el9_3.3.x86_64                      49/181 
+#8 13.99   Verifying        : iproute-6.2.0-6.el9_4.x86_64                        50/181 
+#8 13.99   Verifying        : iproute-6.2.0-5.el9.x86_64                          51/181 
+#8 13.99   Verifying        : krb5-libs-1.21.1-2.el9_4.x86_64                     52/181 
+#8 13.99   Verifying        : krb5-libs-1.21.1-1.el9.x86_64                       53/181 
+#8 13.99   Verifying        : libacl-2.3.1-4.el9.x86_64                           54/181 
+#8 13.99   Verifying        : libacl-2.3.1-3.el9.x86_64                           55/181 
+#8 13.99   Verifying        : libblkid-2.37.4-18.el9.x86_64                       56/181 
+#8 13.99   Verifying        : libblkid-2.37.4-15.el9.x86_64                       57/181 
+#8 13.99   Verifying        : libbpf-2:1.3.0-2.el9.x86_64                         58/181 
+#8 13.99   Verifying        : libbpf-2:1.2.0-1.el9.x86_64                         59/181 
+#8 13.99   Verifying        : libcom_err-1.46.5-5.el9.x86_64                      60/181 
+#8 13.99   Verifying        : libcom_err-1.46.5-3.el9.x86_64                      61/181 
+#8 13.99   Verifying        : libcurl-minimal-7.76.1-29.el9_4.1.x86_64            62/181 
+#8 13.99   Verifying        : libcurl-minimal-7.76.1-26.el9_3.3.x86_64            63/181 
+#8 13.99   Verifying        : libdnf-0.69.0-8.el9_4.1.x86_64                      64/181 
+#8 13.99   Verifying        : libdnf-0.69.0-6.el9_3.x86_64                        65/181 
+#8 13.99   Verifying        : libdnf-plugin-subscription-manager-1.29.40-1.el9    66/181 
+#8 13.99   Verifying        : libdnf-plugin-subscription-manager-1.29.38-1.el9    67/181 
+#8 13.99   Verifying        : libevent-2.1.12-8.el9_4.x86_64                      68/181 
+#8 13.99   Verifying        : libevent-2.1.12-6.el9.x86_64                        69/181 
+#8 13.99   Verifying        : libfdisk-2.37.4-18.el9.x86_64                       70/181 
+#8 13.99   Verifying        : libfdisk-2.37.4-15.el9.x86_64                       71/181 
+#8 13.99   Verifying        : libgcc-11.4.1-3.el9.x86_64                          72/181 
+#8 13.99   Verifying        : libgcc-11.4.1-2.1.el9.x86_64                        73/181 
+#8 13.99   Verifying        : libgomp-11.4.1-3.el9.x86_64                         74/181 
+#8 13.99   Verifying        : libgomp-11.4.1-2.1.el9.x86_64                       75/181 
+#8 13.99   Verifying        : libmnl-1.0.4-16.el9_4.x86_64                        76/181 
+#8 13.99   Verifying        : libmnl-1.0.4-15.el9.x86_64                          77/181 
+#8 13.99   Verifying        : libmount-2.37.4-18.el9.x86_64                       78/181 
+#8 13.99   Verifying        : libmount-2.37.4-15.el9.x86_64                       79/181 
+#8 14.00   Verifying        : libnghttp2-1.43.0-5.el9_4.3.x86_64                  80/181 
+#8 14.00   Verifying        : libnghttp2-1.43.0-5.el9_3.1.x86_64                  81/181 
+#8 14.00   Verifying        : librepo-1.14.5-2.el9.x86_64                         82/181 
+#8 14.00   Verifying        : librepo-1.14.5-1.el9.x86_64                         83/181 
+#8 14.00   Verifying        : libselinux-3.6-1.el9.x86_64                         84/181 
+#8 14.00   Verifying        : libselinux-3.5-1.el9.x86_64                         85/181 
+#8 14.00   Verifying        : libsemanage-3.6-1.el9.x86_64                        86/181 
+#8 14.00   Verifying        : libsemanage-3.5-2.el9.x86_64                        87/181 
+#8 14.00   Verifying        : libsepol-3.6-1.el9.x86_64                           88/181 
+#8 14.00   Verifying        : libsepol-3.5-1.el9.x86_64                           89/181 
+#8 14.00   Verifying        : libsmartcols-2.37.4-18.el9.x86_64                   90/181 
+#8 14.00   Verifying        : libsmartcols-2.37.4-15.el9.x86_64                   91/181 
+#8 14.00   Verifying        : libstdc++-11.4.1-3.el9.x86_64                       92/181 
+#8 14.00   Verifying        : libstdc++-11.4.1-2.1.el9.x86_64                     93/181 
+#8 14.00   Verifying        : libuuid-2.37.4-18.el9.x86_64                        94/181 
+#8 14.00   Verifying        : libuuid-2.37.4-15.el9.x86_64                        95/181 
+#8 14.00   Verifying        : libxml2-2.9.13-6.el9_4.x86_64                       96/181 
+#8 14.00   Verifying        : libxml2-2.9.13-5.el9_3.x86_64                       97/181 
+#8 14.00   Verifying        : nettle-3.9.1-1.el9.x86_64                           98/181 
+#8 14.00   Verifying        : nettle-3.8-3.el9_0.x86_64                           99/181 
+#8 14.00   Verifying        : openldap-2.6.6-3.el9.x86_64                        100/181 
+#8 14.00   Verifying        : openldap-2.6.3-1.el9.x86_64                        101/181 
+#8 14.00   Verifying        : openssl-1:3.0.7-28.el9_4.x86_64                    102/181 
+#8 14.00   Verifying        : openssl-1:3.0.7-25.el9_3.x86_64                    103/181 
+#8 14.00   Verifying        : openssl-libs-1:3.0.7-28.el9_4.x86_64               104/181 
+#8 14.00   Verifying        : openssl-libs-1:3.0.7-25.el9_3.x86_64               105/181 
+#8 14.00   Verifying        : p11-kit-0.25.3-2.el9.x86_64                        106/181 
+#8 14.00   Verifying        : p11-kit-0.24.1-2.el9.x86_64                        107/181 
+#8 14.00   Verifying        : p11-kit-trust-0.25.3-2.el9.x86_64                  108/181 
+#8 14.00   Verifying        : p11-kit-trust-0.24.1-2.el9.x86_64                  109/181 
+#8 14.00   Verifying        : pam-1.5.1-19.el9.x86_64                            110/181 
+#8 14.00   Verifying        : pam-1.5.1-15.el9.x86_64                            111/181 
+#8 14.00   Verifying        : pcre2-10.40-5.el9.x86_64                           112/181 
+#8 14.00   Verifying        : pcre2-10.40-2.el9.x86_64                           113/181 
+#8 14.00   Verifying        : pcre2-syntax-10.40-5.el9.noarch                    114/181 
+#8 14.00   Verifying        : pcre2-syntax-10.40-2.el9.noarch                    115/181 
+#8 14.00   Verifying        : python3-3.9.18-3.el9_4.6.x86_64                    116/181 
+#8 14.00   Verifying        : python3-3.9.18-1.el9_3.1.x86_64                    117/181 
+#8 14.00   Verifying        : python3-cloud-what-1.29.40-1.el9.x86_64            118/181 
+#8 14.00   Verifying        : python3-cloud-what-1.29.38-1.el9_3.x86_64          119/181 
+#8 14.00   Verifying        : python3-dnf-4.14.0-9.el9.noarch                    120/181 
+#8 14.00   Verifying        : python3-dnf-4.14.0-8.el9.noarch                    121/181 
+#8 14.00   Verifying        : python3-dnf-plugins-core-4.3.0-13.el9.noarch       122/181 
+#8 14.00   Verifying        : python3-dnf-plugins-core-4.3.0-11.el9_3.noarch     123/181 
+#8 14.00   Verifying        : python3-hawkey-0.69.0-8.el9_4.1.x86_64             124/181 
+#8 14.00   Verifying        : python3-hawkey-0.69.0-6.el9_3.x86_64               125/181 
+#8 14.00   Verifying        : python3-idna-2.10-7.el9_4.1.noarch                 126/181 
+#8 14.00   Verifying        : python3-idna-2.10-7.el9.noarch                     127/181 
+#8 14.00   Verifying        : python3-libdnf-0.69.0-8.el9_4.1.x86_64             128/181 
+#8 14.00   Verifying        : python3-libdnf-0.69.0-6.el9_3.x86_64               129/181 
+#8 14.00   Verifying        : python3-librepo-1.14.5-2.el9.x86_64                130/181 
+#8 14.00   Verifying        : python3-librepo-1.14.5-1.el9.x86_64                131/181 
+#8 14.00   Verifying        : python3-libs-3.9.18-3.el9_4.6.x86_64               132/181 
+#8 14.00   Verifying        : python3-libs-3.9.18-1.el9_3.1.x86_64               133/181 
+#8 14.00   Verifying        : python3-pip-wheel-21.2.3-8.el9.noarch              134/181 
+#8 14.00   Verifying        : python3-pip-wheel-21.2.3-7.el9_3.1.noarch          135/181 
+#8 14.00   Verifying        : python3-requests-2.25.1-8.el9.noarch               136/181 
+#8 14.00   Verifying        : python3-requests-2.25.1-7.el9_2.noarch             137/181 
+#8 14.00   Verifying        : python3-rpm-4.16.1.3-29.el9.x86_64                 138/181 
+#8 14.00   Verifying        : python3-rpm-4.16.1.3-27.el9_3.x86_64               139/181 
+#8 14.00   Verifying        : python3-setuptools-53.0.0-12.el9_4.1.noarch        140/181 
+#8 14.00   Verifying        : python3-setuptools-53.0.0-12.el9.noarch            141/181 
+#8 14.00   Verifying        : python3-setuptools-wheel-53.0.0-12.el9_4.1.noarc   142/181 
+#8 14.00   Verifying        : python3-setuptools-wheel-53.0.0-12.el9.noarch      143/181 
+#8 14.00   Verifying        : python3-subscription-manager-rhsm-1.29.40-1.el9.   144/181 
+#8 14.00   Verifying        : python3-subscription-manager-rhsm-1.29.38-1.el9_   145/181 
+#8 14.00   Verifying        : python3-urllib3-1.26.5-5.el9_4.1.noarch            146/181 
+#8 14.00   Verifying        : python3-urllib3-1.26.5-3.el9_3.1.noarch            147/181 
+#8 14.00   Verifying        : redhat-release-9.4-0.5.el9.x86_64                  148/181 
+#8 14.00   Verifying        : redhat-release-9.3-0.5.el9.x86_64                  149/181 
+#8 14.00   Verifying        : rpm-4.16.1.3-29.el9.x86_64                         150/181 
+#8 14.00   Verifying        : rpm-4.16.1.3-27.el9_3.x86_64                       151/181 
+#8 14.00   Verifying        : rpm-build-libs-4.16.1.3-29.el9.x86_64              152/181 
+#8 14.01   Verifying        : rpm-build-libs-4.16.1.3-27.el9_3.x86_64            153/181 
+#8 14.01   Verifying        : rpm-libs-4.16.1.3-29.el9.x86_64                    154/181 
+#8 14.01   Verifying        : rpm-libs-4.16.1.3-27.el9_3.x86_64                  155/181 
+#8 14.01   Verifying        : rpm-sign-libs-4.16.1.3-29.el9.x86_64               156/181 
+#8 14.01   Verifying        : rpm-sign-libs-4.16.1.3-27.el9_3.x86_64             157/181 
+#8 14.01   Verifying        : setup-2.13.7-10.el9.noarch                         158/181 
+#8 14.01   Verifying        : setup-2.13.7-9.el9.noarch                          159/181 
+#8 14.01   Verifying        : subscription-manager-1.29.40-1.el9.x86_64          160/181 
+#8 14.01   Verifying        : subscription-manager-1.29.38-1.el9_3.x86_64        161/181 
+#8 14.01   Verifying        : systemd-252-32.el9_4.7.x86_64                      162/181 
+#8 14.01   Verifying        : systemd-252-18.el9.x86_64                          163/181 
+#8 14.01   Verifying        : systemd-libs-252-32.el9_4.7.x86_64                 164/181 
+#8 14.01   Verifying        : systemd-libs-252-18.el9.x86_64                     165/181 
+#8 14.01   Verifying        : systemd-pam-252-32.el9_4.7.x86_64                  166/181 
+#8 14.01   Verifying        : systemd-pam-252-18.el9.x86_64                      167/181 
+#8 14.01   Verifying        : systemd-rpm-macros-252-32.el9_4.7.noarch           168/181 
+#8 14.01   Verifying        : systemd-rpm-macros-252-18.el9.noarch               169/181 
+#8 14.01   Verifying        : tar-2:1.34-6.el9_4.1.x86_64                        170/181 
+#8 14.01   Verifying        : tar-2:1.34-6.el9_1.x86_64                          171/181 
+#8 14.01   Verifying        : tzdata-2024b-2.el9.noarch                          172/181 
+#8 14.01   Verifying        : tzdata-2023d-1.el9.noarch                          173/181 
+#8 14.01   Verifying        : util-linux-2.37.4-18.el9.x86_64                    174/181 
+#8 14.01   Verifying        : util-linux-2.37.4-15.el9.x86_64                    175/181 
+#8 14.01   Verifying        : util-linux-core-2.37.4-18.el9.x86_64               176/181 
+#8 14.01   Verifying        : util-linux-core-2.37.4-15.el9.x86_64               177/181 
+#8 14.01   Verifying        : yum-4.14.0-9.el9.noarch                            178/181 
+#8 14.01   Verifying        : yum-4.14.0-8.el9.noarch                            179/181 
+#8 14.01   Verifying        : gdb-gdbserver-10.2-13.el9.x86_64                   180/181 
+#8 14.01   Verifying        : gdb-gdbserver-10.2-11.1.el9_3.x86_64               181/181 
+#8 14.26 Installed products updated.
+#8 14.33 
+#8 14.33 Upgraded:
+#8 14.33   acl-2.3.1-4.el9.x86_64                                                        
+#8 14.33   audit-libs-3.1.2-2.el9.x86_64                                                 
+#8 14.33   bash-5.1.8-9.el9.x86_64                                                       
+#8 14.33   ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch                          
+#8 14.33   coreutils-single-8.32-35.el9.x86_64                                           
+#8 14.33   crypto-policies-20240202-1.git283706d.el9.noarch                              
+#8 14.33   crypto-policies-scripts-20240202-1.git283706d.el9.noarch                      
+#8 14.33   curl-minimal-7.76.1-29.el9_4.1.x86_64                                         
+#8 14.33   dmidecode-1:3.5-3.el9.x86_64                                                  
+#8 14.33   dnf-4.14.0-9.el9.noarch                                                       
+#8 14.33   dnf-data-4.14.0-9.el9.noarch                                                  
+#8 14.33   elfutils-default-yama-scope-0.190-2.el9.noarch                                
+#8 14.33   elfutils-libelf-0.190-2.el9.x86_64                                            
+#8 14.33   elfutils-libs-0.190-2.el9.x86_64                                              
+#8 14.33   expat-2.5.0-2.el9_4.1.x86_64                                                  
+#8 14.33   file-libs-5.39-16.el9.x86_64                                                  
+#8 14.33   gdb-gdbserver-10.2-13.el9.x86_64                                              
+#8 14.33   glib2-2.68.4-14.el9_4.1.x86_64                                                
+#8 14.33   glibc-2.34-100.el9_4.4.x86_64                                                 
+#8 14.33   glibc-common-2.34-100.el9_4.4.x86_64                                          
+#8 14.33   glibc-minimal-langpack-2.34-100.el9_4.4.x86_64                                
+#8 14.33   gnutls-3.8.3-4.el9_4.x86_64                                                   
+#8 14.33   iproute-6.2.0-6.el9_4.x86_64                                                  
+#8 14.33   krb5-libs-1.21.1-2.el9_4.x86_64                                               
+#8 14.33   libacl-2.3.1-4.el9.x86_64                                                     
+#8 14.33   libblkid-2.37.4-18.el9.x86_64                                                 
+#8 14.33   libbpf-2:1.3.0-2.el9.x86_64                                                   
+#8 14.33   libcom_err-1.46.5-5.el9.x86_64                                                
+#8 14.33   libcurl-minimal-7.76.1-29.el9_4.1.x86_64                                      
+#8 14.33   libdnf-0.69.0-8.el9_4.1.x86_64                                                
+#8 14.33   libdnf-plugin-subscription-manager-1.29.40-1.el9.x86_64                       
+#8 14.33   libevent-2.1.12-8.el9_4.x86_64                                                
+#8 14.33   libfdisk-2.37.4-18.el9.x86_64                                                 
+#8 14.33   libgcc-11.4.1-3.el9.x86_64                                                    
+#8 14.33   libgomp-11.4.1-3.el9.x86_64                                                   
+#8 14.33   libmnl-1.0.4-16.el9_4.x86_64                                                  
+#8 14.33   libmount-2.37.4-18.el9.x86_64                                                 
+#8 14.33   libnghttp2-1.43.0-5.el9_4.3.x86_64                                            
+#8 14.33   librepo-1.14.5-2.el9.x86_64                                                   
+#8 14.33   libselinux-3.6-1.el9.x86_64                                                   
+#8 14.33   libsemanage-3.6-1.el9.x86_64                                                  
+#8 14.33   libsepol-3.6-1.el9.x86_64                                                     
+#8 14.33   libsmartcols-2.37.4-18.el9.x86_64                                             
+#8 14.33   libstdc++-11.4.1-3.el9.x86_64                                                 
+#8 14.33   libuuid-2.37.4-18.el9.x86_64                                                  
+#8 14.33   libxml2-2.9.13-6.el9_4.x86_64                                                 
+#8 14.33   nettle-3.9.1-1.el9.x86_64                                                     
+#8 14.33   openldap-2.6.6-3.el9.x86_64                                                   
+#8 14.33   openssl-1:3.0.7-28.el9_4.x86_64                                               
+#8 14.33   openssl-libs-1:3.0.7-28.el9_4.x86_64                                          
+#8 14.33   p11-kit-0.25.3-2.el9.x86_64                                                   
+#8 14.33   p11-kit-trust-0.25.3-2.el9.x86_64                                             
+#8 14.33   pam-1.5.1-19.el9.x86_64                                                       
+#8 14.33   pcre2-10.40-5.el9.x86_64                                                      
+#8 14.33   pcre2-syntax-10.40-5.el9.noarch                                               
+#8 14.33   python3-3.9.18-3.el9_4.6.x86_64                                               
+#8 14.33   python3-cloud-what-1.29.40-1.el9.x86_64                                       
+#8 14.33   python3-dnf-4.14.0-9.el9.noarch                                               
+#8 14.33   python3-dnf-plugins-core-4.3.0-13.el9.noarch                                  
+#8 14.33   python3-hawkey-0.69.0-8.el9_4.1.x86_64                                        
+#8 14.33   python3-idna-2.10-7.el9_4.1.noarch                                            
+#8 14.33   python3-libdnf-0.69.0-8.el9_4.1.x86_64                                        
+#8 14.33   python3-librepo-1.14.5-2.el9.x86_64                                           
+#8 14.33   python3-libs-3.9.18-3.el9_4.6.x86_64                                          
+#8 14.33   python3-pip-wheel-21.2.3-8.el9.noarch                                         
+#8 14.33   python3-requests-2.25.1-8.el9.noarch                                          
+#8 14.33   python3-rpm-4.16.1.3-29.el9.x86_64                                            
+#8 14.33   python3-setuptools-53.0.0-12.el9_4.1.noarch                                   
+#8 14.33   python3-setuptools-wheel-53.0.0-12.el9_4.1.noarch                             
+#8 14.33   python3-subscription-manager-rhsm-1.29.40-1.el9.x86_64                        
+#8 14.33   python3-urllib3-1.26.5-5.el9_4.1.noarch                                       
+#8 14.33   redhat-release-9.4-0.5.el9.x86_64                                             
+#8 14.33   rpm-4.16.1.3-29.el9.x86_64                                                    
+#8 14.33   rpm-build-libs-4.16.1.3-29.el9.x86_64                                         
+#8 14.33   rpm-libs-4.16.1.3-29.el9.x86_64                                               
+#8 14.33   rpm-sign-libs-4.16.1.3-29.el9.x86_64                                          
+#8 14.33   setup-2.13.7-10.el9.noarch                                                    
+#8 14.33   subscription-manager-1.29.40-1.el9.x86_64                                     
+#8 14.33   systemd-252-32.el9_4.7.x86_64                                                 
+#8 14.33   systemd-libs-252-32.el9_4.7.x86_64                                            
+#8 14.33   systemd-pam-252-32.el9_4.7.x86_64                                             
+#8 14.33   systemd-rpm-macros-252-32.el9_4.7.noarch                                      
+#8 14.33   tar-2:1.34-6.el9_4.1.x86_64                                                   
+#8 14.33   tzdata-2024b-2.el9.noarch                                                     
+#8 14.33   util-linux-2.37.4-18.el9.x86_64                                               
+#8 14.33   util-linux-core-2.37.4-18.el9.x86_64                                          
+#8 14.33   yum-4.14.0-9.el9.noarch                                                       
+#8 14.33 Installed:
+#8 14.33   diffutils-3.7-12.el9.x86_64                                                   
+#8 14.33   glibc-langpack-en-2.34-100.el9_4.4.x86_64                                     
+#8 14.33   libselinux-utils-3.6-1.el9.x86_64                                             
+#8 14.33   libxcrypt-compat-4.4.18-3.el9.x86_64                                          
+#8 14.33   openssl-fips-provider-3.0.7-2.el9.x86_64                                      
+#8 14.33   policycoreutils-3.6-2.1.el9.x86_64                                            
+#8 14.33   rpm-plugin-systemd-inhibit-4.16.1.3-29.el9.x86_64                             
+#8 14.33 
+#8 14.33 Complete!
+#8 DONE 14.6s
 
 #6 [3/5] COPY docker/licenses /licenses
 #6 DONE 0.0s
 
 #5 [4/5] RUN yum install --disablerepo=* --enablerepo=ubi-9-appstream-rpms ...
-#5 0.454 Updating Subscription Management repositories.
-#5 0.455 Unable to read consumer identity
-#5 0.460 
-#5 0.460 This system is not registered with an entitlement server. You can use subscription-manager to register.
-#5 0.460 
-#5 0.544 Last metadata expiration check: 0:00:14 ago on Wed Nov  6 09:39:36 2024.
-#5 0.564 Package ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch is already installed.
-#5 0.565 Package tar-2:1.34-6.el9_4.1.x86_64 is already installed.
-#5 0.566 Package gzip-1.12-1.el9.x86_64 is already installed.
-#5 0.589 Dependencies resolved.
-#5 0.590 ================================================================================
-#5 0.590  Package                  Arch    Version           Repository             Size
-#5 0.590 ================================================================================
-#5 0.590 Installing:
-#5 0.590  wget                     x86_64  1.21.1-8.el9_4    ubi-9-appstream-rpms  789 k
-#5 0.590 Installing dependencies:
-#5 0.590  libpsl                   x86_64  0.21.1-5.el9      ubi-9-baseos-rpms      66 k
-#5 0.590  publicsuffix-list-dafsa  noarch  20210518-3.el9    ubi-9-baseos-rpms      59 k
-#5 0.590 
-#5 0.590 Transaction Summary
-#5 0.590 ================================================================================
-#5 0.590 Install  3 Packages
-#5 0.590 
-#5 0.591 Total download size: 914 k
-#5 0.591 Installed size: 3.2 M
-#5 0.592 Downloading Packages:
-#5 0.758 (1/3): libpsl-0.21.1-5.el9.x86_64.rpm           400 kB/s |  66 kB     00:00    
-#5 0.769 (2/3): publicsuffix-list-dafsa-20210518-3.el9.n 338 kB/s |  59 kB     00:00    
-#5 0.808 (3/3): wget-1.21.1-8.el9_4.x86_64.rpm           3.6 MB/s | 789 kB     00:00    
-#5 0.812 --------------------------------------------------------------------------------
-#5 0.813 Total                                           4.0 MB/s | 914 kB     00:00     
-#5 0.856 Running transaction check
-#5 0.869 Transaction check succeeded.
-#5 0.869 Running transaction test
-#5 0.915 Transaction test succeeded.
-#5 0.915 Running transaction
-#5 0.985   Preparing        :                                                        1/1 
-#5 1.020   Installing       : publicsuffix-list-dafsa-20210518-3.el9.noarch          1/3 
-#5 1.027   Installing       : libpsl-0.21.1-5.el9.x86_64                             2/3 
-#5 1.041   Installing       : wget-1.21.1-8.el9_4.x86_64                             3/3 
-#5 1.059   Running scriptlet: wget-1.21.1-8.el9_4.x86_64                             3/3 
-#5 1.109   Verifying        : libpsl-0.21.1-5.el9.x86_64                             1/3 
-#5 1.109   Verifying        : publicsuffix-list-dafsa-20210518-3.el9.noarch          2/3 
-#5 1.109   Verifying        : wget-1.21.1-8.el9_4.x86_64                             3/3 
-#5 1.173 Installed products updated.
-#5 1.183 
-#5 1.183 Installed:
-#5 1.183   libpsl-0.21.1-5.el9.x86_64    publicsuffix-list-dafsa-20210518-3.el9.noarch   
-#5 1.183   wget-1.21.1-8.el9_4.x86_64   
-#5 1.183 
-#5 1.183 Complete!
-#5 1.534 Updating Subscription Management repositories.
-#5 1.535 Unable to read consumer identity
-#5 1.538 
-#5 1.538 This system is not registered with an entitlement server. You can use subscription-manager to register.
-#5 1.538 
-#5 1.545 17 files removed
-#5 1.612 --2024-11-06 09:39:51--  https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
-#5 1.712 Resolving github.com (github.com)... 140.82.114.4
-#5 1.729 Connecting to github.com (github.com)|140.82.114.4|:443... connected.
-#5 1.829 HTTP request sent, awaiting response... 302 Found
-#5 1.905 Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.108.133, ...
-#5 1.909 Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
-#5 1.949 HTTP request sent, awaiting response... 200 OK
-#5 2.104 Length: 39771622 (38M) [application/octet-stream]
-#5 2.104 Saving to: 'STDOUT'
-#5 2.104 
-#5 2.104      0K .......... .......... .......... .......... ..........  0% 3.39M 11s
-#5 2.119     50K .......... .......... .......... .......... ..........  0% 3.60M 11s
-#5 2.132    100K .......... .......... .......... .......... ..........  0% 15.1M 8s
-#5 2.135    150K .......... .......... .......... .......... ..........  0% 16.7M 7s
-#5 2.138    200K .......... .......... .......... .......... ..........  0% 7.58M 6s
-#5 2.145    250K .......... .......... .......... .......... ..........  0% 17.5M 6s
-#5 2.148    300K .......... .......... .......... .......... ..........  0% 32.7M 5s
-#5 2.149    350K .......... .......... .......... .......... ..........  1% 11.8M 5s
-#5 2.153    400K .......... .......... .......... .......... ..........  1%  354M 4s
-#5 2.153    450K .......... .......... .......... .......... ..........  1% 10.2M 4s
-#5 2.158    500K .......... .......... .......... .......... ..........  1% 43.0M 4s
-#5 2.159    550K .......... .......... .......... .......... ..........  1% 26.1M 4s
-#5 2.161    600K .......... .......... .......... .......... ..........  1% 10.3M 4s
-#5 2.166    650K .......... .......... .......... .......... ..........  1%  111M 3s
-#5 2.166    700K .......... .......... .......... .......... ..........  1% 77.2M 3s
-#5 2.167    750K .......... .......... .......... .......... ..........  2% 71.7M 3s
-#5 2.168    800K .......... .......... .......... .......... ..........  2% 65.2M 3s
-#5 2.169    850K .......... .......... .......... .......... ..........  2%  135M 3s
-#5 2.176    900K .......... .......... .......... .......... ..........  2% 7.89M 3s
-#5 2.176    950K .......... .......... .......... .......... ..........  2%  346M 3s
-#5 2.176   1000K .......... .......... .......... .......... ..........  2%  395M 3s
-#5 2.176   1050K .......... .......... .......... .......... ..........  2%  232M 2s
-#5 2.176   1100K .......... .......... .......... .......... ..........  2% 19.8M 2s
-#5 2.182   1150K .......... .......... .......... .......... ..........  3% 10.7M 2s
-#5 2.182   1200K .......... .......... .......... .......... ..........  3%  108M 2s
-#5 2.183   1250K .......... .......... .......... .......... ..........  3% 96.7M 2s
-#5 2.184   1300K .......... .......... .......... .......... ..........  3%  301M 2s
-#5 2.184   1350K .......... .......... .......... .......... ..........  3% 97.5M 2s
-#5 2.184   1400K .......... .......... .......... .......... ..........  3% 12.1M 2s
-#5 2.188   1450K .......... .......... .......... .......... ..........  3%  168M 2s
-#5 2.189   1500K .......... .......... .......... .......... ..........  3% 61.3M 2s
-#5 2.189   1550K .......... .......... .......... .......... ..........  4%  109M 2s
-#5 2.190   1600K .......... .......... .......... .......... ..........  4% 83.3M 2s
-#5 2.190   1650K .......... .......... .......... .......... ..........  4% 20.0M 2s
-#5 2.193   1700K .......... .......... .......... .......... ..........  4%  164M 2s
-#5 2.193   1750K .......... .......... .......... .......... ..........  4%  323M 2s
-#5 2.194   1800K .......... .......... .......... .......... ..........  4% 84.1M 2s
-#5 2.194   1850K .......... .......... .......... .......... ..........  4% 69.9M 2s
-#5 2.194   1900K .......... .......... .......... .......... ..........  5% 30.6M 2s
-#5 2.196   1950K .......... .......... .......... .......... ..........  5%  369M 2s
-#5 2.196   2000K .......... .......... .......... .......... ..........  5%  130M 2s
-#5 2.197   2050K .......... .......... .......... .......... ..........  5%  375M 2s
-#5 2.197   2100K .......... .......... .......... .......... ..........  5% 40.7M 2s
-#5 2.198   2150K .......... .......... .......... .......... ..........  5% 27.3M 2s
-#5 2.199   2200K .......... .......... .......... .......... ..........  5% 28.9M 2s
-#5 2.202   2250K .......... .......... .......... .......... ..........  5%  373M 2s
-#5 2.202   2300K .......... .......... .......... .......... ..........  6% 28.7M 2s
-#5 2.203   2350K .......... .......... .......... .......... ..........  6% 18.3M 2s
-#5 2.206   2400K .......... .......... .......... .......... ..........  6% 9.61M 2s
-#5 2.211   2450K .......... .......... .......... .......... ..........  6% 97.2M 2s
-#5 2.212   2500K .......... .......... .......... .......... ..........  6% 96.1M 2s
-#5 2.212   2550K .......... .......... .......... .......... ..........  6%  152M 2s
-#5 2.212   2600K .......... .......... .......... .......... ..........  6% 89.2M 1s
-#5 2.213   2650K .......... .......... .......... .......... ..........  6% 89.0M 1s
-#5 2.224   2700K .......... .......... .......... .......... ..........  7% 4.59M 2s
-#5 2.224   2750K .......... .......... .......... .......... ..........  7% 84.4M 2s
-#5 2.225   2800K .......... .......... .......... .......... ..........  7% 70.6M 2s
-#5 2.226   2850K .......... .......... .......... .......... ..........  7%  242M 2s
-#5 2.227   2900K .......... .......... .......... .......... ..........  7% 4.97M 2s
-#5 2.235   2950K .......... .......... .......... .......... ..........  7% 96.7M 2s
-#5 2.238   3000K .......... .......... .......... .......... ..........  7%  259M 2s
-#5 2.238   3050K .......... .......... .......... .......... ..........  7%  132M 2s
-#5 2.238   3100K .......... .......... .......... .......... ..........  8% 54.7M 2s
-#5 2.238   3150K .......... .......... .......... .......... ..........  8% 47.6M 1s
-#5 2.238   3200K .......... .......... .......... .......... ..........  8% 5.40M 2s
-#5 2.247   3250K .......... .......... .......... .......... ..........  8% 97.5M 2s
-#5 2.248   3300K .......... .......... .......... .......... ..........  8%  226M 2s
-#5 2.248   3350K .......... .......... .......... .......... ..........  8% 90.2M 2s
-#5 2.249   3400K .......... .......... .......... .......... ..........  8% 52.4M 1s
-#5 2.250   3450K .......... .......... .......... .......... ..........  9% 7.63M 2s
-#5 2.256   3500K .......... .......... .......... .......... ..........  9%  107M 2s
-#5 2.256   3550K .......... .......... .......... .......... ..........  9%  112M 1s
-#5 2.257   3600K .......... .......... .......... .......... ..........  9% 76.2M 1s
-#5 2.257   3650K .......... .......... .......... .......... ..........  9% 45.2M 1s
-#5 2.258   3700K .......... .......... .......... .......... ..........  9% 20.9M 1s
-#5 2.261   3750K .......... .......... .......... .......... ..........  9%  192M 1s
-#5 2.261   3800K .......... .......... .......... .......... ..........  9% 91.0M 1s
-#5 2.262   3850K .......... .......... .......... .......... .......... 10% 80.4M 1s
-#5 2.262   3900K .......... .......... .......... .......... .......... 10% 21.4M 1s
-#5 2.264   3950K .......... .......... .......... .......... .......... 10% 16.2M 1s
-#5 2.268   4000K .......... .......... .......... .......... .......... 10% 40.9M 1s
-#5 2.269   4050K .......... .......... .......... .......... .......... 10%  365M 1s
-#5 2.271   4100K .......... .......... .......... .......... .......... 10% 26.0M 1s
-#5 2.271   4150K .......... .......... .......... .......... .......... 10% 40.5M 1s
-#5 2.272   4200K .......... .......... .......... .......... .......... 10% 8.26M 1s
-#5 2.278   4250K .......... .......... .......... .......... .......... 11% 84.8M 1s
-#5 2.278   4300K .......... .......... .......... .......... .......... 11%  139M 1s
-#5 2.280   4350K .......... .......... .......... .......... .......... 11% 56.7M 1s
-#5 2.280   4400K .......... .......... .......... .......... .......... 11% 50.2M 1s
-#5 2.281   4450K .......... .......... .......... .......... .......... 11% 4.96M 1s
-#5 2.291   4500K .......... .......... .......... .......... .......... 11%  330M 1s
-#5 2.291   4550K .......... .......... .......... .......... .......... 11% 32.4M 1s
-#5 2.292   4600K .......... .......... .......... .......... .......... 11% 30.4M 1s
-#5 2.294   4650K .......... .......... .......... .......... .......... 12% 34.6M 1s
-#5 2.295   4700K .......... .......... .......... .......... .......... 12% 5.85M 1s
-#5 2.303   4750K .......... .......... .......... .......... .......... 12%  407M 1s
-#5 2.303   4800K .......... .......... .......... .......... .......... 12% 40.6M 1s
-#5 2.305   4850K .......... .......... .......... .......... .......... 12% 26.0M 1s
-#5 2.307   4900K .......... .......... .......... .......... .......... 12% 36.5M 1s
-#5 2.308   4950K .......... .......... .......... .......... .......... 12%  234M 1s
-#5 2.316   5000K .......... .......... .......... .......... .......... 13% 5.00M 1s
-#5 2.318   5050K .......... .......... .......... .......... .......... 13% 25.8M 1s
-#5 2.320   5100K .......... .......... .......... .......... .......... 13% 22.1M 1s
-#5 2.322   5150K .......... .......... .......... .......... .......... 13%  114M 1s
-#5 2.323   5200K .......... .......... .......... .......... .......... 13% 70.5M 1s
-#5 2.323   5250K .......... .......... .......... .......... .......... 13% 9.62M 1s
-#5 2.328   5300K .......... .......... .......... .......... .......... 13% 51.5M 1s
-#5 2.330   5350K .......... .......... .......... .......... .......... 13%  109M 1s
-#5 2.330   5400K .......... .......... .......... .......... .......... 14% 92.4M 1s
-#5 2.330   5450K .......... .......... .......... .......... .......... 14% 33.3M 1s
-#5 2.332   5500K .......... .......... .......... .......... .......... 14% 10.6M 1s
-#5 2.336   5550K .......... .......... .......... .......... .......... 14% 31.1M 1s
-#5 2.338   5600K .......... .......... .......... .......... .......... 14%  102M 1s
-#5 2.338   5650K .......... .......... .......... .......... .......... 14% 31.2M 1s
-#5 2.340   5700K .......... .......... .......... .......... .......... 14% 44.1M 1s
-#5 2.341   5750K .......... .......... .......... .......... .......... 14% 13.3M 1s
-#5 2.345   5800K .......... .......... .......... .......... .......... 15% 49.2M 1s
-#5 2.346   5850K .......... .......... .......... .......... .......... 15% 57.6M 1s
-#5 2.347   5900K .......... .......... .......... .......... .......... 15%  246M 1s
-#5 2.348   5950K .......... .......... .......... .......... .......... 15% 46.9M 1s
-#5 2.348   6000K .......... .......... .......... .......... .......... 15% 5.12M 1s
-#5 2.357   6050K .......... .......... .......... .......... .......... 15%  241M 1s
-#5 2.357   6100K .......... .......... .......... .......... .......... 15% 30.4M 1s
-#5 2.359   6150K .......... .......... .......... .......... .......... 15% 32.8M 1s
-#5 2.361   6200K .......... .......... .......... .......... .......... 16%  258M 1s
-#5 2.361   6250K .......... .......... .......... .......... .......... 16% 5.03M 1s
-#5 2.370   6300K .......... .......... .......... .......... .......... 16% 33.1M 1s
-#5 2.372   6350K .......... .......... .......... .......... .......... 16%  278M 1s
-#5 2.372   6400K .......... .......... .......... .......... .......... 16% 29.8M 1s
-#5 2.374   6450K .......... .......... .......... .......... .......... 16%  295M 1s
-#5 2.374   6500K .......... .......... .......... .......... .......... 16% 4.87M 1s
-#5 2.384   6550K .......... .......... .......... .......... .......... 16%  236M 1s
-#5 2.384   6600K .......... .......... .......... .......... .......... 17% 34.8M 1s
-#5 2.386   6650K .......... .......... .......... .......... .......... 17% 26.5M 1s
-#5 2.388   6700K .......... .......... .......... .......... .......... 17% 13.6M 1s
-#5 2.391   6750K .......... .......... .......... .......... .......... 17% 5.83M 1s
-#5 2.400   6800K .......... .......... .......... .......... .......... 17% 93.7M 1s
-#5 2.400   6850K .......... .......... .......... .......... .......... 17% 47.5M 1s
-#5 2.401   6900K .......... .......... .......... .......... .......... 17% 50.4M 1s
-#5 2.402   6950K .......... .......... .......... .......... .......... 18% 28.0M 1s
-#5 2.404   7000K .......... .......... .......... .......... .......... 18% 6.04M 1s
-#5 2.412   7050K .......... .......... .......... .......... .......... 18% 33.0M 1s
-#5 2.413   7100K .......... .......... .......... .......... .......... 18% 30.6M 1s
-#5 2.416   7150K .......... .......... .......... .......... .......... 18% 61.2M 1s
-#5 2.416   7200K .......... .......... .......... .......... .......... 18% 33.8M 1s
-#5 2.418   7250K .......... .......... .......... .......... .......... 18%  310M 1s
-#5 2.420   7300K .......... .......... .......... .......... .......... 18% 13.4M 1s
-#5 2.421   7350K .......... .......... .......... .......... .......... 19% 47.8M 1s
-#5 2.422   7400K .......... .......... .......... .......... .......... 19% 31.1M 1s
-#5 2.424   7450K .......... .......... .......... .......... .......... 19%  299M 1s
-#5 2.424   7500K .......... .......... .......... .......... .......... 19% 45.4M 1s
-#5 2.428   7550K .......... .......... .......... .......... .......... 19% 18.1M 1s
-#5 2.428   7600K .......... .......... .......... .......... .......... 19% 99.5M 1s
-#5 2.428   7650K .......... .......... .......... .......... .......... 19% 50.2M 1s
-#5 2.429   7700K .......... .......... .......... .......... .......... 19%  316M 1s
-#5 2.430   7750K .......... .......... .......... .......... .......... 20% 44.7M 1s
-#5 2.430   7800K .......... .......... .......... .......... .......... 20% 16.5M 1s
-#5 2.433   7850K .......... .......... .......... .......... .......... 20% 54.3M 1s
-#5 2.434   7900K .......... .......... .......... .......... .......... 20% 37.3M 1s
-#5 2.435   7950K .......... .......... .......... .......... .......... 20%  358M 1s
-#5 2.435   8000K .......... .......... .......... .......... .......... 20% 46.1M 1s
-#5 2.437   8050K .......... .......... .......... .......... .......... 20% 10.5M 1s
-#5 2.441   8100K .......... .......... .......... .......... .......... 20% 32.8M 1s
-#5 2.443   8150K .......... .......... .......... .......... .......... 21%  125M 1s
-#5 2.443   8200K .......... .......... .......... .......... .......... 21% 23.4M 1s
-#5 2.445   8250K .......... .......... .......... .......... .......... 21%  301M 1s
-#5 2.446   8300K .......... .......... .......... .......... .......... 21% 4.26M 1s
-#5 2.457   8350K .......... .......... .......... .......... .......... 21% 52.2M 1s
-#5 2.458   8400K .......... .......... .......... .......... .......... 21% 70.6M 1s
-#5 2.458   8450K .......... .......... .......... .......... .......... 21% 24.1M 1s
-#5 2.462   8500K .......... .......... .......... .......... .......... 22% 32.8M 1s
-#5 2.462   8550K .......... .......... .......... .......... .......... 22% 4.80M 1s
-#5 2.472   8600K .......... .......... .......... .......... .......... 22% 48.6M 1s
-#5 2.473   8650K .......... .......... .......... .......... .......... 22% 36.4M 1s
-#5 2.474   8700K .......... .......... .......... .......... .......... 22% 35.5M 1s
-#5 2.476   8750K .......... .......... .......... .......... .......... 22% 22.0M 1s
-#5 2.478   8800K .......... .......... .......... .......... .......... 22% 5.06M 1s
-#5 2.488   8850K .......... .......... .......... .......... .......... 22%  308M 1s
-#5 2.489   8900K .......... .......... .......... .......... .......... 23% 37.3M 1s
-#5 2.489   8950K .......... .......... .......... .......... .......... 23% 26.4M 1s
-#5 2.491   9000K .......... .......... .......... .......... .......... 23% 17.0M 1s
-#5 2.494   9050K .......... .......... .......... .......... .......... 23% 8.00M 1s
-#5 2.500   9100K .......... .......... .......... .......... .......... 23%  129M 1s
-#5 2.500   9150K .......... .......... .......... .......... .......... 23% 90.1M 1s
-#5 2.501   9200K .......... .......... .......... .......... .......... 23% 90.0M 1s
-#5 2.501   9250K .......... .......... .......... .......... .......... 23% 77.1M 1s
-#5 2.502   9300K .......... .......... .......... .......... .......... 24% 92.4M 1s
-#5 2.506   9350K .......... .......... .......... .......... .......... 24% 11.2M 1s
-#5 2.507   9400K .......... .......... .......... .......... .......... 24% 61.0M 1s
-#5 2.508   9450K .......... .......... .......... .......... .......... 24% 53.2M 1s
-#5 2.510   9500K .......... .......... .......... .......... .......... 24%  374M 1s
-#5 2.510   9550K .......... .......... .......... .......... .......... 24%  173M 1s
-#5 2.510   9600K .......... .......... .......... .......... .......... 24% 12.0M 1s
-#5 2.513   9650K .......... .......... .......... .......... .......... 24% 92.3M 1s
-#5 2.514   9700K .......... .......... .......... .......... .......... 25% 81.6M 1s
-#5 2.515   9750K .......... .......... .......... .......... .......... 25% 45.4M 1s
-#5 2.515   9800K .......... .......... .......... .......... .......... 25%  320M 1s
-#5 2.515   9850K .......... .......... .......... .......... .......... 25% 16.4M 1s
-#5 2.520   9900K .......... .......... .......... .......... .......... 25% 56.8M 1s
-#5 2.520   9950K .......... .......... .......... .......... .......... 25%  118M 1s
-#5 2.520  10000K .......... .......... .......... .......... .......... 25% 51.6M 1s
-#5 2.522  10050K .......... .......... .......... .......... .......... 26% 17.6M 1s
-#5 2.524  10100K .......... .......... .......... .......... .......... 26% 19.3M 1s
-#5 2.527  10150K .......... .......... .......... .......... .......... 26%  103M 1s
-#5 2.527  10200K .......... .......... .......... .......... .......... 26%  148M 1s
-#5 2.527  10250K .......... .......... .......... .......... .......... 26%  159M 1s
-#5 2.527  10300K .......... .......... .......... .......... .......... 26% 14.6M 1s
-#5 2.530  10350K .......... .......... .......... .......... .......... 26% 6.54M 1s
-#5 2.538  10400K .......... .......... .......... .......... .......... 26% 63.8M 1s
-#5 2.539  10450K .......... .......... .......... .......... .......... 27% 75.9M 1s
-#5 2.539  10500K .......... .......... .......... .......... .......... 27% 67.7M 1s
-#5 2.540  10550K .......... .......... .......... .......... .......... 27% 52.1M 1s
-#5 2.541  10600K .......... .......... .......... .......... .......... 27% 3.85M 1s
-#5 2.555  10650K .......... .......... .......... .......... .......... 27% 53.2M 1s
-#5 2.555  10700K .......... .......... .......... .......... .......... 27% 86.2M 1s
-#5 2.556  10750K .......... .......... .......... .......... .......... 27% 29.1M 1s
-#5 2.557  10800K .......... .......... .......... .......... .......... 27%  103M 1s
-#5 2.557  10850K .......... .......... .......... .......... .......... 28% 4.37M 1s
-#5 2.568  10900K .......... .......... .......... .......... .......... 28%  431M 1s
-#5 2.569  10950K .......... .......... .......... .......... .......... 28% 42.4M 1s
-#5 2.570  11000K .......... .......... .......... .......... .......... 28% 80.2M 1s
-#5 2.571  11050K .......... .......... .......... .......... .......... 28% 34.7M 1s
-#5 2.572  11100K .......... .......... .......... .......... .......... 28% 4.50M 1s
-#5 2.583  11150K .......... .......... .......... .......... .......... 28% 69.0M 1s
-#5 2.583  11200K .......... .......... .......... .......... .......... 28% 70.4M 1s
-#5 2.584  11250K .......... .......... .......... .......... .......... 29% 73.7M 1s
-#5 2.585  11300K .......... .......... .......... .......... .......... 29% 31.5M 1s
-#5 2.586  11350K .......... .......... .......... .......... .......... 29% 83.8M 1s
-#5 2.592  11400K .......... .......... .......... .......... .......... 29% 9.04M 1s
-#5 2.592  11450K .......... .......... .......... .......... .......... 29% 40.6M 1s
-#5 2.593  11500K .......... .......... .......... .......... .......... 29% 56.5M 1s
-#5 2.594  11550K .......... .......... .......... .......... .......... 29%  159M 1s
-#5 2.596  11600K .......... .......... .......... .......... .......... 29% 36.0M 1s
-#5 2.598  11650K .......... .......... .......... .......... .......... 30% 16.2M 1s
-#5 2.599  11700K .......... .......... .......... .......... .......... 30%  113M 1s
-#5 2.599  11750K .......... .......... .......... .......... .......... 30%  127M 1s
-#5 2.600  11800K .......... .......... .......... .......... .......... 30%  105M 1s
-#5 2.600  11850K .......... .......... .......... .......... .......... 30% 86.9M 1s
-#5 2.601  11900K .......... .......... .......... .......... .......... 30% 22.2M 1s
-#5 2.603  11950K .......... .......... .......... .......... .......... 30%  105M 1s
-#5 2.603  12000K .......... .......... .......... .......... .......... 31%  130M 1s
-#5 2.604  12050K .......... .......... .......... .......... .......... 31% 74.7M 1s
-#5 2.605  12100K .......... .......... .......... .......... .......... 31% 49.5M 1s
-#5 2.607  12150K .......... .......... .......... .......... .......... 31% 8.05M 1s
-#5 2.611  12200K .......... .......... .......... .......... .......... 31% 37.6M 1s
-#5 2.613  12250K .......... .......... .......... .......... .......... 31%  432M 1s
-#5 2.615  12300K .......... .......... .......... .......... .......... 31% 21.2M 1s
-#5 2.615  12350K .......... .......... .......... .......... .......... 31% 28.6M 1s
-#5 2.617  12400K .......... .......... .......... .......... .......... 32% 3.83M 1s
-#5 2.630  12450K .......... .......... .......... .......... .......... 32% 49.8M 1s
-#5 2.631  12500K .......... .......... .......... .......... .......... 32%  247M 1s
-#5 2.631  12550K .......... .......... .......... .......... .......... 32% 26.0M 1s
-#5 2.633  12600K .......... .......... .......... .......... .......... 32% 81.3M 1s
-#5 2.633  12650K .......... .......... .......... .......... .......... 32% 4.83M 1s
-#5 2.644  12700K .......... .......... .......... .......... .......... 32% 75.8M 1s
-#5 2.644  12750K .......... .......... .......... .......... .......... 32% 51.4M 1s
-#5 2.645  12800K .......... .......... .......... .......... .......... 33% 83.4M 1s
-#5 2.646  12850K .......... .......... .......... .......... .......... 33%  434M 1s
-#5 2.646  12900K .......... .......... .......... .......... .......... 33% 3.83M 1s
-#5 2.658  12950K .......... .......... .......... .......... .......... 33% 68.2M 1s
-#5 2.659  13000K .......... .......... .......... .......... .......... 33% 95.3M 1s
-#5 2.660  13050K .......... .......... .......... .......... .......... 33% 84.2M 1s
-#5 2.660  13100K .......... .......... .......... .......... .......... 33% 52.0M 1s
-#5 2.661  13150K .......... .......... .......... .......... .......... 33% 5.07M 1s
-#5 2.672  13200K .......... .......... .......... .......... .......... 34% 52.0M 1s
-#5 2.672  13250K .......... .......... .......... .......... .......... 34% 64.8M 1s
-#5 2.673  13300K .......... .......... .......... .......... .......... 34% 95.0M 1s
-#5 2.673  13350K .......... .......... .......... .......... .......... 34% 58.6M 1s
-#5 2.674  13400K .......... .......... .......... .......... .......... 34% 42.3M 1s
-#5 2.679  13450K .......... .......... .......... .......... .......... 34% 12.3M 1s
-#5 2.679  13500K .......... .......... .......... .......... .......... 34% 75.4M 1s
-#5 2.680  13550K .......... .......... .......... .......... .......... 35% 66.6M 1s
-#5 2.681  13600K .......... .......... .......... .......... .......... 35%  455M 1s
-#5 2.681  13650K .......... .......... .......... .......... .......... 35% 38.7M 1s
-#5 2.685  13700K .......... .......... .......... .......... .......... 35% 15.5M 1s
-#5 2.685  13750K .......... .......... .......... .......... .......... 35% 53.8M 1s
-#5 2.686  13800K .......... .......... .......... .......... .......... 35%  337M 1s
-#5 2.686  13850K .......... .......... .......... .......... .......... 35% 44.6M 1s
-#5 2.687  13900K .......... .......... .......... .......... .......... 35% 66.0M 1s
-#5 2.688  13950K .......... .......... .......... .......... .......... 36% 10.9M 1s
-#5 2.693  14000K .......... .......... .......... .......... .......... 36%  365M 1s
-#5 2.693  14050K .......... .......... .......... .......... .......... 36% 48.3M 1s
-#5 2.693  14100K .......... .......... .......... .......... .......... 36%  184M 1s
-#5 2.694  14150K .......... .......... .......... .......... .......... 36% 75.3M 1s
-#5 2.694  14200K .......... .......... .......... .......... .......... 36% 5.75M 1s
-#5 2.703  14250K .......... .......... .......... .......... .......... 36% 68.5M 1s
-#5 2.704  14300K .......... .......... .......... .......... .......... 36% 63.6M 1s
-#5 2.704  14350K .......... .......... .......... .......... .......... 37% 32.7M 1s
-#5 2.706  14400K .......... .......... .......... .......... .......... 37% 50.2M 1s
-#5 2.707  14450K .......... .......... .......... .......... .......... 37% 8.92M 1s
-#5 2.712  14500K .......... .......... .......... .......... .......... 37%  385M 1s
-#5 2.713  14550K .......... .......... .......... .......... .......... 37% 59.7M 1s
-#5 2.713  14600K .......... .......... .......... .......... .......... 37% 61.6M 1s
-#5 2.714  14650K .......... .......... .......... .......... .......... 37% 30.6M 1s
-#5 2.716  14700K .......... .......... .......... .......... .......... 37% 4.40M 1s
-#5 2.727  14750K .......... .......... .......... .......... .......... 38% 98.6M 1s
-#5 2.727  14800K .......... .......... .......... .......... .......... 38% 93.1M 1s
-#5 2.728  14850K .......... .......... .......... .......... .......... 38% 72.6M 1s
-#5 2.729  14900K .......... .......... .......... .......... .......... 38% 40.4M 1s
-#5 2.730  14950K .......... .......... .......... .......... .......... 38% 3.91M 1s
-#5 2.742  15000K .......... .......... .......... .......... .......... 38% 95.4M 1s
-#5 2.742  15050K .......... .......... .......... .......... .......... 38% 60.6M 1s
-#5 2.744  15100K .......... .......... .......... .......... .......... 39% 36.4M 1s
-#5 2.745  15150K .......... .......... .......... .......... .......... 39% 55.1M 1s
-#5 2.745  15200K .......... .......... .......... .......... .......... 39% 5.05M 1s
-#5 2.755  15250K .......... .......... .......... .......... .......... 39%  339M 1s
-#5 2.756  15300K .......... .......... .......... .......... .......... 39% 59.8M 1s
-#5 2.756  15350K .......... .......... .......... .......... .......... 39% 52.6M 1s
-#5 2.757  15400K .......... .......... .......... .......... .......... 39% 25.2M 1s
-#5 2.759  15450K .......... .......... .......... .......... .......... 39% 8.16M 1s
-#5 2.765  15500K .......... .......... .......... .......... .......... 40% 83.3M 1s
-#5 2.765  15550K .......... .......... .......... .......... .......... 40% 46.6M 1s
-#5 2.767  15600K .......... .......... .......... .......... .......... 40%  447M 1s
-#5 2.767  15650K .......... .......... .......... .......... .......... 40% 37.7M 1s
-#5 2.768  15700K .......... .......... .......... .......... .......... 40% 36.6M 1s
-#5 2.772  15750K .......... .......... .......... .......... .......... 40% 18.0M 1s
-#5 2.772  15800K .......... .......... .......... .......... .......... 40%  104M 1s
-#5 2.773  15850K .......... .......... .......... .......... .......... 40%  170M 1s
-#5 2.773  15900K .......... .......... .......... .......... .......... 41% 86.0M 1s
-#5 2.774  15950K .......... .......... .......... .......... .......... 41% 54.7M 1s
-#5 2.777  16000K .......... .......... .......... .......... .......... 41% 16.1M 1s
-#5 2.777  16050K .......... .......... .......... .......... .......... 41% 73.3M 1s
-#5 2.778  16100K .......... .......... .......... .......... .......... 41%  119M 1s
-#5 2.779  16150K .......... .......... .......... .......... .......... 41% 57.0M 1s
-#5 2.779  16200K .......... .......... .......... .......... .......... 41% 42.6M 1s
-#5 2.781  16250K .......... .......... .......... .......... .......... 41% 21.1M 1s
-#5 2.783  16300K .......... .......... .......... .......... .......... 42% 78.3M 1s
-#5 2.784  16350K .......... .......... .......... .......... .......... 42% 81.0M 1s
-#5 2.784  16400K .......... .......... .......... .......... .......... 42% 56.8M 1s
-#5 2.785  16450K .......... .......... .......... .......... .......... 42%  120M 1s
-#5 2.786  16500K .......... .......... .......... .......... .......... 42% 7.42M 1s
-#5 2.792  16550K .......... .......... .......... .......... .......... 42% 60.6M 1s
-#5 2.793  16600K .......... .......... .......... .......... .......... 42%  109M 1s
-#5 2.795  16650K .......... .......... .......... .......... .......... 42% 36.5M 1s
-#5 2.795  16700K .......... .......... .......... .......... .......... 43%  226M 1s
-#5 2.795  16750K .......... .......... .......... .......... .......... 43% 4.79M 1s
-#5 2.805  16800K .......... .......... .......... .......... .......... 43%  210M 1s
-#5 2.805  16850K .......... .......... .......... .......... .......... 43%  153M 1s
-#5 2.805  16900K .......... .......... .......... .......... .......... 43% 46.0M 1s
-#5 2.806  16950K .......... .......... .......... .......... .......... 43% 94.4M 1s
-#5 2.807  17000K .......... .......... .......... .......... .......... 43% 8.39M 1s
-#5 2.813  17050K .......... .......... .......... .......... .......... 44%  257M 1s
-#5 2.814  17100K .......... .......... .......... .......... .......... 44% 39.9M 1s
-#5 2.814  17150K .......... .......... .......... .......... .......... 44% 42.3M 1s
-#5 2.816  17200K .......... .......... .......... .......... .......... 44%  277M 1s
-#5 2.816  17250K .......... .......... .......... .......... .......... 44% 3.85M 1s
-#5 2.829  17300K .......... .......... .......... .......... .......... 44% 50.6M 1s
-#5 2.831  17350K .......... .......... .......... .......... .......... 44%  348M 1s
-#5 2.831  17400K .......... .......... .......... .......... .......... 44%  122M 1s
-#5 2.831  17450K .......... .......... .......... .......... .......... 45%  160M 1s
-#5 2.831  17500K .......... .......... .......... .......... .......... 45% 6.05M 1s
-#5 2.838  17550K .......... .......... .......... .......... .......... 45% 70.7M 1s
-#5 2.839  17600K .......... .......... .......... .......... .......... 45% 60.2M 1s
-#5 2.840  17650K .......... .......... .......... .......... .......... 45% 16.8M 1s
-#5 2.843  17700K .......... .......... .......... .......... .......... 45%  312M 1s
-#5 2.843  17750K .......... .......... .......... .......... .......... 45% 63.0M 1s
-#5 2.844  17800K .......... .......... .......... .......... .......... 45% 24.0M 1s
-#5 2.846  17850K .......... .......... .......... .......... .......... 46% 42.7M 1s
-#5 2.847  17900K .......... .......... .......... .......... .......... 46% 35.4M 1s
-#5 2.848  17950K .......... .......... .......... .......... .......... 46% 53.0M 1s
-#5 2.852  18000K .......... .......... .......... .......... .......... 46% 43.6M 1s
-#5 2.854  18050K .......... .......... .......... .......... .......... 46% 9.82M 1s
-#5 2.855  18100K .......... .......... .......... .......... .......... 46% 43.2M 1s
-#5 2.856  18150K .......... .......... .......... .......... .......... 46% 22.8M 1s
-#5 2.858  18200K .......... .......... .......... .......... .......... 46%  323M 1s
-#5 2.858  18250K .......... .......... .......... .......... .......... 47% 52.2M 1s
-#5 2.860  18300K .......... .......... .......... .......... .......... 47% 19.0M 1s
-#5 2.862  18350K .......... .......... .......... .......... .......... 47% 29.4M 1s
-#5 2.864  18400K .......... .......... .......... .......... .......... 47%  370M 1s
-#5 2.864  18450K .......... .......... .......... .......... .......... 47% 72.3M 1s
-#5 2.864  18500K .......... .......... .......... .......... .......... 47% 19.3M 1s
-#5 2.867  18550K .......... .......... .......... .......... .......... 47% 4.93M 1s
-#5 2.877  18600K .......... .......... .......... .......... .......... 48%  165M 1s
-#5 2.877  18650K .......... .......... .......... .......... .......... 48% 33.5M 1s
-#5 2.879  18700K .......... .......... .......... .......... .......... 48% 62.7M 1s
-#5 2.879  18750K .......... .......... .......... .......... .......... 48% 22.4M 1s
-#5 2.882  18800K .......... .......... .......... .......... .......... 48% 4.37M 1s
-#5 2.893  18850K .......... .......... .......... .......... .......... 48% 34.5M 1s
-#5 2.894  18900K .......... .......... .......... .......... .......... 48% 76.8M 1s
-#5 2.895  18950K .......... .......... .......... .......... .......... 48% 19.5M 1s
-#5 2.898  19000K .......... .......... .......... .......... .......... 49% 83.1M 1s
-#5 2.898  19050K .......... .......... .......... .......... .......... 49% 4.23M 1s
-#5 2.910  19100K .......... .......... .......... .......... .......... 49% 41.6M 1s
-#5 2.911  19150K .......... .......... .......... .......... .......... 49%  350M 1s
-#5 2.911  19200K .......... .......... .......... .......... .......... 49% 97.6M 1s
-#5 2.911  19250K .......... .......... .......... .......... .......... 49% 65.8M 1s
-#5 2.912  19300K .......... .......... .......... .......... .......... 49% 7.08M 1s
-#5 2.919  19350K .......... .......... .......... .......... .......... 49%  377M 1s
-#5 2.920  19400K .......... .......... .......... .......... .......... 50%  148M 1s
-#5 2.920  19450K .......... .......... .......... .......... .......... 50% 31.8M 1s
-#5 2.921  19500K .......... .......... .......... .......... .......... 50% 36.9M 1s
-#5 2.923  19550K .......... .......... .......... .......... .......... 50% 3.96M 1s
-#5 2.935  19600K .......... .......... .......... .......... .......... 50%  374M 1s
-#5 2.935  19650K .......... .......... .......... .......... .......... 50% 66.3M 1s
-#5 2.936  19700K .......... .......... .......... .......... .......... 50% 53.1M 1s
-#5 2.936  19750K .......... .......... .......... .......... .......... 50%  186M 1s
-#5 2.937  19800K .......... .......... .......... .......... .......... 51% 7.76M 1s
-#5 2.943  19850K .......... .......... .......... .......... .......... 51%  280M 1s
-#5 2.943  19900K .......... .......... .......... .......... .......... 51% 87.6M 1s
-#5 2.945  19950K .......... .......... .......... .......... .......... 51% 61.0M 1s
-#5 2.945  20000K .......... .......... .......... .......... .......... 51% 56.3M 1s
-#5 2.945  20050K .......... .......... .......... .......... .......... 51%  398M 1s
-#5 2.948  20100K .......... .......... .......... .......... .......... 51% 14.9M 1s
-#5 2.949  20150K .......... .......... .......... .......... .......... 52%  126M 1s
-#5 2.949  20200K .......... .......... .......... .......... .......... 52% 65.0M 1s
-#5 2.950  20250K .......... .......... .......... .......... .......... 52%  352M 1s
-#5 2.950  20300K .......... .......... .......... .......... .......... 52% 60.3M 1s
-#5 2.951  20350K .......... .......... .......... .......... .......... 52% 17.5M 1s
-#5 2.954  20400K .......... .......... .......... .......... .......... 52% 95.9M 1s
-#5 2.955  20450K .......... .......... .......... .......... .......... 52% 78.8M 1s
-#5 2.955  20500K .......... .......... .......... .......... .......... 52%  332M 1s
-#5 2.956  20550K .......... .......... .......... .......... .......... 53% 47.8M 1s
-#5 2.956  20600K .......... .......... .......... .......... .......... 53% 14.3M 1s
-#5 2.959  20650K .......... .......... .......... .......... .......... 53% 84.9M 1s
-#5 2.960  20700K .......... .......... .......... .......... .......... 53% 50.7M 1s
-#5 2.961  20750K .......... .......... .......... .......... .......... 53%  365M 1s
-#5 2.961  20800K .......... .......... .......... .......... .......... 53% 98.2M 1s
-#5 2.961  20850K .......... .......... .......... .......... .......... 53% 11.4M 1s
-#5 2.966  20900K .......... .......... .......... .......... .......... 53% 55.7M 1s
-#5 2.966  20950K .......... .......... .......... .......... .......... 54%  162M 1s
-#5 2.969  21000K .......... .......... .......... .......... .......... 54% 79.5M 1s
-#5 2.969  21050K .......... .......... .......... .......... .......... 54% 59.0M 1s
-#5 2.969  21100K .......... .......... .......... .......... .......... 54% 4.67M 1s
-#5 2.979  21150K .......... .......... .......... .......... .......... 54% 56.2M 1s
-#5 2.980  21200K .......... .......... .......... .......... .......... 54%  334M 1s
-#5 2.980  21250K .......... .......... .......... .......... .......... 54% 34.6M 1s
-#5 2.982  21300K .......... .......... .......... .......... .......... 54% 47.2M 1s
-#5 2.982  21350K .......... .......... .......... .......... .......... 55% 4.46M 1s
-#5 2.993  21400K .......... .......... .......... .......... .......... 55% 93.8M 1s
-#5 2.995  21450K .......... .......... .......... .......... .......... 55% 85.1M 1s
-#5 2.995  21500K .......... .......... .......... .......... .......... 55%  242M 1s
-#5 2.995  21550K .......... .......... .......... .......... .......... 55% 32.8M 1s
-#5 2.996  21600K .......... .......... .......... .......... .......... 55% 4.53M 1s
-#5 3.007  21650K .......... .......... .......... .......... .......... 55%  403M 1s
-#5 3.007  21700K .......... .......... .......... .......... .......... 55%  111M 1s
-#5 3.007  21750K .......... .......... .......... .......... .......... 56% 66.2M 1s
-#5 3.008  21800K .......... .......... .......... .......... .......... 56% 82.8M 1s
-#5 3.009  21850K .......... .......... .......... .......... .......... 56% 7.62M 1s
-#5 3.015  21900K .......... .......... .......... .......... .......... 56% 52.8M 1s
-#5 3.016  21950K .......... .......... .......... .......... .......... 56%  199M 1s
-#5 3.016  22000K .......... .......... .......... .......... .......... 56% 58.8M 1s
-#5 3.018  22050K .......... .......... .......... .......... .......... 56% 30.9M 1s
-#5 3.019  22100K .......... .......... .......... .......... .......... 57%  106M 1s
-#5 3.022  22150K .......... .......... .......... .......... .......... 57% 14.7M 1s
-#5 3.022  22200K .......... .......... .......... .......... .......... 57% 60.7M 1s
-#5 3.023  22250K .......... .......... .......... .......... .......... 57% 32.2M 1s
-#5 3.025  22300K .......... .......... .......... .......... .......... 57% 32.7M 1s
-#5 3.026  22350K .......... .......... .......... .......... .......... 57%  183M 1s
-#5 3.029  22400K .......... .......... .......... .......... .......... 57% 11.1M 1s
-#5 3.031  22450K .......... .......... .......... .......... .......... 57%  455M 1s
-#5 3.032  22500K .......... .......... .......... .......... .......... 58% 53.0M 1s
-#5 3.032  22550K .......... .......... .......... .......... .......... 58% 41.0M 1s
-#5 3.033  22600K .......... .......... .......... .......... .......... 58% 14.0M 1s
-#5 3.037  22650K .......... .......... .......... .......... .......... 58% 21.2M 1s
-#5 3.039  22700K .......... .......... .......... .......... .......... 58% 37.3M 1s
-#5 3.040  22750K .......... .......... .......... .......... .......... 58%  435M 1s
-#5 3.041  22800K .......... .......... .......... .......... .......... 58% 40.5M 1s
-#5 3.041  22850K .......... .......... .......... .......... .......... 58% 41.7M 1s
-#5 3.043  22900K .......... .......... .......... .......... .......... 59% 16.6M 1s
-#5 3.046  22950K .......... .......... .......... .......... .......... 59% 72.6M 1s
-#5 3.047  23000K .......... .......... .......... .......... .......... 59% 61.9M 1s
-#5 3.047  23050K .......... .......... .......... .......... .......... 59% 51.2M 1s
-#5 3.048  23100K .......... .......... .......... .......... .......... 59% 39.8M 1s
-#5 3.049  23150K .......... .......... .......... .......... .......... 59% 9.22M 1s
-#5 3.055  23200K .......... .......... .......... .......... .......... 59% 53.6M 1s
-#5 3.055  23250K .......... .......... .......... .......... .......... 59%  443M 1s
-#5 3.057  23300K .......... .......... .......... .......... .......... 60% 51.2M 1s
-#5 3.057  23350K .......... .......... .......... .......... .......... 60% 12.3M 1s
-#5 3.061  23400K .......... .......... .......... .......... .......... 60% 6.45M 1s
-#5 3.069  23450K .......... .......... .......... .......... .......... 60% 37.4M 1s
-#5 3.070  23500K .......... .......... .......... .......... .......... 60% 40.3M 1s
-#5 3.072  23550K .......... .......... .......... .......... .......... 60% 28.9M 1s
-#5 3.072  23600K .......... .......... .......... .......... .......... 60% 60.8M 1s
-#5 3.073  23650K .......... .......... .......... .......... .......... 61% 5.60M 1s
-#5 3.082  23700K .......... .......... .......... .......... .......... 61% 53.0M 1s
-#5 3.083  23750K .......... .......... .......... .......... .......... 61%  340M 1s
-#5 3.083  23800K .......... .......... .......... .......... .......... 61% 27.8M 1s
-#5 3.085  23850K .......... .......... .......... .......... .......... 61%  388M 1s
-#5 3.085  23900K .......... .......... .......... .......... .......... 61% 5.39M 1s
-#5 3.094  23950K .......... .......... .......... .......... .......... 61%  331M 1s
-#5 3.094  24000K .......... .......... .......... .......... .......... 61% 57.7M 1s
-#5 3.095  24050K .......... .......... .......... .......... .......... 62% 59.8M 1s
-#5 3.096  24100K .......... .......... .......... .......... .......... 62% 60.2M 1s
-#5 3.096  24150K .......... .......... .......... .......... .......... 62% 5.79M 1s
-#5 3.105  24200K .......... .......... .......... .......... .......... 62%  161M 1s
-#5 3.105  24250K .......... .......... .......... .......... .......... 62% 44.0M 1s
-#5 3.106  24300K .......... .......... .......... .......... .......... 62% 90.8M 1s
-#5 3.107  24350K .......... .......... .......... .......... .......... 62% 51.4M 1s
-#5 3.108  24400K .......... .......... .......... .......... .......... 62% 41.8M 1s
-#5 3.111  24450K .......... .......... .......... .......... .......... 63% 18.7M 1s
-#5 3.111  24500K .......... .......... .......... .......... .......... 63% 56.7M 1s
-#5 3.112  24550K .......... .......... .......... .......... .......... 63%  104M 1s
-#5 3.113  24600K .......... .......... .......... .......... .......... 63% 47.0M 1s
-#5 3.114  24650K .......... .......... .......... .......... .......... 63% 24.7M 1s
-#5 3.116  24700K .......... .......... .......... .......... .......... 63% 21.3M 1s
-#5 3.118  24750K .......... .......... .......... .......... .......... 63% 41.6M 1s
-#5 3.119  24800K .......... .......... .......... .......... .......... 63%  120M 1s
-#5 3.120  24850K .......... .......... .......... .......... .......... 64% 34.0M 1s
-#5 3.123  24900K .......... .......... .......... .......... .......... 64% 33.5M 1s
-#5 3.123  24950K .......... .......... .......... .......... .......... 64% 15.5M 1s
-#5 3.126  25000K .......... .......... .......... .......... .......... 64% 64.0M 1s
-#5 3.127  25050K .......... .......... .......... .......... .......... 64% 30.1M 1s
-#5 3.128  25100K .......... .......... .......... .......... .......... 64%  243M 1s
-#5 3.129  25150K .......... .......... .......... .......... .......... 64% 65.4M 1s
-#5 3.129  25200K .......... .......... .......... .......... .......... 65% 8.47M 1s
-#5 3.135  25250K .......... .......... .......... .......... .......... 65% 59.9M 1s
-#5 3.136  25300K .......... .......... .......... .......... .......... 65% 61.2M 1s
-#5 3.137  25350K .......... .......... .......... .......... .......... 65% 32.7M 1s
-#5 3.138  25400K .......... .......... .......... .......... .......... 65% 17.0M 1s
-#5 3.141  25450K .......... .......... .......... .......... .......... 65% 6.46M 1s
-#5 3.149  25500K .......... .......... .......... .......... .......... 65% 99.8M 1s
-#5 3.149  25550K .......... .......... .......... .......... .......... 65% 54.0M 1s
-#5 3.150  25600K .......... .......... .......... .......... .......... 66% 56.9M 1s
-#5 3.151  25650K .......... .......... .......... .......... .......... 66% 82.7M 1s
-#5 3.151  25700K .......... .......... .......... .......... .......... 66% 4.97M 1s
-#5 3.162  25750K .......... .......... .......... .......... .......... 66% 63.3M 1s
-#5 3.162  25800K .......... .......... .......... .......... .......... 66% 42.2M 1s
-#5 3.163  25850K .......... .......... .......... .......... .......... 66% 36.1M 1s
-#5 3.165  25900K .......... .......... .......... .......... .......... 66%  183M 1s
-#5 3.165  25950K .......... .......... .......... .......... .......... 66% 5.45M 1s
-#5 3.174  26000K .......... .......... .......... .......... .......... 67%  403M 1s
-#5 3.174  26050K .......... .......... .......... .......... .......... 67% 35.8M 1s
-#5 3.175  26100K .......... .......... .......... .......... .......... 67%  405M 1s
-#5 3.175  26150K .......... .......... .......... .......... .......... 67% 56.7M 1s
-#5 3.176  26200K .......... .......... .......... .......... .......... 67% 36.0M 1s
-#5 3.183  26250K .......... .......... .......... .......... .......... 67% 9.17M 1s
-#5 3.184  26300K .......... .......... .......... .......... .......... 67% 49.6M 1s
-#5 3.184  26350K .......... .......... .......... .......... .......... 67% 30.7M 1s
-#5 3.186  26400K .......... .......... .......... .......... .......... 68% 47.5M 1s
-#5 3.186  26450K .......... .......... .......... .......... .......... 68%  337M 1s
-#5 3.189  26500K .......... .......... .......... .......... .......... 68% 12.0M 1s
-#5 3.191  26550K .......... .......... .......... .......... .......... 68%  389M 0s
-#5 3.191  26600K .......... .......... .......... .......... .......... 68% 38.7M 0s
-#5 3.192  26650K .......... .......... .......... .......... .......... 68% 32.1M 0s
-#5 3.194  26700K .......... .......... .......... .......... .......... 68%  193M 0s
-#5 3.196  26750K .......... .......... .......... .......... .......... 69% 16.3M 0s
-#5 3.197  26800K .......... .......... .......... .......... .......... 69% 42.1M 0s
-#5 3.198  26850K .......... .......... .......... .......... .......... 69%  217M 0s
-#5 3.201  26900K .......... .......... .......... .......... .......... 69% 15.2M 0s
-#5 3.201  26950K .......... .......... .......... .......... .......... 69% 71.2M 0s
-#5 3.202  27000K .......... .......... .......... .......... .......... 69% 9.76M 0s
-#5 3.207  27050K .......... .......... .......... .......... .......... 69% 67.8M 0s
-#5 3.208  27100K .......... .......... .......... .......... .......... 69% 66.9M 0s
-#5 3.209  27150K .......... .......... .......... .......... .......... 70%  158M 0s
-#5 3.210  27200K .......... .......... .......... .......... .......... 70% 49.3M 0s
-#5 3.210  27250K .......... .......... .......... .......... .......... 70% 5.89M 0s
-#5 3.218  27300K .......... .......... .......... .......... .......... 70% 55.9M 0s
-#5 3.219  27350K .......... .......... .......... .......... .......... 70%  426M 0s
-#5 3.220  27400K .......... .......... .......... .......... .......... 70% 35.0M 0s
-#5 3.221  27450K .......... .......... .......... .......... .......... 70% 33.7M 0s
-#5 3.222  27500K .......... .......... .......... .......... .......... 70% 5.81M 0s
-#5 3.230  27550K .......... .......... .......... .......... .......... 71% 52.5M 0s
-#5 3.231  27600K .......... .......... .......... .......... .......... 71%  111M 0s
-#5 3.232  27650K .......... .......... .......... .......... .......... 71% 27.3M 0s
-#5 3.233  27700K .......... .......... .......... .......... .......... 71% 55.9M 0s
-#5 3.235  27750K .......... .......... .......... .......... .......... 71% 6.21M 0s
-#5 3.242  27800K .......... .......... .......... .......... .......... 71% 48.4M 0s
-#5 3.244  27850K .......... .......... .......... .......... .......... 71% 57.5M 0s
-#5 3.245  27900K .......... .......... .......... .......... .......... 71% 59.0M 0s
-#5 3.245  27950K .......... .......... .......... .......... .......... 72% 23.8M 0s
-#5 3.247  28000K .......... .......... .......... .......... .......... 72% 6.45M 0s
-#5 3.255  28050K .......... .......... .......... .......... .......... 72%  421M 0s
-#5 3.256  28100K .......... .......... .......... .......... .......... 72% 37.1M 0s
-#5 3.256  28150K .......... .......... .......... .......... .......... 72% 68.4M 0s
-#5 3.257  28200K .......... .......... .......... .......... .......... 72% 30.7M 0s
-#5 3.258  28250K .......... .......... .......... .......... .......... 72% 5.69M 0s
-#5 3.267  28300K .......... .......... .......... .......... .......... 72% 49.2M 0s
-#5 3.268  28350K .......... .......... .......... .......... .......... 73% 85.8M 0s
-#5 3.268  28400K .......... .......... .......... .......... .......... 73% 41.7M 0s
-#5 3.270  28450K .......... .......... .......... .......... .......... 73% 17.2M 0s
-#5 3.273  28500K .......... .......... .......... .......... .......... 73%  190M 0s
-#5 3.281  28550K .......... .......... .......... .......... .......... 73% 6.01M 0s
-#5 3.281  28600K .......... .......... .......... .......... .......... 73% 43.2M 0s
-#5 3.282  28650K .......... .......... .......... .......... .......... 73% 36.8M 0s
-#5 3.283  28700K .......... .......... .......... .......... .......... 74%  289M 0s
-#5 3.283  28750K .......... .......... .......... .......... .......... 74% 63.2M 0s
-#5 3.284  28800K .......... .......... .......... .......... .......... 74% 5.59M 0s
-#5 3.293  28850K .......... .......... .......... .......... .......... 74% 49.7M 0s
-#5 3.294  28900K .......... .......... .......... .......... .......... 74% 53.2M 0s
-#5 3.295  28950K .......... .......... .......... .......... .......... 74%  421M 0s
-#5 3.296  29000K .......... .......... .......... .......... .......... 74% 47.1M 0s
-#5 3.296  29050K .......... .......... .......... .......... .......... 74% 5.85M 0s
-#5 3.304  29100K .......... .......... .......... .......... .......... 75% 30.6M 0s
-#5 3.306  29150K .......... .......... .......... .......... .......... 75%  386M 0s
-#5 3.306  29200K .......... .......... .......... .......... .......... 75% 32.6M 0s
-#5 3.308  29250K .......... .......... .......... .......... .......... 75% 32.1M 0s
-#5 3.309  29300K .......... .......... .......... .......... .......... 75% 5.85M 0s
-#5 3.318  29350K .......... .......... .......... .......... .......... 75%  362M 0s
-#5 3.318  29400K .......... .......... .......... .......... .......... 75% 46.0M 0s
-#5 3.319  29450K .......... .......... .......... .......... .......... 75% 28.5M 0s
-#5 3.320  29500K .......... .......... .......... .......... .......... 76%  319M 0s
-#5 3.321  29550K .......... .......... .......... .......... .......... 76% 6.23M 0s
-#5 3.328  29600K .......... .......... .......... .......... .......... 76% 43.8M 0s
-#5 3.330  29650K .......... .......... .......... .......... .......... 76% 50.3M 0s
-#5 3.330  29700K .......... .......... .......... .......... .......... 76%  390M 0s
-#5 3.331  29750K .......... .......... .......... .......... .......... 76% 54.4M 0s
-#5 3.331  29800K .......... .......... .......... .......... .......... 76% 5.73M 0s
-#5 3.340  29850K .......... .......... .......... .......... .......... 76%  103M 0s
-#5 3.341  29900K .......... .......... .......... .......... .......... 77% 53.3M 0s
-#5 3.342  29950K .......... .......... .......... .......... .......... 77% 42.8M 0s
-#5 3.342  30000K .......... .......... .......... .......... .......... 77% 23.9M 0s
-#5 3.345  30050K .......... .......... .......... .......... .......... 77% 17.4M 0s
-#5 3.348  30100K .......... .......... .......... .......... .......... 77% 49.3M 0s
-#5 3.349  30150K .......... .......... .......... .......... .......... 77% 78.4M 0s
-#5 3.349  30200K .......... .......... .......... .......... .......... 77% 25.0M 0s
-#5 3.351  30250K .......... .......... .......... .......... .......... 78% 81.5M 0s
-#5 3.352  30300K .......... .......... .......... .......... .......... 78% 19.5M 0s
-#5 3.354  30350K .......... .......... .......... .......... .......... 78%  432M 0s
-#5 3.355  30400K .......... .......... .......... .......... .......... 78% 50.0M 0s
-#5 3.356  30450K .......... .......... .......... .......... .......... 78% 39.3M 0s
-#5 3.356  30500K .......... .......... .......... .......... .......... 78%  380M 0s
-#5 3.358  30550K .......... .......... .......... .......... .......... 78% 28.6M 0s
-#5 3.361  30600K .......... .......... .......... .......... .......... 78% 17.5M 0s
-#5 3.361  30650K .......... .......... .......... .......... .......... 79% 83.1M 0s
-#5 3.362  30700K .......... .......... .......... .......... .......... 79% 79.9M 0s
-#5 3.363  30750K .......... .......... .......... .......... .......... 79% 95.7M 0s
-#5 3.363  30800K .......... .......... .......... .......... .......... 79% 25.1M 0s
-#5 3.365  30850K .......... .......... .......... .......... .......... 79% 17.9M 0s
-#5 3.368  30900K .......... .......... .......... .......... .......... 79% 46.4M 0s
-#5 3.368  30950K .......... .......... .......... .......... .......... 79% 80.5M 0s
-#5 3.370  31000K .......... .......... .......... .......... .......... 79% 97.7M 0s
-#5 3.370  31050K .......... .......... .......... .......... .......... 80% 45.6M 0s
-#5 3.373  31100K .......... .......... .......... .......... .......... 80% 15.8M 0s
-#5 3.374  31150K .......... .......... .......... .......... .......... 80% 91.9M 0s
-#5 3.374  31200K .......... .......... .......... .......... .......... 80% 83.4M 0s
-#5 3.375  31250K .......... .......... .......... .......... .......... 80% 54.1M 0s
-#5 3.376  31300K .......... .......... .......... .......... .......... 80% 36.2M 0s
-#5 3.377  31350K .......... .......... .......... .......... .......... 80% 17.0M 0s
-#5 3.380  31400K .......... .......... .......... .......... .......... 80% 74.5M 0s
-#5 3.381  31450K .......... .......... .......... .......... .......... 81% 67.8M 0s
-#5 3.381  31500K .......... .......... .......... .......... .......... 81% 29.3M 0s
-#5 3.383  31550K .......... .......... .......... .......... .......... 81%  156M 0s
-#5 3.384  31600K .......... .......... .......... .......... .......... 81% 13.4M 0s
-#5 3.387  31650K .......... .......... .......... .......... .......... 81% 57.8M 0s
-#5 3.388  31700K .......... .......... .......... .......... .......... 81% 38.2M 0s
-#5 3.389  31750K .......... .......... .......... .......... .......... 81%  350M 0s
-#5 3.389  31800K .......... .......... .......... .......... .......... 82% 32.1M 0s
-#5 3.391  31850K .......... .......... .......... .......... .......... 82% 12.9M 0s
-#5 3.394  31900K .......... .......... .......... .......... .......... 82%  348M 0s
-#5 3.395  31950K .......... .......... .......... .......... .......... 82% 64.9M 0s
-#5 3.395  32000K .......... .......... .......... .......... .......... 82% 31.5M 0s
-#5 3.397  32050K .......... .......... .......... .......... .......... 82% 49.1M 0s
-#5 3.398  32100K .......... .......... .......... .......... .......... 82% 8.51M 0s
-#5 3.404  32150K .......... .......... .......... .......... .......... 82%  404M 0s
-#5 3.404  32200K .......... .......... .......... .......... .......... 83% 65.8M 0s
-#5 3.404  32250K .......... .......... .......... .......... .......... 83% 66.8M 0s
-#5 3.405  32300K .......... .......... .......... .......... .......... 83% 22.3M 0s
-#5 3.408  32350K .......... .......... .......... .......... .......... 83% 5.62M 0s
-#5 3.417  32400K .......... .......... .......... .......... .......... 83%  216M 0s
-#5 3.417  32450K .......... .......... .......... .......... .......... 83% 44.7M 0s
-#5 3.417  32500K .......... .......... .......... .......... .......... 83% 49.4M 0s
-#5 3.418  32550K .......... .......... .......... .......... .......... 83% 29.9M 0s
-#5 3.420  32600K .......... .......... .......... .......... .......... 84% 6.45M 0s
-#5 3.428  32650K .......... .......... .......... .......... .......... 84% 35.5M 0s
-#5 3.430  32700K .......... .......... .......... .......... .......... 84% 29.2M 0s
-#5 3.431  32750K .......... .......... .......... .......... .......... 84% 72.9M 0s
-#5 3.431  32800K .......... .......... .......... .......... .......... 84% 38.2M 0s
-#5 3.433  32850K .......... .......... .......... .......... .......... 84%  390M 0s
-#5 3.443  32900K .......... .......... .......... .......... .......... 84% 4.14M 0s
-#5 3.445  32950K .......... .......... .......... .......... .......... 84% 46.4M 0s
-#5 3.446  33000K .......... .......... .......... .......... .......... 85% 61.6M 0s
-#5 3.446  33050K .......... .......... .......... .......... .......... 85% 29.1M 0s
-#5 3.448  33100K .......... .......... .......... .......... .......... 85% 56.3M 0s
-#5 3.449  33150K .......... .......... .......... .......... .......... 85% 6.34M 0s
-#5 3.457  33200K .......... .......... .......... .......... .......... 85% 64.1M 0s
-#5 3.457  33250K .......... .......... .......... .......... .......... 85% 55.5M 0s
-#5 3.459  33300K .......... .......... .......... .......... .......... 85% 98.6M 0s
-#5 3.460  33350K .......... .......... .......... .......... .......... 85% 54.8M 0s
-#5 3.460  33400K .......... .......... .......... .......... .......... 86% 5.87M 0s
-#5 3.468  33450K .......... .......... .......... .......... .......... 86% 42.0M 0s
-#5 3.469  33500K .......... .......... .......... .......... .......... 86%  331M 0s
-#5 3.471  33550K .......... .......... .......... .......... .......... 86% 35.9M 0s
-#5 3.471  33600K .......... .......... .......... .......... .......... 86% 39.2M 0s
-#5 3.472  33650K .......... .......... .......... .......... .......... 86% 18.6M 0s
-#5 3.475  33700K .......... .......... .......... .......... .......... 86% 57.6M 0s
-#5 3.475  33750K .......... .......... .......... .......... .......... 87% 49.7M 0s
-#5 3.477  33800K .......... .......... .......... .......... .......... 87% 84.1M 0s
-#5 3.477  33850K .......... .......... .......... .......... .......... 87% 20.0M 0s
-#5 3.480  33900K .......... .......... .......... .......... .......... 87% 19.4M 0s
-#5 3.482  33950K .......... .......... .......... .......... .......... 87% 34.5M 0s
-#5 3.484  34000K .......... .......... .......... .......... .......... 87%  378M 0s
-#5 3.485  34050K .......... .......... .......... .......... .......... 87% 23.4M 0s
-#5 3.486  34100K .......... .......... .......... .......... .......... 87% 54.8M 0s
-#5 3.487  34150K .......... .......... .......... .......... .......... 88% 18.7M 0s
-#5 3.489  34200K .......... .......... .......... .......... .......... 88%  433M 0s
-#5 3.489  34250K .......... .......... .......... .......... .......... 88% 26.3M 0s
-#5 3.491  34300K .......... .......... .......... .......... .......... 88%  353M 0s
-#5 3.491  34350K .......... .......... .......... .......... .......... 88% 36.1M 0s
-#5 3.493  34400K .......... .......... .......... .......... .......... 88% 12.7M 0s
-#5 3.496  34450K .......... .......... .......... .......... .......... 88%  401M 0s
-#5 3.497  34500K .......... .......... .......... .......... .......... 88% 59.0M 0s
-#5 3.497  34550K .......... .......... .......... .......... .......... 89% 40.4M 0s
-#5 3.499  34600K .......... .......... .......... .......... .......... 89% 58.3M 0s
-#5 3.499  34650K .......... .......... .......... .......... .......... 89% 6.08M 0s
-#5 3.508  34700K .......... .......... .......... .......... .......... 89%  277M 0s
-#5 3.508  34750K .......... .......... .......... .......... .......... 89% 61.1M 0s
-#5 3.508  34800K .......... .......... .......... .......... .......... 89% 26.0M 0s
-#5 3.510  34850K .......... .......... .......... .......... .......... 89% 59.1M 0s
-#5 3.511  34900K .......... .......... .......... .......... .......... 89% 6.11M 0s
-#5 3.519  34950K .......... .......... .......... .......... .......... 90% 54.8M 0s
-#5 3.520  35000K .......... .......... .......... .......... .......... 90% 34.8M 0s
-#5 3.521  35050K .......... .......... .......... .......... .......... 90%  402M 0s
-#5 3.523  35100K .......... .......... .......... .......... .......... 90% 21.7M 0s
-#5 3.524  35150K .......... .......... .......... .......... .......... 90% 59.0M 0s
-#5 3.525  35200K .......... .......... .......... .......... .......... 90% 5.51M 0s
-#5 3.533  35250K .......... .......... .......... .......... .......... 90% 63.7M 0s
-#5 3.534  35300K .......... .......... .......... .......... .......... 91% 64.6M 0s
-#5 3.535  35350K .......... .......... .......... .......... .......... 91% 18.1M 0s
-#5 3.538  35400K .......... .......... .......... .......... .......... 91%  353M 0s
-#5 3.538  35450K .......... .......... .......... .......... .......... 91% 6.47M 0s
-#5 3.546  35500K .......... .......... .......... .......... .......... 91% 46.7M 0s
-#5 3.547  35550K .......... .......... .......... .......... .......... 91% 63.6M 0s
-#5 3.547  35600K .......... .......... .......... .......... .......... 91% 15.3M 0s
-#5 3.551  35650K .......... .......... .......... .......... .......... 91%  105M 0s
-#5 3.551  35700K .......... .......... .......... .......... .......... 92% 7.05M 0s
-#5 3.558  35750K .......... .......... .......... .......... .......... 92% 45.0M 0s
-#5 3.559  35800K .......... .......... .......... .......... .......... 92% 43.0M 0s
-#5 3.560  35850K .......... .......... .......... .......... .......... 92% 41.1M 0s
-#5 3.561  35900K .......... .......... .......... .......... .......... 92% 59.7M 0s
-#5 3.562  35950K .......... .......... .......... .......... .......... 92% 14.5M 0s
-#5 3.565  36000K .......... .......... .......... .......... .......... 92% 54.7M 0s
-#5 3.566  36050K .......... .......... .......... .......... .......... 92%  375M 0s
-#5 3.567  36100K .......... .......... .......... .......... .......... 93% 42.0M 0s
-#5 3.567  36150K .......... .......... .......... .......... .......... 93% 61.5M 0s
-#5 3.568  36200K .......... .......... .......... .......... .......... 93% 15.7M 0s
-#5 3.571  36250K .......... .......... .......... .......... .......... 93%  407M 0s
-#5 3.572  36300K .......... .......... .......... .......... .......... 93% 49.5M 0s
-#5 3.572  36350K .......... .......... .......... .......... .......... 93% 44.5M 0s
-#5 3.574  36400K .......... .......... .......... .......... .......... 93% 28.7M 0s
-#5 3.576  36450K .......... .......... .......... .......... .......... 93% 17.2M 0s
-#5 3.578  36500K .......... .......... .......... .......... .......... 94% 76.1M 0s
-#5 3.579  36550K .......... .......... .......... .......... .......... 94% 64.2M 0s
-#5 3.579  36600K .......... .......... .......... .......... .......... 94% 42.3M 0s
-#5 3.581  36650K .......... .......... .......... .......... .......... 94% 73.0M 0s
-#5 3.581  36700K .......... .......... .......... .......... .......... 94% 14.0M 0s
-#5 3.585  36750K .......... .......... .......... .......... .......... 94%  406M 0s
-#5 3.586  36800K .......... .......... .......... .......... .......... 94% 57.4M 0s
-#5 3.586  36850K .......... .......... .......... .......... .......... 95% 64.5M 0s
-#5 3.588  36900K .......... .......... .......... .......... .......... 95% 41.8M 0s
-#5 3.588  36950K .......... .......... .......... .......... .......... 95% 85.9M 0s
-#5 3.597  37000K .......... .......... .......... .......... .......... 95% 5.71M 0s
-#5 3.597  37050K .......... .......... .......... .......... .......... 95% 51.5M 0s
-#5 3.598  37100K .......... .......... .......... .......... .......... 95% 12.6M 0s
-#5 3.602  37150K .......... .......... .......... .......... .......... 95%  405M 0s
-#5 3.602  37200K .......... .......... .......... .......... .......... 95% 65.7M 0s
-#5 3.603  37250K .......... .......... .......... .......... .......... 96% 5.89M 0s
-#5 3.611  37300K .......... .......... .......... .......... .......... 96% 64.1M 0s
-#5 3.612  37350K .......... .......... .......... .......... .......... 96% 66.1M 0s
-#5 3.612  37400K .......... .......... .......... .......... .......... 96% 13.9M 0s
-#5 3.616  37450K .......... .......... .......... .......... .......... 96%  388M 0s
-#5 3.625  37500K .......... .......... .......... .......... .......... 96% 5.56M 0s
-#5 3.625  37550K .......... .......... .......... .......... .......... 96% 47.6M 0s
-#5 3.626  37600K .......... .......... .......... .......... .......... 96% 37.3M 0s
-#5 3.627  37650K .......... .......... .......... .......... .......... 97% 84.3M 0s
-#5 3.628  37700K .......... .......... .......... .......... .......... 97% 18.0M 0s
-#5 3.631  37750K .......... .......... .......... .......... .......... 97% 6.25M 0s
-#5 3.638  37800K .......... .......... .......... .......... .......... 97% 59.4M 0s
-#5 3.640  37850K .......... .......... .......... .......... .......... 97% 78.9M 0s
-#5 3.640  37900K .......... .......... .......... .......... .......... 97% 49.0M 0s
-#5 3.641  37950K .......... .......... .......... .......... .......... 97% 38.0M 0s
-#5 3.642  38000K .......... .......... .......... .......... .......... 97% 4.79M 0s
-#5 3.652  38050K .......... .......... .......... .......... .......... 98%  174M 0s
-#5 3.652  38100K .......... .......... .......... .......... .......... 98% 59.7M 0s
-#5 3.653  38150K .......... .......... .......... .......... .......... 98% 22.0M 0s
-#5 3.655  38200K .......... .......... .......... .......... .......... 98%  409M 0s
-#5 3.655  38250K .......... .......... .......... .......... .......... 98% 7.65M 0s
-#5 3.662  38300K .......... .......... .......... .......... .......... 98% 29.8M 0s
-#5 3.664  38350K .......... .......... .......... .......... .......... 98%  418M 0s
-#5 3.664  38400K .......... .......... .......... .......... .......... 98% 25.4M 0s
-#5 3.666  38450K .......... .......... .......... .......... .......... 99% 43.0M 0s
-#5 3.667  38500K .......... .......... .......... .......... .......... 99% 15.1M 0s
-#5 3.670  38550K .......... .......... .......... .......... .......... 99% 97.7M 0s
-#5 3.671  38600K .......... .......... .......... .......... .......... 99%  400M 0s
-#5 3.671  38650K .......... .......... .......... .......... .......... 99% 58.6M 0s
-#5 3.671  38700K .......... .......... .......... .......... .......... 99% 16.7M 0s
-#5 3.674  38750K .......... .......... .......... .......... .......... 99% 19.1M 0s
-#5 3.677  38800K .......... .......... .......... .........            100% 38.6M=1.6s
-#5 3.678 
-#5 3.679 2024-11-06 09:39:53 (24.1 MB/s) - written to stdout [39771622/39771622]
-#5 3.679 
-#5 DONE 4.0s
+#5 0.450 Updating Subscription Management repositories.
+#5 0.450 Unable to read consumer identity
+#5 0.456 
+#5 0.456 This system is not registered with an entitlement server. You can use subscription-manager to register.
+#5 0.456 
+#5 0.521 Last metadata expiration check: 0:00:14 ago on Mon Nov 11 09:49:46 2024.
+#5 0.541 Package ca-certificates-2024.2.69_v8.0.303-91.4.el9_4.noarch is already installed.
+#5 0.542 Package tar-2:1.34-6.el9_4.1.x86_64 is already installed.
+#5 0.542 Package gzip-1.12-1.el9.x86_64 is already installed.
+#5 0.563 Dependencies resolved.
+#5 0.565 ================================================================================
+#5 0.565  Package                  Arch    Version           Repository             Size
+#5 0.565 ================================================================================
+#5 0.565 Installing:
+#5 0.565  wget                     x86_64  1.21.1-8.el9_4    ubi-9-appstream-rpms  789 k
+#5 0.565 Installing dependencies:
+#5 0.565  libpsl                   x86_64  0.21.1-5.el9      ubi-9-baseos-rpms      66 k
+#5 0.565  publicsuffix-list-dafsa  noarch  20210518-3.el9    ubi-9-baseos-rpms      59 k
+#5 0.565 
+#5 0.565 Transaction Summary
+#5 0.565 ================================================================================
+#5 0.565 Install  3 Packages
+#5 0.565 
+#5 0.566 Total download size: 914 k
+#5 0.566 Installed size: 3.2 M
+#5 0.566 Downloading Packages:
+#5 0.703 (1/3): publicsuffix-list-dafsa-20210518-3.el9.n 446 kB/s |  59 kB     00:00    
+#5 0.718 (2/3): libpsl-0.21.1-5.el9.x86_64.rpm           443 kB/s |  66 kB     00:00    
+#5 0.763 (3/3): wget-1.21.1-8.el9_4.x86_64.rpm           4.0 MB/s | 789 kB     00:00    
+#5 0.767 --------------------------------------------------------------------------------
+#5 0.768 Total                                           4.4 MB/s | 914 kB     00:00     
+#5 0.814 Running transaction check
+#5 0.826 Transaction check succeeded.
+#5 0.826 Running transaction test
+#5 0.866 Transaction test succeeded.
+#5 0.867 Running transaction
+#5 0.937   Preparing        :                                                        1/1 
+#5 0.970   Installing       : publicsuffix-list-dafsa-20210518-3.el9.noarch          1/3 
+#5 0.977   Installing       : libpsl-0.21.1-5.el9.x86_64                             2/3 
+#5 0.993   Installing       : wget-1.21.1-8.el9_4.x86_64                             3/3 
+#5 1.007   Running scriptlet: wget-1.21.1-8.el9_4.x86_64                             3/3 
+#5 1.057   Verifying        : libpsl-0.21.1-5.el9.x86_64                             1/3 
+#5 1.057   Verifying        : publicsuffix-list-dafsa-20210518-3.el9.noarch          2/3 
+#5 1.057   Verifying        : wget-1.21.1-8.el9_4.x86_64                             3/3 
+#5 1.123 Installed products updated.
+#5 1.133 
+#5 1.133 Installed:
+#5 1.133   libpsl-0.21.1-5.el9.x86_64    publicsuffix-list-dafsa-20210518-3.el9.noarch   
+#5 1.133   wget-1.21.1-8.el9_4.x86_64   
+#5 1.133 
+#5 1.133 Complete!
+#5 1.495 Updating Subscription Management repositories.
+#5 1.497 Unable to read consumer identity
+#5 1.500 
+#5 1.500 This system is not registered with an entitlement server. You can use subscription-manager to register.
+#5 1.500 
+#5 1.508 17 files removed
+#5 1.583 --2024-11-11 09:50:01--  https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
+#5 1.685 Resolving github.com (github.com)... 140.82.113.4
+#5 1.687 Connecting to github.com (github.com)|140.82.113.4|:443... connected.
+#5 1.784 HTTP request sent, awaiting response... 302 Found
+#5 1.873 Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
+#5 1.886 Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
+#5 1.919 HTTP request sent, awaiting response... 200 OK
+#5 2.002 Length: 39771622 (38M) [application/octet-stream]
+#5 2.002 Saving to: 'STDOUT'
+#5 2.003 
+#5 2.003      0K .......... .......... .......... .......... ..........  0% 3.78M 10s
+#5 2.015     50K .......... .......... .......... .......... ..........  0% 5.35M 9s
+#5 2.025    100K .......... .......... .......... .......... ..........  0% 15.3M 7s
+#5 2.028    150K .......... .......... .......... .......... ..........  0% 30.5M 5s
+#5 2.029    200K .......... .......... .......... .......... ..........  0% 8.41M 5s
+#5 2.035    250K .......... .......... .......... .......... ..........  0% 19.5M 5s
+#5 2.038    300K .......... .......... .......... .......... ..........  0% 66.5M 4s
+#5 2.038    350K .......... .......... .......... .......... ..........  1% 9.31M 4s
+#5 2.044    400K .......... .......... .......... .......... ..........  1% 28.2M 4s
+#5 2.045    450K .......... .......... .......... .......... ..........  1%  100M 3s
+#5 2.046    500K .......... .......... .......... .......... ..........  1% 50.2M 3s
+#5 2.047    550K .......... .......... .......... .......... ..........  1% 33.0M 3s
+#5 2.048    600K .......... .......... .......... .......... ..........  1% 71.7M 3s
+#5 2.054    650K .......... .......... .......... .......... ..........  1% 8.94M 3s
+#5 2.055    700K .......... .......... .......... .......... ..........  1%  108M 3s
+#5 2.055    750K .......... .......... .......... .......... ..........  2% 76.5M 3s
+#5 2.056    800K .......... .......... .......... .......... ..........  2% 72.7M 2s
+#5 2.057    850K .......... .......... .......... .......... ..........  2%  384M 2s
+#5 2.063    900K .......... .......... .......... .......... ..........  2% 6.45M 2s
+#5 2.064    950K .......... .......... .......... .......... ..........  2%  389M 2s
+#5 2.064   1000K .......... .......... .......... .......... ..........  2%  369M 2s
+#5 2.065   1050K .......... .......... .......... .......... ..........  2% 35.3M 2s
+#5 2.066   1100K .......... .......... .......... .......... ..........  2% 69.1M 2s
+#5 2.072   1150K .......... .......... .......... .......... ..........  3% 9.63M 2s
+#5 2.072   1200K .......... .......... .......... .......... ..........  3%  405M 2s
+#5 2.072   1250K .......... .......... .......... .......... ..........  3% 76.5M 2s
+#5 2.072   1300K .......... .......... .......... .......... ..........  3% 54.2M 2s
+#5 2.073   1350K .......... .......... .......... .......... ..........  3%  133M 2s
+#5 2.073   1400K .......... .......... .......... .......... ..........  3% 10.6M 2s
+#5 2.078   1450K .......... .......... .......... .......... ..........  3%  115M 2s
+#5 2.078   1500K .......... .......... .......... .......... ..........  3%  270M 2s
+#5 2.079   1550K .......... .......... .......... .......... ..........  4% 63.1M 2s
+#5 2.079   1600K .......... .......... .......... .......... ..........  4%  114M 2s
+#5 2.080   1650K .......... .......... .......... .......... ..........  4% 23.7M 2s
+#5 2.082   1700K .......... .......... .......... .......... ..........  4%  327M 2s
+#5 2.082   1750K .......... .......... .......... .......... ..........  4%  100M 2s
+#5 2.082   1800K .......... .......... .......... .......... ..........  4%  148M 2s
+#5 2.083   1850K .......... .......... .......... .......... ..........  4%  317M 2s
+#5 2.083   1900K .......... .......... .......... .......... ..........  5% 25.6M 2s
+#5 2.085   1950K .......... .......... .......... .......... ..........  5%  421M 2s
+#5 2.085   2000K .......... .......... .......... .......... ..........  5% 47.1M 1s
+#5 2.087   2050K .......... .......... .......... .......... ..........  5%  115M 1s
+#5 2.087   2100K .......... .......... .......... .......... ..........  5%  102M 1s
+#5 2.087   2150K .......... .......... .......... .......... ..........  5% 30.9M 1s
+#5 2.089   2200K .......... .......... .......... .......... ..........  5%  105M 1s
+#5 2.089   2250K .......... .......... .......... .......... ..........  5% 46.6M 1s
+#5 2.090   2300K .......... .......... .......... .......... ..........  6%  351M 1s
+#5 2.090   2350K .......... .......... .......... .......... ..........  6% 29.4M 1s
+#5 2.092   2400K .......... .......... .......... .......... ..........  6% 18.6M 1s
+#5 2.095   2450K .......... .......... .......... .......... ..........  6%  364M 1s
+#5 2.095   2500K .......... .......... .......... .......... ..........  6% 97.1M 1s
+#5 2.095   2550K .......... .......... .......... .......... ..........  6%  156M 1s
+#5 2.095   2600K .......... .......... .......... .......... ..........  6% 83.7M 1s
+#5 2.096   2650K .......... .......... .......... .......... ..........  6% 7.50M 1s
+#5 2.103   2700K .......... .......... .......... .......... ..........  7%  155M 1s
+#5 2.103   2750K .......... .......... .......... .......... ..........  7% 21.1M 1s
+#5 2.106   2800K .......... .......... .......... .......... ..........  7%  268M 1s
+#5 2.106   2850K .......... .......... .......... .......... ..........  7% 12.0M 1s
+#5 2.109   2900K .......... .......... .......... .......... ..........  7% 30.0M 1s
+#5 2.128   2950K .......... .......... .......... .......... ..........  7% 2.58M 2s
+#5 2.130   3000K .......... .......... .......... .......... ..........  7% 43.4M 2s
+#5 2.132   3050K .......... .......... .......... .......... ..........  7% 24.3M 2s
+#5 2.134   3100K .......... .......... .......... .......... ..........  8% 12.0M 2s
+#5 2.138   3150K .......... .......... .......... .......... ..........  8%  327M 2s
+#5 2.157   3200K .......... .......... .......... .......... ..........  8% 2.46M 2s
+#5 2.157   3250K .......... .......... .......... .......... ..........  8% 19.3M 2s
+#5 2.160   3300K .......... .......... .......... .......... ..........  8%  366M 2s
+#5 2.163   3350K .......... .......... .......... .......... ..........  8% 18.6M 2s
+#5 2.163   3400K .......... .......... .......... .......... ..........  8% 22.5M 2s
+#5 2.165   3450K .......... .......... .......... .......... ..........  9% 5.32M 2s
+#5 2.174   3500K .......... .......... .......... .......... ..........  9%  141M 2s
+#5 2.174   3550K .......... .......... .......... .......... ..........  9% 99.5M 2s
+#5 2.175   3600K .......... .......... .......... .......... ..........  9% 84.4M 2s
+#5 2.175   3650K .......... .......... .......... .......... ..........  9% 69.8M 2s
+#5 2.176   3700K .......... .......... .......... .......... ..........  9% 26.3M 2s
+#5 2.178   3750K .......... .......... .......... .......... ..........  9%  130M 2s
+#5 2.178   3800K .......... .......... .......... .......... ..........  9% 68.2M 2s
+#5 2.179   3850K .......... .......... .......... .......... .......... 10% 90.1M 2s
+#5 2.179   3900K .......... .......... .......... .......... .......... 10% 53.7M 2s
+#5 2.180   3950K .......... .......... .......... .......... .......... 10% 29.5M 2s
+#5 2.182   4000K .......... .......... .......... .......... .......... 10%  400M 2s
+#5 2.182   4050K .......... .......... .......... .......... .......... 10% 65.0M 2s
+#5 2.183   4100K .......... .......... .......... .......... .......... 10% 57.7M 2s
+#5 2.184   4150K .......... .......... .......... .......... .......... 10%  146M 1s
+#5 2.184   4200K .......... .......... .......... .......... .......... 10% 11.9M 2s
+#5 2.188   4250K .......... .......... .......... .......... .......... 11%  418M 1s
+#5 2.188   4300K .......... .......... .......... .......... .......... 11% 68.3M 1s
+#5 2.189   4350K .......... .......... .......... .......... .......... 11% 83.7M 1s
+#5 2.190   4400K .......... .......... .......... .......... .......... 11%  276M 1s
+#5 2.190   4450K .......... .......... .......... .......... .......... 11% 7.93M 1s
+#5 2.196   4500K .......... .......... .......... .......... .......... 11%  185M 1s
+#5 2.196   4550K .......... .......... .......... .......... .......... 11%  102M 1s
+#5 2.197   4600K .......... .......... .......... .......... .......... 11% 83.4M 1s
+#5 2.197   4650K .......... .......... .......... .......... .......... 12% 56.9M 1s
+#5 2.198   4700K .......... .......... .......... .......... .......... 12% 8.61M 1s
+#5 2.204   4750K .......... .......... .......... .......... .......... 12% 94.8M 1s
+#5 2.205   4800K .......... .......... .......... .......... .......... 12% 34.0M 1s
+#5 2.206   4850K .......... .......... .......... .......... .......... 12% 46.8M 1s
+#5 2.207   4900K .......... .......... .......... .......... .......... 12% 46.3M 1s
+#5 2.209   4950K .......... .......... .......... .......... .......... 12%  401M 1s
+#5 2.223   5000K .......... .......... .......... .......... .......... 13% 3.10M 1s
+#5 2.224   5050K .......... .......... .......... .......... .......... 13%  152M 1s
+#5 2.224   5100K .......... .......... .......... .......... .......... 13% 46.2M 1s
+#5 2.225   5150K .......... .......... .......... .......... .......... 13% 17.1M 1s
+#5 2.228   5200K .......... .......... .......... .......... .......... 13%  154M 1s
+#5 2.236   5250K .......... .......... .......... .......... .......... 13% 5.69M 1s
+#5 2.237   5300K .......... .......... .......... .......... .......... 13% 29.1M 1s
+#5 2.239   5350K .......... .......... .......... .......... .......... 13% 35.7M 1s
+#5 2.240   5400K .......... .......... .......... .......... .......... 14% 51.7M 1s
+#5 2.241   5450K .......... .......... .......... .......... .......... 14% 25.7M 1s
+#5 2.245   5500K .......... .......... .......... .......... .......... 14% 8.31M 1s
+#5 2.249   5550K .......... .......... .......... .......... .......... 14% 46.6M 1s
+#5 2.251   5600K .......... .......... .......... .......... .......... 14% 28.9M 1s
+#5 2.251   5650K .......... .......... .......... .......... .......... 14% 76.9M 1s
+#5 2.252   5700K .......... .......... .......... .......... .......... 14% 36.6M 1s
+#5 2.253   5750K .......... .......... .......... .......... .......... 14% 8.03M 1s
+#5 2.260   5800K .......... .......... .......... .......... .......... 15% 44.6M 1s
+#5 2.260   5850K .......... .......... .......... .......... .......... 15% 47.3M 1s
+#5 2.263   5900K .......... .......... .......... .......... .......... 15% 21.8M 1s
+#5 2.264   5950K .......... .......... .......... .......... .......... 15%  208M 1s
+#5 2.264   6000K .......... .......... .......... .......... .......... 15% 9.63M 1s
+#5 2.269   6050K .......... .......... .......... .......... .......... 15% 66.7M 1s
+#5 2.270   6100K .......... .......... .......... .......... .......... 15% 84.2M 1s
+#5 2.270   6150K .......... .......... .......... .......... .......... 15%  123M 1s
+#5 2.271   6200K .......... .......... .......... .......... .......... 16%  134M 1s
+#5 2.271   6250K .......... .......... .......... .......... .......... 16% 7.89M 1s
+#5 2.277   6300K .......... .......... .......... .......... .......... 16%  396M 1s
+#5 2.277   6350K .......... .......... .......... .......... .......... 16% 56.0M 1s
+#5 2.279   6400K .......... .......... .......... .......... .......... 16% 85.7M 1s
+#5 2.279   6450K .......... .......... .......... .......... .......... 16% 98.8M 1s
+#5 2.279   6500K .......... .......... .......... .......... .......... 16% 8.43M 1s
+#5 2.285   6550K .......... .......... .......... .......... .......... 16%  130M 1s
+#5 2.286   6600K .......... .......... .......... .......... .......... 17%  110M 1s
+#5 2.286   6650K .......... .......... .......... .......... .......... 17% 57.6M 1s
+#5 2.287   6700K .......... .......... .......... .......... .......... 17% 90.6M 1s
+#5 2.288   6750K .......... .......... .......... .......... .......... 17% 8.24M 1s
+#5 2.293   6800K .......... .......... .......... .......... .......... 17%  380M 1s
+#5 2.293   6850K .......... .......... .......... .......... .......... 17%  124M 1s
+#5 2.294   6900K .......... .......... .......... .......... .......... 17%  129M 1s
+#5 2.294   6950K .......... .......... .......... .......... .......... 18% 47.1M 1s
+#5 2.295   7000K .......... .......... .......... .......... .......... 18% 8.68M 1s
+#5 2.301   7050K .......... .......... .......... .......... .......... 18%  239M 1s
+#5 2.301   7100K .......... .......... .......... .......... .......... 18%  182M 1s
+#5 2.302   7150K .......... .......... .......... .......... .......... 18%  102M 1s
+#5 2.302   7200K .......... .......... .......... .......... .......... 18%  333M 1s
+#5 2.302   7250K .......... .......... .......... .......... .......... 18% 72.5M 1s
+#5 2.304   7300K .......... .......... .......... .......... .......... 18% 23.7M 1s
+#5 2.305   7350K .......... .......... .......... .......... .......... 19% 22.3M 1s
+#5 2.307   7400K .......... .......... .......... .......... .......... 19%  379M 1s
+#5 2.307   7450K .......... .......... .......... .......... .......... 19% 26.7M 1s
+#5 2.309   7500K .......... .......... .......... .......... .......... 19% 46.8M 1s
+#5 2.312   7550K .......... .......... .......... .......... .......... 19% 29.7M 1s
+#5 2.312   7600K .......... .......... .......... .......... .......... 19% 79.4M 1s
+#5 2.312   7650K .......... .......... .......... .......... .......... 19% 66.5M 1s
+#5 2.313   7700K .......... .......... .......... .......... .......... 19% 36.9M 1s
+#5 2.314   7750K .......... .......... .......... .......... .......... 20%  323M 1s
+#5 2.315   7800K .......... .......... .......... .......... .......... 20% 18.3M 1s
+#5 2.317   7850K .......... .......... .......... .......... .......... 20%  172M 1s
+#5 2.317   7900K .......... .......... .......... .......... .......... 20% 44.2M 1s
+#5 2.318   7950K .......... .......... .......... .......... .......... 20%  328M 1s
+#5 2.320   8000K .......... .......... .......... .......... .......... 20% 26.9M 1s
+#5 2.320   8050K .......... .......... .......... .......... .......... 20% 17.3M 1s
+#5 2.323   8100K .......... .......... .......... .......... .......... 20%  128M 1s
+#5 2.323   8150K .......... .......... .......... .......... .......... 21% 46.5M 1s
+#5 2.325   8200K .......... .......... .......... .......... .......... 21% 30.2M 1s
+#5 2.326   8250K .......... .......... .......... .......... .......... 21%  325M 1s
+#5 2.327   8300K .......... .......... .......... .......... .......... 21% 5.73M 1s
+#5 2.335   8350K .......... .......... .......... .......... .......... 21% 74.5M 1s
+#5 2.336   8400K .......... .......... .......... .......... .......... 21% 31.3M 1s
+#5 2.337   8450K .......... .......... .......... .......... .......... 21%  417M 1s
+#5 2.339   8500K .......... .......... .......... .......... .......... 22% 50.8M 1s
+#5 2.339   8550K .......... .......... .......... .......... .......... 22% 5.10M 1s
+#5 2.348   8600K .......... .......... .......... .......... .......... 22% 83.5M 1s
+#5 2.348   8650K .......... .......... .......... .......... .......... 22% 42.1M 1s
+#5 2.350   8700K .......... .......... .......... .......... .......... 22%  250M 1s
+#5 2.350   8750K .......... .......... .......... .......... .......... 22% 33.1M 1s
+#5 2.351   8800K .......... .......... .......... .......... .......... 22% 5.43M 1s
+#5 2.360   8850K .......... .......... .......... .......... .......... 22% 51.8M 1s
+#5 2.361   8900K .......... .......... .......... .......... .......... 23%  406M 1s
+#5 2.361   8950K .......... .......... .......... .......... .......... 23% 58.2M 1s
+#5 2.362   9000K .......... .......... .......... .......... .......... 23% 30.4M 1s
+#5 2.364   9050K .......... .......... .......... .......... .......... 23% 6.61M 1s
+#5 2.371   9100K .......... .......... .......... .......... .......... 23% 45.4M 1s
+#5 2.372   9150K .......... .......... .......... .......... .......... 23% 67.8M 1s
+#5 2.373   9200K .......... .......... .......... .......... .......... 23% 25.0M 1s
+#5 2.375   9250K .......... .......... .......... .......... .......... 23% 39.5M 1s
+#5 2.376   9300K .......... .......... .......... .......... .......... 24%  136M 1s
+#5 2.381   9350K .......... .......... .......... .......... .......... 24% 9.96M 1s
+#5 2.381   9400K .......... .......... .......... .......... .......... 24% 95.5M 1s
+#5 2.382   9450K .......... .......... .......... .......... .......... 24% 48.4M 1s
+#5 2.384   9500K .......... .......... .......... .......... .......... 24%  144M 1s
+#5 2.384   9550K .......... .......... .......... .......... .......... 24% 12.8M 1s
+#5 2.387   9600K .......... .......... .......... .......... .......... 24%  171M 1s
+#5 2.387   9650K .......... .......... .......... .......... .......... 24% 60.9M 1s
+#5 2.388   9700K .......... .......... .......... .......... .......... 25% 70.3M 1s
+#5 2.389   9750K .......... .......... .......... .......... .......... 25% 51.2M 1s
+#5 2.390   9800K .......... .......... .......... .......... .......... 25% 86.8M 1s
+#5 2.390   9850K .......... .......... .......... .......... .......... 25% 15.9M 1s
+#5 2.393   9900K .......... .......... .......... .......... .......... 25% 58.6M 1s
+#5 2.394   9950K .......... .......... .......... .......... .......... 25%  368M 1s
+#5 2.395  10000K .......... .......... .......... .......... .......... 25% 55.5M 1s
+#5 2.395  10050K .......... .......... .......... .......... .......... 26% 26.2M 1s
+#5 2.397  10100K .......... .......... .......... .......... .......... 26% 18.1M 1s
+#5 2.400  10150K .......... .......... .......... .......... .......... 26% 54.6M 1s
+#5 2.401  10200K .......... .......... .......... .......... .......... 26% 45.5M 1s
+#5 2.402  10250K .......... .......... .......... .......... .......... 26% 44.2M 1s
+#5 2.404  10300K .......... .......... .......... .......... .......... 26%  234M 1s
+#5 2.404  10350K .......... .......... .......... .......... .......... 26% 6.55M 1s
+#5 2.411  10400K .......... .......... .......... .......... .......... 26% 46.1M 1s
+#5 2.412  10450K .......... .......... .......... .......... .......... 27% 65.8M 1s
+#5 2.413  10500K .......... .......... .......... .......... .......... 27%  267M 1s
+#5 2.413  10550K .......... .......... .......... .......... .......... 27% 49.0M 1s
+#5 2.413  10600K .......... .......... .......... .......... .......... 27% 5.69M 1s
+#5 2.422  10650K .......... .......... .......... .......... .......... 27%  402M 1s
+#5 2.423  10700K .......... .......... .......... .......... .......... 27% 53.9M 1s
+#5 2.423  10750K .......... .......... .......... .......... .......... 27% 33.8M 1s
+#5 2.425  10800K .......... .......... .......... .......... .......... 27% 16.6M 1s
+#5 2.427  10850K .......... .......... .......... .......... .......... 28% 5.89M 1s
+#5 2.436  10900K .......... .......... .......... .......... .......... 28% 36.2M 1s
+#5 2.437  10950K .......... .......... .......... .......... .......... 28%  354M 1s
+#5 2.438  11000K .......... .......... .......... .......... .......... 28% 54.5M 1s
+#5 2.438  11050K .......... .......... .......... .......... .......... 28% 23.3M 1s
+#5 2.440  11100K .......... .......... .......... .......... .......... 28% 7.17M 1s
+#5 2.447  11150K .......... .......... .......... .......... .......... 28% 40.9M 1s
+#5 2.448  11200K .......... .......... .......... .......... .......... 28% 38.3M 1s
+#5 2.450  11250K .......... .......... .......... .......... .......... 29% 67.9M 1s
+#5 2.450  11300K .......... .......... .......... .......... .......... 29% 48.5M 1s
+#5 2.451  11350K .......... .......... .......... .......... .......... 29% 9.41M 1s
+#5 2.457  11400K .......... .......... .......... .......... .......... 29% 82.0M 1s
+#5 2.457  11450K .......... .......... .......... .......... .......... 29% 70.0M 1s
+#5 2.458  11500K .......... .......... .......... .......... .......... 29% 28.3M 1s
+#5 2.459  11550K .......... .......... .......... .......... .......... 29%  384M 1s
+#5 2.459  11600K .......... .......... .......... .......... .......... 29% 87.8M 1s
+#5 2.460  11650K .......... .......... .......... .......... .......... 30% 18.7M 1s
+#5 2.463  11700K .......... .......... .......... .......... .......... 30% 58.6M 1s
+#5 2.464  11750K .......... .......... .......... .......... .......... 30% 23.9M 1s
+#5 2.466  11800K .......... .......... .......... .......... .......... 30% 38.5M 1s
+#5 2.467  11850K .......... .......... .......... .......... .......... 30%  357M 1s
+#5 2.467  11900K .......... .......... .......... .......... .......... 30% 10.3M 1s
+#5 2.472  11950K .......... .......... .......... .......... .......... 30% 53.4M 1s
+#5 2.473  12000K .......... .......... .......... .......... .......... 31% 47.3M 1s
+#5 2.474  12050K .......... .......... .......... .......... .......... 31%  416M 1s
+#5 2.475  12100K .......... .......... .......... .......... .......... 31% 62.9M 1s
+#5 2.475  12150K .......... .......... .......... .......... .......... 31% 8.33M 1s
+#5 2.480  12200K .......... .......... .......... .......... .......... 31% 51.4M 1s
+#5 2.481  12250K .......... .......... .......... .......... .......... 31%  420M 1s
+#5 2.481  12300K .......... .......... .......... .......... .......... 31% 26.4M 1s
+#5 2.483  12350K .......... .......... .......... .......... .......... 31% 36.9M 1s
+#5 2.485  12400K .......... .......... .......... .......... .......... 32% 6.43M 1s
+#5 2.492  12450K .......... .......... .......... .......... .......... 32% 41.0M 1s
+#5 2.494  12500K .......... .......... .......... .......... .......... 32% 32.7M 1s
+#5 2.495  12550K .......... .......... .......... .......... .......... 32% 43.7M 1s
+#5 2.496  12600K .......... .......... .......... .......... .......... 32% 38.4M 1s
+#5 2.498  12650K .......... .......... .......... .......... .......... 32% 5.75M 1s
+#5 2.506  12700K .......... .......... .......... .......... .......... 32% 67.6M 1s
+#5 2.507  12750K .......... .......... .......... .......... .......... 32%  395M 1s
+#5 2.507  12800K .......... .......... .......... .......... .......... 33% 55.6M 1s
+#5 2.507  12850K .......... .......... .......... .......... .......... 33% 36.6M 1s
+#5 2.509  12900K .......... .......... .......... .......... .......... 33% 5.20M 1s
+#5 2.519  12950K .......... .......... .......... .......... .......... 33% 43.6M 1s
+#5 2.520  13000K .......... .......... .......... .......... .......... 33%  372M 1s
+#5 2.520  13050K .......... .......... .......... .......... .......... 33% 19.3M 1s
+#5 2.522  13100K .......... .......... .......... .......... .......... 33% 76.6M 1s
+#5 2.523  13150K .......... .......... .......... .......... .......... 33% 6.46M 1s
+#5 2.531  13200K .......... .......... .......... .......... .......... 34% 65.8M 1s
+#5 2.531  13250K .......... .......... .......... .......... .......... 34% 65.4M 1s
+#5 2.532  13300K .......... .......... .......... .......... .......... 34%  378M 1s
+#5 2.533  13350K .......... .......... .......... .......... .......... 34% 17.6M 1s
+#5 2.535  13400K .......... .......... .......... .......... .......... 34% 58.8M 1s
+#5 2.538  13450K .......... .......... .......... .......... .......... 34% 21.2M 1s
+#5 2.538  13500K .......... .......... .......... .......... .......... 34% 34.6M 1s
+#5 2.539  13550K .......... .......... .......... .......... .......... 35% 20.8M 1s
+#5 2.542  13600K .......... .......... .......... .......... .......... 35% 61.0M 1s
+#5 2.542  13650K .......... .......... .......... .......... .......... 35%  239M 1s
+#5 2.545  13700K .......... .......... .......... .......... .......... 35% 22.2M 1s
+#5 2.545  13750K .......... .......... .......... .......... .......... 35% 62.6M 1s
+#5 2.546  13800K .......... .......... .......... .......... .......... 35% 66.2M 1s
+#5 2.546  13850K .......... .......... .......... .......... .......... 35% 60.9M 1s
+#5 2.547  13900K .......... .......... .......... .......... .......... 35%  187M 1s
+#5 2.551  13950K .......... .......... .......... .......... .......... 36% 12.1M 1s
+#5 2.551  14000K .......... .......... .......... .......... .......... 36% 68.0M 1s
+#5 2.552  14050K .......... .......... .......... .......... .......... 36%  220M 1s
+#5 2.554  14100K .......... .......... .......... .......... .......... 36% 32.3M 1s
+#5 2.554  14150K .......... .......... .......... .......... .......... 36% 43.4M 1s
+#5 2.555  14200K .......... .......... .......... .......... .......... 36% 7.68M 1s
+#5 2.561  14250K .......... .......... .......... .......... .......... 36% 45.4M 1s
+#5 2.562  14300K .......... .......... .......... .......... .......... 36% 38.2M 1s
+#5 2.564  14350K .......... .......... .......... .......... .......... 37% 90.3M 1s
+#5 2.564  14400K .......... .......... .......... .......... .......... 37% 15.7M 1s
+#5 2.567  14450K .......... .......... .......... .......... .......... 37% 6.17M 1s
+#5 2.575  14500K .......... .......... .......... .......... .......... 37% 59.9M 1s
+#5 2.576  14550K .......... .......... .......... .......... .......... 37% 74.6M 1s
+#5 2.577  14600K .......... .......... .......... .......... .......... 37% 86.0M 1s
+#5 2.577  14650K .......... .......... .......... .......... .......... 37% 21.4M 1s
+#5 2.579  14700K .......... .......... .......... .......... .......... 37% 5.81M 1s
+#5 2.588  14750K .......... .......... .......... .......... .......... 38% 55.5M 1s
+#5 2.589  14800K .......... .......... .......... .......... .......... 38%  314M 1s
+#5 2.590  14850K .......... .......... .......... .......... .......... 38% 56.8M 1s
+#5 2.590  14900K .......... .......... .......... .......... .......... 38% 39.2M 1s
+#5 2.591  14950K .......... .......... .......... .......... .......... 38% 4.98M 1s
+#5 2.601  15000K .......... .......... .......... .......... .......... 38%  370M 1s
+#5 2.602  15050K .......... .......... .......... .......... .......... 38% 53.4M 1s
+#5 2.602  15100K .......... .......... .......... .......... .......... 39% 29.2M 1s
+#5 2.604  15150K .......... .......... .......... .......... .......... 39% 14.0M 1s
+#5 2.607  15200K .......... .......... .......... .......... .......... 39% 7.16M 1s
+#5 2.614  15250K .......... .......... .......... .......... .......... 39%  150M 1s
+#5 2.614  15300K .......... .......... .......... .......... .......... 39% 54.3M 1s
+#5 2.615  15350K .......... .......... .......... .......... .......... 39% 50.6M 1s
+#5 2.616  15400K .......... .......... .......... .......... .......... 39% 32.1M 1s
+#5 2.618  15450K .......... .......... .......... .......... .......... 39%  127M 1s
+#5 2.623  15500K .......... .......... .......... .......... .......... 40% 9.25M 1s
+#5 2.624  15550K .......... .......... .......... .......... .......... 40% 73.9M 1s
+#5 2.624  15600K .......... .......... .......... .......... .......... 40% 62.0M 1s
+#5 2.625  15650K .......... .......... .......... .......... .......... 40% 29.5M 1s
+#5 2.627  15700K .......... .......... .......... .......... .......... 40% 24.8M 1s
+#5 2.630  15750K .......... .......... .......... .......... .......... 40% 17.4M 1s
+#5 2.631  15800K .......... .......... .......... .......... .......... 40% 64.7M 1s
+#5 2.632  15850K .......... .......... .......... .......... .......... 40% 65.2M 1s
+#5 2.633  15900K .......... .......... .......... .......... .......... 41% 31.3M 1s
+#5 2.634  15950K .......... .......... .......... .......... .......... 41%  199M 1s
+#5 2.635  16000K .......... .......... .......... .......... .......... 41% 16.4M 1s
+#5 2.637  16050K .......... .......... .......... .......... .......... 41% 65.9M 1s
+#5 2.638  16100K .......... .......... .......... .......... .......... 41% 32.4M 1s
+#5 2.640  16150K .......... .......... .......... .......... .......... 41%  408M 1s
+#5 2.641  16200K .......... .......... .......... .......... .......... 41% 30.6M 1s
+#5 2.641  16250K .......... .......... .......... .......... .......... 41% 15.5M 1s
+#5 2.645  16300K .......... .......... .......... .......... .......... 42% 61.8M 1s
+#5 2.645  16350K .......... .......... .......... .......... .......... 42%  431M 1s
+#5 2.645  16400K .......... .......... .......... .......... .......... 42% 30.1M 1s
+#5 2.647  16450K .......... .......... .......... .......... .......... 42% 23.6M 1s
+#5 2.649  16500K .......... .......... .......... .......... .......... 42% 11.2M 1s
+#5 2.654  16550K .......... .......... .......... .......... .......... 42% 48.5M 1s
+#5 2.655  16600K .......... .......... .......... .......... .......... 42% 50.6M 1s
+#5 2.656  16650K .......... .......... .......... .......... .......... 42% 17.6M 1s
+#5 2.658  16700K .......... .......... .......... .......... .......... 43%  117M 1s
+#5 2.659  16750K .......... .......... .......... .......... .......... 43% 5.64M 1s
+#5 2.667  16800K .......... .......... .......... .......... .......... 43% 47.4M 1s
+#5 2.668  16850K .......... .......... .......... .......... .......... 43%  408M 1s
+#5 2.670  16900K .......... .......... .......... .......... .......... 43% 43.4M 1s
+#5 2.670  16950K .......... .......... .......... .......... .......... 43% 22.8M 1s
+#5 2.672  17000K .......... .......... .......... .......... .......... 43% 5.88M 1s
+#5 2.680  17050K .......... .......... .......... .......... .......... 44% 63.0M 1s
+#5 2.681  17100K .......... .......... .......... .......... .......... 44%  138M 1s
+#5 2.681  17150K .......... .......... .......... .......... .......... 44% 42.8M 1s
+#5 2.682  17200K .......... .......... .......... .......... .......... 44% 28.1M 1s
+#5 2.684  17250K .......... .......... .......... .......... .......... 44% 6.02M 1s
+#5 2.693  17300K .......... .......... .......... .......... .......... 44% 40.3M 1s
+#5 2.693  17350K .......... .......... .......... .......... .......... 44% 66.4M 1s
+#5 2.694  17400K .......... .......... .......... .......... .......... 44% 42.3M 1s
+#5 2.695  17450K .......... .......... .......... .......... .......... 45%  195M 1s
+#5 2.695  17500K .......... .......... .......... .......... .......... 45% 6.17M 1s
+#5 2.704  17550K .......... .......... .......... .......... .......... 45%  186M 1s
+#5 2.704  17600K .......... .......... .......... .......... .......... 45% 34.4M 1s
+#5 2.705  17650K .......... .......... .......... .......... .......... 45% 68.2M 1s
+#5 2.706  17700K .......... .......... .......... .......... .......... 45% 26.4M 1s
+#5 2.708  17750K .......... .......... .......... .......... .......... 45% 22.7M 1s
+#5 2.710  17800K .......... .......... .......... .......... .......... 45%  361M 1s
+#5 2.710  17850K .......... .......... .......... .......... .......... 46% 51.1M 1s
+#5 2.711  17900K .......... .......... .......... .......... .......... 46% 29.2M 1s
+#5 2.713  17950K .......... .......... .......... .......... .......... 46% 25.4M 1s
+#5 2.715  18000K .......... .......... .......... .......... .......... 46%  362M 1s
+#5 2.717  18050K .......... .......... .......... .......... .......... 46% 20.6M 1s
+#5 2.717  18100K .......... .......... .......... .......... .......... 46% 45.7M 1s
+#5 2.718  18150K .......... .......... .......... .......... .......... 46% 22.0M 1s
+#5 2.721  18200K .......... .......... .......... .......... .......... 46%  341M 1s
+#5 2.721  18250K .......... .......... .......... .......... .......... 47% 67.1M 1s
+#5 2.721  18300K .......... .......... .......... .......... .......... 47% 14.6M 1s
+#5 2.725  18350K .......... .......... .......... .......... .......... 47% 33.3M 1s
+#5 2.726  18400K .......... .......... .......... .......... .......... 47% 26.9M 1s
+#5 2.728  18450K .......... .......... .......... .......... .......... 47% 16.1M 1s
+#5 2.731  18500K .......... .......... .......... .......... .......... 47% 77.3M 1s
+#5 2.732  18550K .......... .......... .......... .......... .......... 47% 7.42M 1s
+#5 2.739  18600K .......... .......... .......... .......... .......... 48% 51.4M 1s
+#5 2.739  18650K .......... .......... .......... .......... .......... 48% 30.4M 1s
+#5 2.741  18700K .......... .......... .......... .......... .......... 48%  294M 1s
+#5 2.743  18750K .......... .......... .......... .......... .......... 48% 25.6M 1s
+#5 2.743  18800K .......... .......... .......... .......... .......... 48% 5.04M 1s
+#5 2.753  18850K .......... .......... .......... .......... .......... 48%  107M 1s
+#5 2.753  18900K .......... .......... .......... .......... .......... 48% 39.0M 1s
+#5 2.754  18950K .......... .......... .......... .......... .......... 48% 19.0M 1s
+#5 2.757  19000K .......... .......... .......... .......... .......... 49% 74.5M 1s
+#5 2.758  19050K .......... .......... .......... .......... .......... 49% 5.05M 1s
+#5 2.767  19100K .......... .......... .......... .......... .......... 49% 36.4M 1s
+#5 2.768  19150K .......... .......... .......... .......... .......... 49% 68.4M 1s
+#5 2.769  19200K .......... .......... .......... .......... .......... 49% 39.2M 1s
+#5 2.770  19250K .......... .......... .......... .......... .......... 49%  374M 1s
+#5 2.770  19300K .......... .......... .......... .......... .......... 49% 4.52M 1s
+#5 2.781  19350K .......... .......... .......... .......... .......... 49% 60.0M 1s
+#5 2.782  19400K .......... .......... .......... .......... .......... 50% 38.7M 1s
+#5 2.783  19450K .......... .......... .......... .......... .......... 50% 25.6M 1s
+#5 2.785  19500K .......... .......... .......... .......... .......... 50%  112M 1s
+#5 2.786  19550K .......... .......... .......... .......... .......... 50% 6.29M 1s
+#5 2.794  19600K .......... .......... .......... .......... .......... 50%  105M 1s
+#5 2.794  19650K .......... .......... .......... .......... .......... 50% 85.5M 1s
+#5 2.794  19700K .......... .......... .......... .......... .......... 50% 56.6M 1s
+#5 2.795  19750K .......... .......... .......... .......... .......... 50% 55.6M 1s
+#5 2.796  19800K .......... .......... .......... .......... .......... 51% 40.8M 1s
+#5 2.805  19850K .......... .......... .......... .......... .......... 51% 7.27M 1s
+#5 2.805  19900K .......... .......... .......... .......... .......... 51% 25.3M 1s
+#5 2.806  19950K .......... .......... .......... .......... .......... 51% 24.7M 1s
+#5 2.808  20000K .......... .......... .......... .......... .......... 51%  355M 1s
+#5 2.808  20050K .......... .......... .......... .......... .......... 51% 76.9M 1s
+#5 2.809  20100K .......... .......... .......... .......... .......... 51% 20.1M 1s
+#5 2.811  20150K .......... .......... .......... .......... .......... 52% 32.4M 1s
+#5 2.813  20200K .......... .......... .......... .......... .......... 52% 54.8M 1s
+#5 2.814  20250K .......... .......... .......... .......... .......... 52%  383M 1s
+#5 2.814  20300K .......... .......... .......... .......... .......... 52% 29.8M 1s
+#5 2.818  20350K .......... .......... .......... .......... .......... 52% 18.1M 1s
+#5 2.818  20400K .......... .......... .......... .......... .......... 52% 52.4M 1s
+#5 2.820  20450K .......... .......... .......... .......... .......... 52% 35.8M 1s
+#5 2.821  20500K .......... .......... .......... .......... .......... 52% 20.2M 1s
+#5 2.823  20550K .......... .......... .......... .......... .......... 53%  159M 1s
+#5 2.823  20600K .......... .......... .......... .......... .......... 53% 16.8M 1s
+#5 2.827  20650K .......... .......... .......... .......... .......... 53% 63.0M 1s
+#5 2.827  20700K .......... .......... .......... .......... .......... 53% 47.4M 1s
+#5 2.828  20750K .......... .......... .......... .......... .......... 53%  331M 1s
+#5 2.828  20800K .......... .......... .......... .......... .......... 53% 14.0M 1s
+#5 2.832  20850K .......... .......... .......... .......... .......... 53% 14.3M 1s
+#5 2.836  20900K .......... .......... .......... .......... .......... 53% 23.8M 1s
+#5 2.837  20950K .......... .......... .......... .......... .......... 54% 79.9M 1s
+#5 2.838  21000K .......... .......... .......... .......... .......... 54% 17.0M 1s
+#5 2.841  21050K .......... .......... .......... .......... .......... 54%  182M 1s
+#5 2.841  21100K .......... .......... .......... .......... .......... 54% 5.65M 1s
+#5 2.850  21150K .......... .......... .......... .......... .......... 54% 40.5M 1s
+#5 2.851  21200K .......... .......... .......... .......... .......... 54% 53.0M 1s
+#5 2.852  21250K .......... .......... .......... .......... .......... 54%  391M 1s
+#5 2.853  21300K .......... .......... .......... .......... .......... 54% 31.5M 1s
+#5 2.854  21350K .......... .......... .......... .......... .......... 55% 5.12M 1s
+#5 2.863  21400K .......... .......... .......... .......... .......... 55%  338M 1s
+#5 2.863  21450K .......... .......... .......... .......... .......... 55% 51.7M 1s
+#5 2.864  21500K .......... .......... .......... .......... .......... 55% 33.2M 1s
+#5 2.865  21550K .......... .......... .......... .......... .......... 55% 30.6M 1s
+#5 2.867  21600K .......... .......... .......... .......... .......... 55% 5.34M 1s
+#5 2.876  21650K .......... .......... .......... .......... .......... 55%  348M 1s
+#5 2.877  21700K .......... .......... .......... .......... .......... 55% 25.0M 1s
+#5 2.878  21750K .......... .......... .......... .......... .......... 56% 37.4M 1s
+#5 2.879  21800K .......... .......... .......... .......... .......... 56%  374M 1s
+#5 2.882  21850K .......... .......... .......... .......... .......... 56% 21.0M 1s
+#5 2.890  21900K .......... .......... .......... .......... .......... 56% 5.68M 1s
+#5 2.891  21950K .......... .......... .......... .......... .......... 56% 42.5M 1s
+#5 2.892  22000K .......... .......... .......... .......... .......... 56% 30.0M 1s
+#5 2.894  22050K .......... .......... .......... .......... .......... 56%  195M 1s
+#5 2.895  22100K .......... .......... .......... .......... .......... 57% 5.80M 1s
+#5 2.902  22150K .......... .......... .......... .......... .......... 57%  281M 1s
+#5 2.902  22200K .......... .......... .......... .......... .......... 57% 31.8M 1s
+#5 2.904  22250K .......... .......... .......... .......... .......... 57%  340M 1s
+#5 2.905  22300K .......... .......... .......... .......... .......... 57% 34.4M 1s
+#5 2.905  22350K .......... .......... .......... .......... .......... 57% 21.2M 1s
+#5 2.908  22400K .......... .......... .......... .......... .......... 57% 17.5M 1s
+#5 2.911  22450K .......... .......... .......... .......... .......... 57% 51.3M 1s
+#5 2.911  22500K .......... .......... .......... .......... .......... 58% 31.7M 1s
+#5 2.913  22550K .......... .......... .......... .......... .......... 58%  216M 1s
+#5 2.913  22600K .......... .......... .......... .......... .......... 58% 34.9M 1s
+#5 2.915  22650K .......... .......... .......... .......... .......... 58% 16.3M 1s
+#5 2.918  22700K .......... .......... .......... .......... .......... 58% 85.1M 1s
+#5 2.918  22750K .......... .......... .......... .......... .......... 58% 39.5M 1s
+#5 2.919  22800K .......... .......... .......... .......... .......... 58%  381M 1s
+#5 2.921  22850K .......... .......... .......... .......... .......... 58% 29.6M 1s
+#5 2.921  22900K .......... .......... .......... .......... .......... 59% 13.5M 1s
+#5 2.925  22950K .......... .......... .......... .......... .......... 59% 53.2M 1s
+#5 2.926  23000K .......... .......... .......... .......... .......... 59% 57.4M 1s
+#5 2.928  23050K .......... .......... .......... .......... .......... 59% 45.6M 1s
+#5 2.928  23100K .......... .......... .......... .......... .......... 59% 19.4M 1s
+#5 2.931  23150K .......... .......... .......... .......... .......... 59% 8.55M 1s
+#5 2.936  23200K .......... .......... .......... .......... .......... 59% 55.4M 1s
+#5 2.937  23250K .......... .......... .......... .......... .......... 59%  323M 1s
+#5 2.939  23300K .......... .......... .......... .......... .......... 60% 35.8M 1s
+#5 2.939  23350K .......... .......... .......... .......... .......... 60% 14.3M 1s
+#5 2.942  23400K .......... .......... .......... .......... .......... 60% 6.43M 1s
+#5 2.950  23450K .......... .......... .......... .......... .......... 60% 47.8M 1s
+#5 2.951  23500K .......... .......... .......... .......... .......... 60% 32.2M 1s
+#5 2.952  23550K .......... .......... .......... .......... .......... 60% 14.1M 1s
+#5 2.955  23600K .......... .......... .......... .......... .......... 60%  362M 1s
+#5 2.955  23650K .......... .......... .......... .......... .......... 61% 5.77M 1s
+#5 2.964  23700K .......... .......... .......... .......... .......... 61% 70.2M 1s
+#5 2.964  23750K .......... .......... .......... .......... .......... 61% 42.1M 1s
+#5 2.966  23800K .......... .......... .......... .......... .......... 61%  340M 1s
+#5 2.969  23850K .......... .......... .......... .......... .......... 61% 16.7M 1s
+#5 2.969  23900K .......... .......... .......... .......... .......... 61% 5.43M 1s
+#5 2.978  23950K .......... .......... .......... .......... .......... 61%  316M 1s
+#5 2.979  24000K .......... .......... .......... .......... .......... 61% 42.3M 1s
+#5 2.979  24050K .......... .......... .......... .......... .......... 62% 53.4M 1s
+#5 2.980  24100K .......... .......... .......... .......... .......... 62% 45.8M 1s
+#5 2.981  24150K .......... .......... .......... .......... .......... 62% 6.21M 1s
+#5 2.989  24200K .......... .......... .......... .......... .......... 62% 74.4M 1s
+#5 2.990  24250K .......... .......... .......... .......... .......... 62% 62.1M 1s
+#5 2.990  24300K .......... .......... .......... .......... .......... 62% 21.3M 1s
+#5 2.993  24350K .......... .......... .......... .......... .......... 62%  265M 1s
+#5 2.994  24400K .......... .......... .......... .......... .......... 62% 55.9M 1s
+#5 2.997  24450K .......... .......... .......... .......... .......... 63% 12.7M 1s
+#5 2.997  24500K .......... .......... .......... .......... .......... 63% 46.5M 1s
+#5 2.998  24550K .......... .......... .......... .......... .......... 63% 43.6M 1s
+#5 3.000  24600K .......... .......... .......... .......... .......... 63%  293M 1s
+#5 3.001  24650K .......... .......... .......... .......... .......... 63% 32.8M 1s
+#5 3.001  24700K .......... .......... .......... .......... .......... 63% 15.9M 1s
+#5 3.004  24750K .......... .......... .......... .......... .......... 63% 53.7M 1s
+#5 3.005  24800K .......... .......... .......... .......... .......... 63%  385M 1s
+#5 3.005  24850K .......... .......... .......... .......... .......... 64% 30.3M 1s
+#5 3.007  24900K .......... .......... .......... .......... .......... 64%  317M 1s
+#5 3.007  24950K .......... .......... .......... .......... .......... 64% 8.95M 1s
+#5 3.013  25000K .......... .......... .......... .......... .......... 64% 45.0M 1s
+#5 3.014  25050K .......... .......... .......... .......... .......... 64% 38.7M 1s
+#5 3.015  25100K .......... .......... .......... .......... .......... 64% 26.3M 1s
+#5 3.017  25150K .......... .......... .......... .......... .......... 64%  344M 1s
+#5 3.017  25200K .......... .......... .......... .......... .......... 65% 7.53M 1s
+#5 3.023  25250K .......... .......... .......... .......... .......... 65% 52.9M 1s
+#5 3.024  25300K .......... .......... .......... .......... .......... 65% 57.1M 1s
+#5 3.025  25350K .......... .......... .......... .......... .......... 65%  126M 1s
+#5 3.026  25400K .......... .......... .......... .......... .......... 65% 40.1M 1s
+#5 3.027  25450K .......... .......... .......... .......... .......... 65% 5.43M 1s
+#5 3.036  25500K .......... .......... .......... .......... .......... 65%  275M 1s
+#5 3.037  25550K .......... .......... .......... .......... .......... 65% 26.6M 1s
+#5 3.038  25600K .......... .......... .......... .......... .......... 66% 26.6M 1s
+#5 3.040  25650K .......... .......... .......... .......... .......... 66%  115M 1s
+#5 3.040  25700K .......... .......... .......... .......... .......... 66% 4.77M 1s
+#5 3.050  25750K .......... .......... .......... .......... .......... 66% 69.0M 1s
+#5 3.051  25800K .......... .......... .......... .......... .......... 66%  332M 1s
+#5 3.051  25850K .......... .......... .......... .......... .......... 66% 25.9M 1s
+#5 3.053  25900K .......... .......... .......... .......... .......... 66%  305M 1s
+#5 3.054  25950K .......... .......... .......... .......... .......... 66% 5.57M 1s
+#5 3.062  26000K .......... .......... .......... .......... .......... 67%  346M 1s
+#5 3.063  26050K .......... .......... .......... .......... .......... 67% 33.3M 1s
+#5 3.063  26100K .......... .......... .......... .......... .......... 67% 19.4M 1s
+#5 3.066  26150K .......... .......... .......... .......... .......... 67%  374M 1s
+#5 3.067  26200K .......... .......... .......... .......... .......... 67% 53.1M 1s
+#5 3.073  26250K .......... .......... .......... .......... .......... 67% 8.01M 1s
+#5 3.073  26300K .......... .......... .......... .......... .......... 67% 49.6M 1s
+#5 3.074  26350K .......... .......... .......... .......... .......... 67%  331M 1s
+#5 3.074  26400K .......... .......... .......... .......... .......... 68% 39.0M 1s
+#5 3.076  26450K .......... .......... .......... .......... .......... 68% 25.3M 1s
+#5 3.080  26500K .......... .......... .......... .......... .......... 68% 17.4M 0s
+#5 3.080  26550K .......... .......... .......... .......... .......... 68% 79.6M 0s
+#5 3.082  26600K .......... .......... .......... .......... .......... 68% 54.2M 0s
+#5 3.082  26650K .......... .......... .......... .......... .......... 68% 33.8M 0s
+#5 3.084  26700K .......... .......... .......... .......... .......... 68% 52.3M 0s
+#5 3.084  26750K .......... .......... .......... .......... .......... 69% 19.2M 0s
+#5 3.087  26800K .......... .......... .......... .......... .......... 69% 37.8M 0s
+#5 3.089  26850K .......... .......... .......... .......... .......... 69% 46.3M 0s
+#5 3.089  26900K .......... .......... .......... .......... .......... 69% 21.0M 0s
+#5 3.091  26950K .......... .......... .......... .......... .......... 69% 47.6M 0s
+#5 3.093  27000K .......... .......... .......... .......... .......... 69% 9.60M 0s
+#5 3.097  27050K .......... .......... .......... .......... .......... 69% 55.3M 0s
+#5 3.099  27100K .......... .......... .......... .......... .......... 69% 53.3M 0s
+#5 3.099  27150K .......... .......... .......... .......... .......... 70%  378M 0s
+#5 3.101  27200K .......... .......... .......... .......... .......... 70% 25.5M 0s
+#5 3.101  27250K .......... .......... .......... .......... .......... 70% 6.14M 0s
+#5 3.109  27300K .......... .......... .......... .......... .......... 70% 38.6M 0s
+#5 3.112  27350K .......... .......... .......... .......... .......... 70% 34.8M 0s
+#5 3.112  27400K .......... .......... .......... .......... .......... 70%  154M 0s
+#5 3.114  27450K .......... .......... .......... .......... .......... 70% 34.8M 0s
+#5 3.114  27500K .......... .......... .......... .......... .......... 70% 4.62M 0s
+#5 3.125  27550K .......... .......... .......... .......... .......... 71% 39.6M 0s
+#5 3.125  27600K .......... .......... .......... .......... .......... 71%  383M 0s
+#5 3.126  27650K .......... .......... .......... .......... .......... 71% 38.3M 0s
+#5 3.128  27700K .......... .......... .......... .......... .......... 71% 41.9M 0s
+#5 3.128  27750K .......... .......... .......... .......... .......... 71% 3.48M 0s
+#5 3.142  27800K .......... .......... .......... .......... .......... 71% 83.3M 0s
+#5 3.143  27850K .......... .......... .......... .......... .......... 71% 57.0M 0s
+#5 3.143  27900K .......... .......... .......... .......... .......... 71% 27.5M 0s
+#5 3.145  27950K .......... .......... .......... .......... .......... 72% 75.1M 0s
+#5 3.146  28000K .......... .......... .......... .......... .......... 72% 5.49M 0s
+#5 3.155  28050K .......... .......... .......... .......... .......... 72%  378M 0s
+#5 3.156  28100K .......... .......... .......... .......... .......... 72% 73.0M 0s
+#5 3.156  28150K .......... .......... .......... .......... .......... 72% 47.6M 0s
+#5 3.159  28200K .......... .......... .......... .......... .......... 72% 21.2M 0s
+#5 3.159  28250K .......... .......... .......... .......... .......... 72% 5.63M 0s
+#5 3.168  28300K .......... .......... .......... .......... .......... 72%  227M 0s
+#5 3.168  28350K .......... .......... .......... .......... .......... 73% 76.5M 0s
+#5 3.169  28400K .......... .......... .......... .......... .......... 73% 36.1M 0s
+#5 3.170  28450K .......... .......... .......... .......... .......... 73%  132M 0s
+#5 3.173  28500K .......... .......... .......... .......... .......... 73% 4.40M 0s
+#5 3.182  28550K .......... .......... .......... .......... .......... 73%  288M 0s
+#5 3.182  28600K .......... .......... .......... .......... .......... 73% 47.2M 0s
+#5 3.183  28650K .......... .......... .......... .......... .......... 73% 35.1M 0s
+#5 3.184  28700K .......... .......... .......... .......... .......... 74% 23.2M 0s
+#5 3.186  28750K .......... .......... .......... .......... .......... 74%  194M 0s
+#5 3.186  28800K .......... .......... .......... .......... .......... 74% 4.88M 0s
+#5 3.197  28850K .......... .......... .......... .......... .......... 74% 89.5M 0s
+#5 3.197  28900K .......... .......... .......... .......... .......... 74% 38.7M 0s
+#5 3.198  28950K .......... .......... .......... .......... .......... 74% 19.0M 0s
+#5 3.201  29000K .......... .......... .......... .......... .......... 74%  419M 0s
+#5 3.201  29050K .......... .......... .......... .......... .......... 74% 5.97M 0s
+#5 3.210  29100K .......... .......... .......... .......... .......... 75% 36.9M 0s
+#5 3.210  29150K .......... .......... .......... .......... .......... 75% 47.5M 0s
+#5 3.211  29200K .......... .......... .......... .......... .......... 75%  375M 0s
+#5 3.213  29250K .......... .......... .......... .......... .......... 75% 22.7M 0s
+#5 3.213  29300K .......... .......... .......... .......... .......... 75% 7.15M 0s
+#5 3.220  29350K .......... .......... .......... .......... .......... 75% 56.1M 0s
+#5 3.221  29400K .......... .......... .......... .......... .......... 75%  431M 0s
+#5 3.221  29450K .......... .......... .......... .......... .......... 75% 18.8M 0s
+#5 3.225  29500K .......... .......... .......... .......... .......... 76% 81.3M 0s
+#5 3.226  29550K .......... .......... .......... .......... .......... 76% 6.65M 0s
+#5 3.232  29600K .......... .......... .......... .......... .......... 76% 33.4M 0s
+#5 3.234  29650K .......... .......... .......... .......... .......... 76%  350M 0s
+#5 3.234  29700K .......... .......... .......... .......... .......... 76% 31.7M 0s
+#5 3.235  29750K .......... .......... .......... .......... .......... 76% 21.6M 0s
+#5 3.237  29800K .......... .......... .......... .......... .......... 76% 8.26M 0s
+#5 3.243  29850K .......... .......... .......... .......... .......... 76% 72.5M 0s
+#5 3.244  29900K .......... .......... .......... .......... .......... 77% 39.6M 0s
+#5 3.245  29950K .......... .......... .......... .......... .......... 77% 25.8M 0s
+#5 3.247  30000K .......... .......... .......... .......... .......... 77% 66.3M 0s
+#5 3.248  30050K .......... .......... .......... .......... .......... 77% 16.8M 0s
+#5 3.251  30100K .......... .......... .......... .......... .......... 77% 66.1M 0s
+#5 3.251  30150K .......... .......... .......... .......... .......... 77%  383M 0s
+#5 3.251  30200K .......... .......... .......... .......... .......... 77% 64.7M 0s
+#5 3.252  30250K .......... .......... .......... .......... .......... 78% 34.5M 0s
+#5 3.254  30300K .......... .......... .......... .......... .......... 78% 17.3M 0s
+#5 3.257  30350K .......... .......... .......... .......... .......... 78% 87.2M 0s
+#5 3.257  30400K .......... .......... .......... .......... .......... 78%  119M 0s
+#5 3.257  30450K .......... .......... .......... .......... .......... 78% 61.8M 0s
+#5 3.258  30500K .......... .......... .......... .......... .......... 78% 28.6M 0s
+#5 3.260  30550K .......... .......... .......... .......... .......... 78% 21.8M 0s
+#5 3.263  30600K .......... .......... .......... .......... .......... 78% 87.8M 0s
+#5 3.263  30650K .......... .......... .......... .......... .......... 79% 65.5M 0s
+#5 3.267  30700K .......... .......... .......... .......... .......... 79% 22.7M 0s
+#5 3.267  30750K .......... .......... .......... .......... .......... 79% 94.8M 0s
+#5 3.267  30800K .......... .......... .......... .......... .......... 79%  344M 0s
+#5 3.267  30850K .......... .......... .......... .......... .......... 79% 12.9M 0s
+#5 3.272  30900K .......... .......... .......... .......... .......... 79% 79.7M 0s
+#5 3.272  30950K .......... .......... .......... .......... .......... 79% 69.8M 0s
+#5 3.272  31000K .......... .......... .......... .......... .......... 79% 41.0M 0s
+#5 3.273  31050K .......... .......... .......... .......... .......... 80% 28.4M 0s
+#5 3.275  31100K .......... .......... .......... .......... .......... 80% 11.9M 0s
+#5 3.279  31150K .......... .......... .......... .......... .......... 80% 53.3M 0s
+#5 3.279  31200K .......... .......... .......... .......... .......... 80% 23.5M 0s
+#5 3.282  31250K .......... .......... .......... .......... .......... 80%  414M 0s
+#5 3.283  31300K .......... .......... .......... .......... .......... 80% 22.7M 0s
+#5 3.288  31350K .......... .......... .......... .......... .......... 80% 13.1M 0s
+#5 3.297  31400K .......... .......... .......... .......... .......... 80%  153M 0s
+#5 3.297  31450K .......... .......... .......... .......... .......... 81% 40.1M 0s
+#5 3.297  31500K .......... .......... .......... .......... .......... 81%  242M 0s
+#5 3.297  31550K .......... .......... .......... .......... .......... 81% 18.2M 0s
+#5 3.297  31600K .......... .......... .......... .......... .......... 81% 11.5M 0s
+#5 3.297  31650K .......... .......... .......... .......... .......... 81%  224M 0s
+#5 3.297  31700K .......... .......... .......... .......... .......... 81% 99.0M 0s
+#5 3.297  31750K .......... .......... .......... .......... .......... 81% 19.3M 0s
+#5 3.299  31800K .......... .......... .......... .......... .......... 82% 42.7M 0s
+#5 3.301  31850K .......... .......... .......... .......... .......... 82% 12.1M 0s
+#5 3.305  31900K .......... .......... .......... .......... .......... 82% 63.7M 0s
+#5 3.305  31950K .......... .......... .......... .......... .......... 82%  275M 0s
+#5 3.306  32000K .......... .......... .......... .......... .......... 82% 62.2M 0s
+#5 3.306  32050K .......... .......... .......... .......... .......... 82% 55.5M 0s
+#5 3.308  32100K .......... .......... .......... .......... .......... 82% 6.14M 0s
+#5 3.316  32150K .......... .......... .......... .......... .......... 82%  168M 0s
+#5 3.316  32200K .......... .......... .......... .......... .......... 83%  388M 0s
+#5 3.316  32250K .......... .......... .......... .......... .......... 83% 32.1M 0s
+#5 3.317  32300K .......... .......... .......... .......... .......... 83% 59.7M 0s
+#5 3.318  32350K .......... .......... .......... .......... .......... 83% 5.52M 0s
+#5 3.327  32400K .......... .......... .......... .......... .......... 83% 61.7M 0s
+#5 3.327  32450K .......... .......... .......... .......... .......... 83% 65.8M 0s
+#5 3.328  32500K .......... .......... .......... .......... .......... 83% 22.7M 0s
+#5 3.330  32550K .......... .......... .......... .......... .......... 83%  390M 0s
+#5 3.330  32600K .......... .......... .......... .......... .......... 84% 78.5M 0s
+#5 3.338  32650K .......... .......... .......... .......... .......... 84% 6.22M 0s
+#5 3.339  32700K .......... .......... .......... .......... .......... 84% 33.6M 0s
+#5 3.341  32750K .......... .......... .......... .......... .......... 84% 44.9M 0s
+#5 3.342  32800K .......... .......... .......... .......... .......... 84% 71.1M 0s
+#5 3.342  32850K .......... .......... .......... .......... .......... 84% 51.1M 0s
+#5 3.352  32900K .......... .......... .......... .......... .......... 84% 5.25M 0s
+#5 3.353  32950K .......... .......... .......... .......... .......... 84% 42.7M 0s
+#5 3.354  33000K .......... .......... .......... .......... .......... 85%  363M 0s
+#5 3.354  33050K .......... .......... .......... .......... .......... 85% 20.9M 0s
+#5 3.356  33100K .......... .......... .......... .......... .......... 85%  113M 0s
+#5 3.365  33150K .......... .......... .......... .......... .......... 85% 6.09M 0s
+#5 3.365  33200K .......... .......... .......... .......... .......... 85% 59.8M 0s
+#5 3.365  33250K .......... .......... .......... .......... .......... 85% 32.9M 0s
+#5 3.367  33300K .......... .......... .......... .......... .......... 85% 67.6M 0s
+#5 3.368  33350K .......... .......... .......... .......... .......... 85%  268M 0s
+#5 3.368  33400K .......... .......... .......... .......... .......... 86% 6.68M 0s
+#5 3.375  33450K .......... .......... .......... .......... .......... 86% 66.5M 0s
+#5 3.376  33500K .......... .......... .......... .......... .......... 86% 58.6M 0s
+#5 3.377  33550K .......... .......... .......... .......... .......... 86%  342M 0s
+#5 3.377  33600K .......... .......... .......... .......... .......... 86% 38.2M 0s
+#5 3.378  33650K .......... .......... .......... .......... .......... 86% 16.2M 0s
+#5 3.381  33700K .......... .......... .......... .......... .......... 86% 50.6M 0s
+#5 3.382  33750K .......... .......... .......... .......... .......... 87%  419M 0s
+#5 3.383  33800K .......... .......... .......... .......... .......... 87% 44.4M 0s
+#5 3.383  33850K .......... .......... .......... .......... .......... 87% 59.7M 0s
+#5 3.384  33900K .......... .......... .......... .......... .......... 87% 20.2M 0s
+#5 3.387  33950K .......... .......... .......... .......... .......... 87% 71.4M 0s
+#5 3.387  34000K .......... .......... .......... .......... .......... 87%  425M 0s
+#5 3.388  34050K .......... .......... .......... .......... .......... 87% 83.3M 0s
+#5 3.388  34100K .......... .......... .......... .......... .......... 87% 18.9M 0s
+#5 3.390  34150K .......... .......... .......... .......... .......... 88% 19.3M 0s
+#5 3.393  34200K .......... .......... .......... .......... .......... 88% 67.1M 0s
+#5 3.394  34250K .......... .......... .......... .......... .......... 88% 56.8M 0s
+#5 3.394  34300K .......... .......... .......... .......... .......... 88% 14.3M 0s
+#5 3.398  34350K .......... .......... .......... .......... .......... 88% 73.9M 0s
+#5 3.399  34400K .......... .......... .......... .......... .......... 88% 16.3M 0s
+#5 3.402  34450K .......... .......... .......... .......... .......... 88% 47.6M 0s
+#5 3.403  34500K .......... .......... .......... .......... .......... 88% 47.4M 0s
+#5 3.404  34550K .......... .......... .......... .......... .......... 89% 70.7M 0s
+#5 3.404  34600K .......... .......... .......... .......... .......... 89% 52.4M 0s
+#5 3.406  34650K .......... .......... .......... .......... .......... 89% 6.52M 0s
+#5 3.414  34700K .......... .......... .......... .......... .......... 89%  172M 0s
+#5 3.414  34750K .......... .......... .......... .......... .......... 89%  137M 0s
+#5 3.414  34800K .......... .......... .......... .......... .......... 89% 45.3M 0s
+#5 3.415  34850K .......... .......... .......... .......... .......... 89% 36.0M 0s
+#5 3.416  34900K .......... .......... .......... .......... .......... 89%  299M 0s
+#5 3.424  34950K .......... .......... .......... .......... .......... 90% 5.99M 0s
+#5 3.424  35000K .......... .......... .......... .......... .......... 90% 37.3M 0s
+#5 3.425  35050K .......... .......... .......... .......... .......... 90% 19.9M 0s
+#5 3.428  35100K .......... .......... .......... .......... .......... 90% 50.3M 0s
+#5 3.429  35150K .......... .......... .......... .......... .......... 90% 74.6M 0s
+#5 3.430  35200K .......... .......... .......... .......... .......... 90% 5.98M 0s
+#5 3.438  35250K .......... .......... .......... .......... .......... 90% 42.7M 0s
+#5 3.439  35300K .......... .......... .......... .......... .......... 91%  125M 0s
+#5 3.439  35350K .......... .......... .......... .......... .......... 91% 26.6M 0s
+#5 3.441  35400K .......... .......... .......... .......... .......... 91% 52.3M 0s
+#5 3.442  35450K .......... .......... .......... .......... .......... 91% 6.31M 0s
+#5 3.450  35500K .......... .......... .......... .......... .......... 91% 55.1M 0s
+#5 3.451  35550K .......... .......... .......... .......... .......... 91% 46.8M 0s
+#5 3.452  35600K .......... .......... .......... .......... .......... 91% 50.8M 0s
+#5 3.453  35650K .......... .......... .......... .......... .......... 91%  294M 0s
+#5 3.454  35700K .......... .......... .......... .......... .......... 92% 6.68M 0s
+#5 3.460  35750K .......... .......... .......... .......... .......... 92% 70.9M 0s
+#5 3.461  35800K .......... .......... .......... .......... .......... 92% 58.8M 0s
+#5 3.462  35850K .......... .......... .......... .......... .......... 92% 54.3M 0s
+#5 3.462  35900K .......... .......... .......... .......... .......... 92% 53.3M 0s
+#5 3.464  35950K .......... .......... .......... .......... .......... 92% 16.9M 0s
+#5 3.466  36000K .......... .......... .......... .......... .......... 92%  162M 0s
+#5 3.467  36050K .......... .......... .......... .......... .......... 92% 55.1M 0s
+#5 3.468  36100K .......... .......... .......... .......... .......... 93% 48.7M 0s
+#5 3.469  36150K .......... .......... .......... .......... .......... 93%  372M 0s
+#5 3.469  36200K .......... .......... .......... .......... .......... 93% 13.7M 0s
+#5 3.472  36250K .......... .......... .......... .......... .......... 93% 69.1M 0s
+#5 3.473  36300K .......... .......... .......... .......... .......... 93% 96.2M 0s
+#5 3.474  36350K .......... .......... .......... .......... .......... 93% 23.5M 0s
+#5 3.475  36400K .......... .......... .......... .......... .......... 93% 94.2M 0s
+#5 3.476  36450K .......... .......... .......... .......... .......... 93% 16.3M 0s
+#5 3.479  36500K .......... .......... .......... .......... .......... 94% 87.0M 0s
+#5 3.480  36550K .......... .......... .......... .......... .......... 94%  183M 0s
+#5 3.480  36600K .......... .......... .......... .......... .......... 94% 26.8M 0s
+#5 3.482  36650K .......... .......... .......... .......... .......... 94% 57.6M 0s
+#5 3.483  36700K .......... .......... .......... .......... .......... 94% 13.3M 0s
+#5 3.486  36750K .......... .......... .......... .......... .......... 94%  336M 0s
+#5 3.487  36800K .......... .......... .......... .......... .......... 94% 62.4M 0s
+#5 3.487  36850K .......... .......... .......... .......... .......... 95% 61.7M 0s
+#5 3.488  36900K .......... .......... .......... .......... .......... 95% 25.3M 0s
+#5 3.490  36950K .......... .......... .......... .......... .......... 95% 99.6M 0s
+#5 3.500  37000K .......... .......... .......... .......... .......... 95% 6.26M 0s
+#5 3.500  37050K .......... .......... .......... .......... .......... 95%  198M 0s
+#5 3.500  37100K .......... .......... .......... .......... .......... 95%  152M 0s
+#5 3.500  37150K .......... .......... .......... .......... .......... 95% 36.0M 0s
+#5 3.500  37200K .......... .......... .......... .......... .......... 95% 70.0M 0s
+#5 3.509  37250K .......... .......... .......... .......... .......... 96% 5.76M 0s
+#5 3.509  37300K .......... .......... .......... .......... .......... 96% 88.5M 0s
+#5 3.510  37350K .......... .......... .......... .......... .......... 96% 48.9M 0s
+#5 3.511  37400K .......... .......... .......... .......... .......... 96% 79.3M 0s
+#5 3.511  37450K .......... .......... .......... .......... .......... 96% 21.3M 0s
+#5 3.514  37500K .......... .......... .......... .......... .......... 96% 6.09M 0s
+#5 3.522  37550K .......... .......... .......... .......... .......... 96% 63.8M 0s
+#5 3.523  37600K .......... .......... .......... .......... .......... 96% 50.0M 0s
+#5 3.525  37650K .......... .......... .......... .......... .......... 97% 36.3M 0s
+#5 3.525  37700K .......... .......... .......... .......... .......... 97%  157M 0s
+#5 3.525  37750K .......... .......... .......... .......... .......... 97% 6.40M 0s
+#5 3.533  37800K .......... .......... .......... .......... .......... 97% 36.2M 0s
+#5 3.534  37850K .......... .......... .......... .......... .......... 97%  316M 0s
+#5 3.535  37900K .......... .......... .......... .......... .......... 97% 62.2M 0s
+#5 3.536  37950K .......... .......... .......... .......... .......... 97% 20.3M 0s
+#5 3.538  38000K .......... .......... .......... .......... .......... 97% 9.47M 0s
+#5 3.543  38050K .......... .......... .......... .......... .......... 98% 53.9M 0s
+#5 3.544  38100K .......... .......... .......... .......... .......... 98% 98.8M 0s
+#5 3.544  38150K .......... .......... .......... .......... .......... 98% 63.1M 0s
+#5 3.545  38200K .......... .......... .......... .......... .......... 98% 26.2M 0s
+#5 3.547  38250K .......... .......... .......... .......... .......... 98% 19.0M 0s
+#5 3.550  38300K .......... .......... .......... .......... .......... 98%  187M 0s
+#5 3.550  38350K .......... .......... .......... .......... .......... 98%  169M 0s
+#5 3.550  38400K .......... .......... .......... .......... .......... 98% 74.4M 0s
+#5 3.550  38450K .......... .......... .......... .......... .......... 99% 58.1M 0s
+#5 3.551  38500K .......... .......... .......... .......... .......... 99% 19.2M 0s
+#5 3.554  38550K .......... .......... .......... .......... .......... 99% 59.2M 0s
+#5 3.555  38600K .......... .......... .......... .......... .......... 99%  406M 0s
+#5 3.555  38650K .......... .......... .......... .......... .......... 99% 17.7M 0s
+#5 3.557  38700K .......... .......... .......... .......... .......... 99% 61.0M 0s
+#5 3.558  38750K .......... .......... .......... .......... .......... 99% 18.8M 0s
+#5 3.561  38800K .......... .......... .......... .........            100% 83.6M=1.6s
+#5 3.562 
+#5 3.562 2024-11-11 09:50:03 (24.3 MB/s) - written to stdout [39771622/39771622]
+#5 3.562 
+#5 DONE 3.8s
 
 #4 [5/5] COPY docker/launch-cnideploy.sh /usr/local/bin/
 #4 DONE 0.0s
@@ -11104,25 +11107,22 @@ quay.io/noirolabs/opflex-build-base   6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks
 #10 exporting to image
 #10 exporting layers
 #10 exporting layers 1.7s done
-#10 writing image sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034 done
+#10 writing image sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce done
 #10 naming to quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 done
 #10 DONE 1.7s
 +docker images
 REPOSITORY                            TAG                 IMAGE ID       CREATED          SIZE
-quay.io/noirolabs/cnideploy           6.0.4.4.81c2369     cdecf6ab6714   2 seconds ago    492MB
-quay.io/noirolabs/openvswitch         6.0.4.4.81c2369     abc733d75b12   31 seconds ago   660MB
-quay.io/noirolabs/openvswitch-base    6.0.4.4.81c2369     60cf24bb0508   2 minutes ago    1.31GB
+quay.io/noirolabs/cnideploy           6.0.4.4.81c2369     b9c6dcdbf7ea   1 second ago     492MB
+quay.io/noirolabs/openvswitch         6.0.4.4.81c2369     c85998ec121b   29 seconds ago   660MB
+quay.io/noirolabs/openvswitch-base    6.0.4.4.81c2369     076b30c0055f   2 minutes ago    1.31GB
 quay.io/noirolabs/opflex-build-base   6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago      1.2GB
 +docker build -t quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-controller .
-#1 [internal] load build definition from Dockerfile-controller
-#1 DONE 0.0s
-
 #1 [internal] load build definition from Dockerfile-controller
 #1 transferring dockerfile: 1.54kB done
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi:9.3
-#2 DONE 0.6s
+#2 DONE 0.1s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
@@ -11139,60 +11139,60 @@ quay.io/noirolabs/opflex-build-base   6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks
 #8 DONE 1.5s
 
 #9 [3/7] RUN yum install --disablerepo=* --enablerepo=ubi-9-appstream-rpms ...
-#9 0.898 Updating Subscription Management repositories.
-#9 0.898 Unable to read consumer identity
-#9 0.908 
-#9 0.908 This system is not registered with an entitlement server. You can use subscription-manager to register.
-#9 0.908 
-#9 1.016 Last metadata expiration check: 0:00:21 ago on Wed Nov  6 09:39:36 2024.
-#9 1.092 Dependencies resolved.
-#9 1.092 ================================================================================
-#9 1.092  Package          Arch       Version               Repository              Size
-#9 1.092 ================================================================================
-#9 1.092 Installing:
-#9 1.092  curl             x86_64     7.76.1-29.el9_4.1     ubi-9-baseos-rpms      297 k
-#9 1.092 Removing dependent packages:
-#9 1.092  curl-minimal     x86_64     7.76.1-29.el9_4.1     @ubi-9-baseos-rpms     240 k
-#9 1.092 
-#9 1.092 Transaction Summary
-#9 1.092 ================================================================================
-#9 1.092 Install  1 Package
-#9 1.092 Remove   1 Package
-#9 1.092 
-#9 1.092 Total download size: 297 k
-#9 1.092 Downloading Packages:
-#9 1.261 curl-7.76.1-29.el9_4.1.x86_64.rpm               1.7 MB/s | 297 kB     00:00    
-#9 1.261 --------------------------------------------------------------------------------
-#9 1.264 Total                                           1.7 MB/s | 297 kB     00:00     
-#9 1.301 Running transaction check
-#9 1.313 Transaction check succeeded.
-#9 1.313 Running transaction test
-#9 1.372 Transaction test succeeded.
-#9 1.372 Running transaction
-#9 1.458   Preparing        :                                                        1/1 
-#9 1.510   Installing       : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
-#9 1.523   Erasing          : curl-minimal-7.76.1-29.el9_4.1.x86_64                  2/2 
-#9 1.545   Running scriptlet: curl-minimal-7.76.1-29.el9_4.1.x86_64                  2/2 
-#9 1.819   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
-#9 1.819   Verifying        : curl-minimal-7.76.1-29.el9_4.1.x86_64                  2/2 
-#9 1.882 Installed products updated.
-#9 1.892 
-#9 1.892 Installed:
-#9 1.892   curl-7.76.1-29.el9_4.1.x86_64                                                 
-#9 1.892 Removed:
-#9 1.892   curl-minimal-7.76.1-29.el9_4.1.x86_64                                         
-#9 1.892 
-#9 1.892 Complete!
-#9 DONE 2.0s
+#9 0.801 Updating Subscription Management repositories.
+#9 0.801 Unable to read consumer identity
+#9 0.801 
+#9 0.801 This system is not registered with an entitlement server. You can use subscription-manager to register.
+#9 0.801 
+#9 0.908 Last metadata expiration check: 0:00:20 ago on Mon Nov 11 09:49:46 2024.
+#9 0.982 Dependencies resolved.
+#9 0.985 ================================================================================
+#9 0.985  Package          Arch       Version               Repository              Size
+#9 0.985 ================================================================================
+#9 0.985 Installing:
+#9 0.985  curl             x86_64     7.76.1-29.el9_4.1     ubi-9-baseos-rpms      297 k
+#9 0.985 Removing dependent packages:
+#9 0.985  curl-minimal     x86_64     7.76.1-29.el9_4.1     @ubi-9-baseos-rpms     240 k
+#9 0.985 
+#9 0.985 Transaction Summary
+#9 0.985 ================================================================================
+#9 0.985 Install  1 Package
+#9 0.985 Remove   1 Package
+#9 0.985 
+#9 0.986 Total download size: 297 k
+#9 0.987 Downloading Packages:
+#9 1.177 curl-7.76.1-29.el9_4.1.x86_64.rpm               1.6 MB/s | 297 kB     00:00    
+#9 1.181 --------------------------------------------------------------------------------
+#9 1.184 Total                                           1.5 MB/s | 297 kB     00:00     
+#9 1.215 Running transaction check
+#9 1.225 Transaction check succeeded.
+#9 1.225 Running transaction test
+#9 1.292 Transaction test succeeded.
+#9 1.292 Running transaction
+#9 1.383   Preparing        :                                                        1/1 
+#9 1.452   Installing       : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
+#9 1.460   Erasing          : curl-minimal-7.76.1-29.el9_4.1.x86_64                  2/2 
+#9 1.475   Running scriptlet: curl-minimal-7.76.1-29.el9_4.1.x86_64                  2/2 
+#9 1.759   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
+#9 1.759   Verifying        : curl-minimal-7.76.1-29.el9_4.1.x86_64                  2/2 
+#9 1.822 Installed products updated.
+#9 1.832 
+#9 1.832 Installed:
+#9 1.832   curl-7.76.1-29.el9_4.1.x86_64                                                 
+#9 1.832 Removed:
+#9 1.832   curl-minimal-7.76.1-29.el9_4.1.x86_64                                         
+#9 1.832 
+#9 1.832 Complete!
+#9 DONE 1.9s
 
 #7 [4/7] COPY docker/licenses /licenses
 #7 DONE 0.0s
 
 #6 [5/7] RUN curl -LO https://storage.googleapis.com/kubernetes-release/rel...
-#6 0.221   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-#6 0.221                                  Dload  Upload   Total   Spent    Left  Speed
-#6 0.221   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 53.7M  100 53.7M    0     0   167M      0 --:--:-- --:--:-- --:--:--  167M
-#6 DONE 2.3s
+#6 0.243   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+#6 0.243                                  Dload  Upload   Total   Spent    Left  Speed
+#6 0.243   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 53.7M  100 53.7M    0     0   127M      0 --:--:-- --:--:-- --:--:--  127M
+#6 DONE 2.6s
 
 #5 [6/7] COPY pkg/istiocrd/upstream-istio-cr.yaml /usr/local/var/lib/aci-cn...
 #5 DONE 0.0s
@@ -11203,15 +11203,15 @@ quay.io/noirolabs/opflex-build-base   6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks
 #12 exporting to image
 #12 exporting layers
 #12 exporting layers 1.1s done
-#12 writing image sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3 done
+#12 writing image sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c done
 #12 naming to quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 done
 #12 DONE 1.1s
 +docker images
 REPOSITORY                                    TAG                 IMAGE ID       CREATED          SIZE
-quay.io/noirolabs/aci-containers-controller   6.0.4.4.81c2369     df6f1e78129c   1 second ago     648MB
-quay.io/noirolabs/cnideploy                   6.0.4.4.81c2369     cdecf6ab6714   9 seconds ago    492MB
-quay.io/noirolabs/openvswitch                 6.0.4.4.81c2369     abc733d75b12   38 seconds ago   660MB
-quay.io/noirolabs/openvswitch-base            6.0.4.4.81c2369     60cf24bb0508   2 minutes ago    1.31GB
+quay.io/noirolabs/aci-containers-controller   6.0.4.4.81c2369     d41b18f31029   2 seconds ago    648MB
+quay.io/noirolabs/cnideploy                   6.0.4.4.81c2369     b9c6dcdbf7ea   8 seconds ago    492MB
+quay.io/noirolabs/openvswitch                 6.0.4.4.81c2369     c85998ec121b   36 seconds ago   660MB
+quay.io/noirolabs/openvswitch-base            6.0.4.4.81c2369     076b30c0055f   2 minutes ago    1.31GB
 quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago      1.2GB
 +docker build --target without-ovscni -t quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-host .
 #1 [internal] load build definition from Dockerfile-host
@@ -11219,7 +11219,7 @@ quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi-minimal...
-#2 DONE 0.7s
+#2 DONE 0.2s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
@@ -11232,19 +11232,19 @@ quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0
 #12 CACHED
 
 #6 [internal] load build context
-#6 transferring context: 68.08MB 1.1s done
-#6 DONE 1.1s
+#6 transferring context: 68.08MB 1.2s done
+#6 DONE 1.2s
 
 #13 [base  3/15] RUN yum update --disablerepo=* --enablerepo=ubi-9-appstream...
-#13 1.354 Last metadata expiration check: 0:08:12 ago on Wed Nov  6 09:31:52 2024.
-#13 1.416 Dependencies resolved.
-#13 1.417 Nothing to do.
-#13 1.418 Complete!
-#13 DONE 1.7s
+#13 1.164 Last metadata expiration check: 0:08:08 ago on Mon Nov 11 09:42:05 2024.
+#13 1.257 Dependencies resolved.
+#13 1.260 Nothing to do.
+#13 1.260 Complete!
+#13 DONE 1.5s
 
 #19 [base  4/15] RUN yum install --disablerepo=* --enablerepo=ubi-9-appstrea...
-#19 0.366 Last metadata expiration check: 0:08:13 ago on Wed Nov  6 09:31:52 2024.
-#19 0.404 Dependencies resolved.
+#19 0.365 Last metadata expiration check: 0:08:09 ago on Mon Nov 11 09:42:05 2024.
+#19 0.405 Dependencies resolved.
 #19 0.407 ====================================================================================================
 #19 0.407  Package        Arch    Version           Repository                                            Size
 #19 0.407 ====================================================================================================
@@ -11260,324 +11260,324 @@ quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0
 #19 0.407 
 #19 0.408 Total download size: 297 k
 #19 0.408 Downloading Packages:
-#19 0.575 curl-7.76.1-29.el9_4.1.x86_64.rpm               1.8 MB/s | 297 kB     00:00    
-#19 0.576 --------------------------------------------------------------------------------
-#19 0.577 Total                                           1.7 MB/s | 297 kB     00:00     
-#19 0.592 Running transaction check
-#19 0.601 Transaction check succeeded.
-#19 0.601 Running transaction test
-#19 0.649 Transaction test succeeded.
-#19 0.650 Running transaction
-#19 0.739   Preparing        :                                                        1/1 
-#19 0.786   Installing       : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
-#19 0.793   Erasing          : curl-minimal-7.76.1-31.el9.x86_64                      2/2 
-#19 0.801   Running scriptlet: curl-minimal-7.76.1-31.el9.x86_64                      2/2 
+#19 0.598 curl-7.76.1-29.el9_4.1.x86_64.rpm               1.5 MB/s | 297 kB     00:00    
+#19 0.600 --------------------------------------------------------------------------------
+#19 0.600 Total                                           1.5 MB/s | 297 kB     00:00     
+#19 0.615 Running transaction check
+#19 0.625 Transaction check succeeded.
+#19 0.625 Running transaction test
+#19 0.669 Transaction test succeeded.
+#19 0.670 Running transaction
+#19 0.766   Preparing        :                                                        1/1 
+#19 0.813   Installing       : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
+#19 0.821   Erasing          : curl-minimal-7.76.1-31.el9.x86_64                      2/2 
+#19 0.829   Running scriptlet: curl-minimal-7.76.1-31.el9.x86_64                      2/2 
 #19 0.873   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                          1/2 
-#19 0.873   Verifying        : curl-minimal-7.76.1-31.el9.x86_64                      2/2 
-#19 0.922 
-#19 0.922 Installed:
-#19 0.922   curl-7.76.1-29.el9_4.1.x86_64                                                 
-#19 0.922 Removed:
-#19 0.922   curl-minimal-7.76.1-31.el9.x86_64                                             
-#19 0.922 
-#19 0.922 Complete!
+#19 0.874   Verifying        : curl-minimal-7.76.1-31.el9.x86_64                      2/2 
+#19 0.921 
+#19 0.921 Installed:
+#19 0.921   curl-7.76.1-29.el9_4.1.x86_64                                                 
+#19 0.921 Removed:
+#19 0.921   curl-minimal-7.76.1-31.el9.x86_64                                             
+#19 0.921 
+#19 0.921 Complete!
 #19 DONE 1.0s
 
 #11 [base  5/15] RUN yum update --disablerepo=* --repofrompath=centos,https:...
-#11 0.350 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
-#11 0.351 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
-#11 0.822 centos                                           19 MB/s | 8.3 MB     00:00    
-#11 2.544 centos-app                                       52 MB/s |  21 MB     00:00    
-#11 6.929 Last metadata expiration check: 0:00:01 ago on Wed Nov  6 09:40:08 2024.
-#11 7.741 Dependencies resolved.
-#11 7.742 ================================================================================
-#11 7.742  Package        Architecture     Version                 Repository        Size
-#11 7.742 ================================================================================
-#11 7.742 Upgrading:
-#11 7.742  curl           x86_64           7.76.1-31.el9           centos           294 k
-#11 7.742 
-#11 7.742 Transaction Summary
-#11 7.742 ================================================================================
-#11 7.742 Upgrade  1 Package
-#11 7.742 
-#11 7.743 Total download size: 294 k
-#11 7.743 Downloading Packages:
-#11 8.316 curl-7.76.1-31.el9.x86_64.rpm                   514 kB/s | 294 kB     00:00    
-#11 8.318 --------------------------------------------------------------------------------
-#11 8.318 Total                                           511 kB/s | 294 kB     00:00     
-#11 8.319 Running transaction check
-#11 8.351 Transaction check succeeded.
-#11 8.351 Running transaction test
-#11 8.412 Transaction test succeeded.
-#11 8.412 Running transaction
-#11 8.519   Preparing        :                                                        1/1 
-#11 8.558   Upgrading        : curl-7.76.1-31.el9.x86_64                              1/2 
-#11 8.565   Cleanup          : curl-7.76.1-29.el9_4.1.x86_64                          2/2 
-#11 8.573   Running scriptlet: curl-7.76.1-29.el9_4.1.x86_64                          2/2 
-#11 8.689   Verifying        : curl-7.76.1-31.el9.x86_64                              1/2 
-#11 8.689   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                          2/2 
-#11 8.736 
-#11 8.736 Upgraded:
-#11 8.736   curl-7.76.1-31.el9.x86_64                                                     
-#11 8.736 
-#11 8.736 Complete!
+#11 0.361 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
+#11 0.363 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
+#11 0.813 centos                                           20 MB/s | 8.3 MB     00:00    
+#11 2.746 centos-app                                       35 MB/s |  21 MB     00:00    
+#11 7.145 Last metadata expiration check: 0:00:02 ago on Mon Nov 11 09:50:17 2024.
+#11 7.937 Dependencies resolved.
+#11 7.938 ================================================================================
+#11 7.938  Package        Architecture     Version                 Repository        Size
+#11 7.938 ================================================================================
+#11 7.938 Upgrading:
+#11 7.938  curl           x86_64           7.76.1-31.el9           centos           294 k
+#11 7.938 
+#11 7.938 Transaction Summary
+#11 7.938 ================================================================================
+#11 7.938 Upgrade  1 Package
+#11 7.938 
+#11 7.938 Total download size: 294 k
+#11 7.939 Downloading Packages:
+#11 8.388 curl-7.76.1-31.el9.x86_64.rpm                   656 kB/s | 294 kB     00:00    
+#11 8.389 --------------------------------------------------------------------------------
+#11 8.390 Total                                           652 kB/s | 294 kB     00:00     
+#11 8.391 Running transaction check
+#11 8.398 Transaction check succeeded.
+#11 8.399 Running transaction test
+#11 8.438 Transaction test succeeded.
+#11 8.439 Running transaction
+#11 8.505   Preparing        :                                                        1/1 
+#11 8.543   Upgrading        : curl-7.76.1-31.el9.x86_64                              1/2 
+#11 8.551   Cleanup          : curl-7.76.1-29.el9_4.1.x86_64                          2/2 
+#11 8.558   Running scriptlet: curl-7.76.1-29.el9_4.1.x86_64                          2/2 
+#11 8.665   Verifying        : curl-7.76.1-31.el9.x86_64                              1/2 
+#11 8.665   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                          2/2 
+#11 8.715 
+#11 8.715 Upgraded:
+#11 8.715   curl-7.76.1-31.el9.x86_64                                                     
+#11 8.715 
+#11 8.715 Complete!
 #11 DONE 8.8s
 
 #18 [base  6/15] RUN yum install --disablerepo=* --repofrompath=centos,https...
-#18 0.352 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
+#18 0.353 Added centos repo from https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os
 #18 0.353 Added centos-app repo from https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os
-#18 0.536 Last metadata expiration check: 0:00:07 ago on Wed Nov  6 09:40:08 2024.
-#18 0.650 Dependencies resolved.
-#18 0.653 ================================================================================
-#18 0.653  Package                   Arch      Version                Repository     Size
-#18 0.653 ================================================================================
-#18 0.653 Installing:
-#18 0.653  dhcp-client               x86_64    12:4.4.2-19.b1.el9     centos        790 k
-#18 0.653  iptables-nft              x86_64    1.8.10-5.el9           centos        206 k
-#18 0.653  jq                        x86_64    1.6-17.el9             centos        187 k
-#18 0.653  nmstate                   x86_64    2.2.38-1.el9           centos-app    3.2 M
-#18 0.653  tar                       x86_64    2:1.34-7.el9           centos        885 k
-#18 0.653 Installing dependencies:
-#18 0.653  acl                       x86_64    2.3.1-4.el9            centos         71 k
-#18 0.653  cracklib                  x86_64    2.9.6-27.el9           centos         94 k
-#18 0.653  cracklib-dicts            x86_64    2.9.6-27.el9           centos        3.6 M
-#18 0.653  dbus                      x86_64    1:1.12.20-8.el9        centos        3.8 k
-#18 0.653  dbus-broker               x86_64    28-7.el9               centos        172 k
-#18 0.653  dbus-common               noarch    1:1.12.20-8.el9        centos         15 k
-#18 0.653  dhcp-common               noarch    12:4.4.2-19.b1.el9     centos        129 k
-#18 0.653  gzip                      x86_64    1.12-1.el9             centos        163 k
-#18 0.653  ipcalc                    x86_64    1.0.0-5.el9            centos         42 k
-#18 0.653  iproute                   x86_64    6.2.0-5.el9            centos        813 k
-#18 0.653  iptables-libs             x86_64    1.8.10-5.el9           centos        460 k
-#18 0.653  iputils                   x86_64    20210202-11.el9        centos        175 k
-#18 0.653  kmod-libs                 x86_64    28-10.el9              centos         63 k
-#18 0.653  libbpf                    x86_64    2:1.4.0-1.el9          centos        178 k
-#18 0.653  libdb                     x86_64    5.3.28-55.el9          centos        735 k
-#18 0.653  libeconf                  x86_64    0.4.1-4.el9            centos         27 k
-#18 0.653  libfdisk                  x86_64    2.37.4-20.el9          centos        154 k
-#18 0.653  libmnl                    x86_64    1.0.4-16.el9           centos         28 k
-#18 0.653  libnetfilter_conntrack    x86_64    1.0.9-1.el9            centos         59 k
-#18 0.653  libnfnetlink              x86_64    1.0.1-21.el9           centos         30 k
-#18 0.653  libnftnl                  x86_64    1.2.6-4.el9            centos         88 k
-#18 0.653  libpwquality              x86_64    1.4.4-8.el9            centos        119 k
-#18 0.653  libseccomp                x86_64    2.5.2-2.el9            centos         72 k
-#18 0.653  libutempter               x86_64    1.2.1-6.el9            centos         27 k
-#18 0.653  oniguruma                 x86_64    6.9.6-1.el9.6          centos        218 k
-#18 0.653  openssl                   x86_64    1:3.2.2-6.el9          centos        1.4 M
-#18 0.653  pam                       x86_64    1.5.1-20.el9           centos        628 k
-#18 0.653  psmisc                    x86_64    23.4-3.el9             centos        243 k
-#18 0.653  systemd                   x86_64    252-48.el9             centos        4.2 M
-#18 0.653  systemd-pam               x86_64    252-48.el9             centos        285 k
-#18 0.653  systemd-rpm-macros        noarch    252-48.el9             centos         74 k
-#18 0.653  util-linux                x86_64    2.37.4-20.el9          centos        2.3 M
-#18 0.653  util-linux-core           x86_64    2.37.4-20.el9          centos        464 k
-#18 0.653 Installing weak dependencies:
-#18 0.653  geolite2-city             noarch    20191217-6.el9         centos-app     23 M
-#18 0.653  geolite2-country          noarch    20191217-6.el9         centos-app    1.6 M
-#18 0.653  libmaxminddb              x86_64    1.5.2-4.el9            centos-app     33 k
-#18 0.653 
-#18 0.653 Transaction Summary
-#18 0.653 ================================================================================
-#18 0.653 Install  41 Packages
-#18 0.653 
-#18 0.656 Total download size: 47 M
-#18 0.656 Installed size: 129 M
-#18 0.656 Downloading Packages:
-#18 0.760 (1/41): cracklib-2.9.6-27.el9.x86_64.rpm        948 kB/s |  94 kB     00:00    
-#18 0.769 (2/41): acl-2.3.1-4.el9.x86_64.rpm              658 kB/s |  71 kB     00:00    
-#18 0.780 (3/41): dbus-1.12.20-8.el9.x86_64.rpm           228 kB/s | 3.8 kB     00:00    
-#18 0.809 (4/41): dbus-broker-28-7.el9.x86_64.rpm         4.4 MB/s | 172 kB     00:00    
-#18 0.813 (5/41): dbus-common-1.12.20-8.el9.noarch.rpm    442 kB/s |  15 kB     00:00    
-#18 0.851 (6/41): cracklib-dicts-2.9.6-27.el9.x86_64.rpm   19 MB/s | 3.6 MB     00:00    
-#18 0.877 (7/41): gzip-1.12-1.el9.x86_64.rpm              6.1 MB/s | 163 kB     00:00    
-#18 1.022 (8/41): dhcp-common-4.4.2-19.b1.el9.noarch.rpm  622 kB/s | 129 kB     00:00    
-#18 1.055 (9/41): dhcp-client-4.4.2-19.b1.el9.x86_64.rpm  3.2 MB/s | 790 kB     00:00    
-#18 1.066 (10/41): iproute-6.2.0-5.el9.x86_64.rpm          18 MB/s | 813 kB     00:00    
-#18 1.079 (11/41): iptables-libs-1.8.10-5.el9.x86_64.rpm   21 MB/s | 460 kB     00:00    
-#18 1.082 (12/41): ipcalc-1.0.0-5.el9.x86_64.rpm          207 kB/s |  42 kB     00:00    
-#18 1.086 (13/41): iptables-nft-1.8.10-5.el9.x86_64.rpm    11 MB/s | 206 kB     00:00    
-#18 1.104 (14/41): kmod-libs-28-10.el9.x86_64.rpm         3.6 MB/s |  63 kB     00:00    
-#18 1.123 (15/41): libbpf-1.4.0-1.el9.x86_64.rpm          9.2 MB/s | 178 kB     00:00    
-#18 1.150 (16/41): libdb-5.3.28-55.el9.x86_64.rpm          27 MB/s | 735 kB     00:00    
-#18 1.166 (17/41): iputils-20210202-11.el9.x86_64.rpm     2.0 MB/s | 175 kB     00:00    
-#18 1.169 (18/41): libeconf-0.4.1-4.el9.x86_64.rpm        1.4 MB/s |  27 kB     00:00    
-#18 1.173 (19/41): jq-1.6-17.el9.x86_64.rpm               2.0 MB/s | 187 kB     00:00    
-#18 1.186 (20/41): libfdisk-2.37.4-20.el9.x86_64.rpm      8.1 MB/s | 154 kB     00:00    
-#18 1.188 (21/41): libmnl-1.0.4-16.el9.x86_64.rpm         1.5 MB/s |  28 kB     00:00    
-#18 1.191 (22/41): libnetfilter_conntrack-1.0.9-1.el9.x86 3.3 MB/s |  59 kB     00:00    
-#18 1.204 (23/41): libnfnetlink-1.0.1-21.el9.x86_64.rpm   1.7 MB/s |  30 kB     00:00    
-#18 1.207 (24/41): libnftnl-1.2.6-4.el9.x86_64.rpm        4.8 MB/s |  88 kB     00:00    
-#18 1.214 (25/41): libpwquality-1.4.4-8.el9.x86_64.rpm    5.5 MB/s | 119 kB     00:00    
-#18 1.222 (26/41): libseccomp-2.5.2-2.el9.x86_64.rpm      4.0 MB/s |  72 kB     00:00    
-#18 1.225 (27/41): libutempter-1.2.1-6.el9.x86_64.rpm     1.5 MB/s |  27 kB     00:00    
-#18 1.253 (28/41): openssl-3.2.2-6.el9.x86_64.rpm          44 MB/s | 1.4 MB     00:00    
-#18 1.261 (29/41): pam-1.5.1-20.el9.x86_64.rpm             18 MB/s | 628 kB     00:00    
-#18 1.274 (30/41): psmisc-23.4-3.el9.x86_64.rpm            12 MB/s | 243 kB     00:00    
-#18 1.296 (31/41): systemd-pam-252-48.el9.x86_64.rpm       13 MB/s | 285 kB     00:00    
-#18 1.315 (32/41): systemd-rpm-macros-252-48.el9.noarch.r 4.1 MB/s |  74 kB     00:00    
-#18 1.357 (33/41): systemd-252-48.el9.x86_64.rpm           44 MB/s | 4.2 MB     00:00    
-#18 1.366 (34/41): tar-1.34-7.el9.x86_64.rpm               19 MB/s | 885 kB     00:00    
-#18 1.390 (35/41): util-linux-2.37.4-20.el9.x86_64.rpm     71 MB/s | 2.3 MB     00:00    
-#18 1.397 (36/41): util-linux-core-2.37.4-20.el9.x86_64.r  15 MB/s | 464 kB     00:00    
-#18 1.554 (37/41): oniguruma-6.9.6-1.el9.6.x86_64.rpm     641 kB/s | 218 kB     00:00    
-#18 1.636 (38/41): geolite2-country-20191217-6.el9.noarch 6.8 MB/s | 1.6 MB     00:00    
-#18 1.743 (39/41): nmstate-2.2.38-1.el9.x86_64.rpm         30 MB/s | 3.2 MB     00:00    
-#18 1.805 (40/41): libmaxminddb-1.5.2-4.el9.x86_64.rpm    131 kB/s |  33 kB     00:00    
-#18 2.550 (41/41): geolite2-city-20191217-6.el9.noarch.rp  20 MB/s |  23 MB     00:01    
-#18 2.554 --------------------------------------------------------------------------------
-#18 2.554 Total                                            25 MB/s |  47 MB     00:01     
-#18 2.555 Running transaction check
-#18 2.633 Transaction check succeeded.
-#18 2.633 Running transaction test
-#18 3.124 Transaction test succeeded.
-#18 3.125 Running transaction
-#18 3.699   Preparing        :                                                        1/1 
-#18 3.728   Installing       : libmnl-1.0.4-16.el9.x86_64                            1/41 
-#18 3.737   Installing       : libfdisk-2.37.4-20.el9.x86_64                         2/41 
-#18 3.754   Installing       : libdb-5.3.28-55.el9.x86_64                            3/41 
-#18 3.762   Installing       : libnftnl-1.2.6-4.el9.x86_64                           4/41 
-#18 3.768   Installing       : libmaxminddb-1.5.2-4.el9.x86_64                       5/41 
-#18 3.800   Installing       : geolite2-country-20191217-6.el9.noarch                6/41 
-#18 4.225   Installing       : geolite2-city-20191217-6.el9.noarch                   7/41 
-#18 4.231   Installing       : ipcalc-1.0.0-5.el9.x86_64                             8/41 
-#18 4.252   Installing       : util-linux-core-2.37.4-20.el9.x86_64                  9/41 
-#18 4.262   Running scriptlet: util-linux-core-2.37.4-20.el9.x86_64                  9/41 
-#18 4.271   Installing       : systemd-rpm-macros-252-48.el9.noarch                 10/41 
-#18 4.281   Installing       : psmisc-23.4-3.el9.x86_64                             11/41 
-#18 4.320   Installing       : openssl-1:3.2.2-6.el9.x86_64                         12/41 
-#18 4.333   Installing       : oniguruma-6.9.6-1.el9.6.x86_64                       13/41 
-#18 4.340   Running scriptlet: libutempter-1.2.1-6.el9.x86_64                       14/41 
-#18 4.395   Installing       : libutempter-1.2.1-6.el9.x86_64                       14/41 
-#18 4.403   Installing       : libseccomp-2.5.2-2.el9.x86_64                        15/41 
-#18 4.408   Installing       : libnfnetlink-1.0.1-21.el9.x86_64                     16/41 
-#18 4.414   Installing       : libnetfilter_conntrack-1.0.9-1.el9.x86_64            17/41 
-#18 4.450   Installing       : iptables-libs-1.8.10-5.el9.x86_64                    18/41 
-#18 4.465   Installing       : libeconf-0.4.1-4.el9.x86_64                          19/41 
-#18 4.472   Installing       : libbpf-2:1.4.0-1.el9.x86_64                          20/41 
-#18 4.499   Installing       : iproute-6.2.0-5.el9.x86_64                           21/41 
-#18 4.508   Installing       : kmod-libs-28-10.el9.x86_64                           22/41 
-#18 4.518   Installing       : gzip-1.12-1.el9.x86_64                               23/41 
-#18 4.528   Installing       : cracklib-2.9.6-27.el9.x86_64                         24/41 
-#18 4.606   Installing       : cracklib-dicts-2.9.6-27.el9.x86_64                   25/41 
-#18 4.642   Installing       : pam-1.5.1-20.el9.x86_64                              26/41 
-#18 4.656   Installing       : libpwquality-1.4.4-8.el9.x86_64                      27/41 
-#18 4.724   Installing       : util-linux-2.37.4-20.el9.x86_64                      28/41 
-#18 4.725 warning: /etc/adjtime created as /etc/adjtime.rpmnew
-#18 4.725 
-#18 4.742   Installing       : dhcp-common-12:4.4.2-19.b1.el9.noarch                29/41 
-#18 4.748   Installing       : acl-2.3.1-4.el9.x86_64                               30/41 
-#18 4.753   Installing       : dbus-1:1.12.20-8.el9.x86_64                          31/41 
-#18 4.760   Installing       : systemd-pam-252-48.el9.x86_64                        32/41 
-#18 4.767   Running scriptlet: systemd-252-48.el9.x86_64                            33/41 
-#18 5.053   Installing       : systemd-252-48.el9.x86_64                            33/41 
-#18 5.066   Running scriptlet: systemd-252-48.el9.x86_64                            33/41 
-#18 5.212   Installing       : dbus-common-1:1.12.20-8.el9.noarch                   34/41 
-#18 5.216   Running scriptlet: dbus-common-1:1.12.20-8.el9.noarch                   34/41 
-#18 5.239 Created symlink /etc/systemd/system/sockets.target.wants/dbus.socket → /usr/lib/systemd/system/dbus.socket.
-#18 5.239 Created symlink /etc/systemd/user/sockets.target.wants/dbus.socket → /usr/lib/systemd/user/dbus.socket.
-#18 5.239 
-#18 5.241   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/41 
-#18 5.296   Installing       : dbus-broker-28-7.el9.x86_64                          35/41 
-#18 5.305   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/41 
-#18 5.326 Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service.
-#18 5.326 Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service.
-#18 5.326 
-#18 5.333   Installing       : iputils-20210202-11.el9.x86_64                       36/41 
-#18 5.339   Running scriptlet: iputils-20210202-11.el9.x86_64                       36/41 
-#18 5.370   Installing       : dhcp-client-12:4.4.2-19.b1.el9.x86_64                37/41 
-#18 5.385   Installing       : iptables-nft-1.8.10-5.el9.x86_64                     38/41 
-#18 5.391   Running scriptlet: iptables-nft-1.8.10-5.el9.x86_64                     38/41 
-#18 5.427   Installing       : jq-1.6-17.el9.x86_64                                 39/41 
-#18 5.509   Installing       : nmstate-2.2.38-1.el9.x86_64                          40/41 
-#18 5.528   Installing       : tar-2:1.34-7.el9.x86_64                              41/41 
-#18 5.544   Running scriptlet: tar-2:1.34-7.el9.x86_64                              41/41 
-#18 6.091   Verifying        : acl-2.3.1-4.el9.x86_64                                1/41 
-#18 6.091   Verifying        : cracklib-2.9.6-27.el9.x86_64                          2/41 
-#18 6.094   Verifying        : cracklib-dicts-2.9.6-27.el9.x86_64                    3/41 
-#18 6.094   Verifying        : dbus-1:1.12.20-8.el9.x86_64                           4/41 
-#18 6.094   Verifying        : dbus-broker-28-7.el9.x86_64                           5/41 
-#18 6.094   Verifying        : dbus-common-1:1.12.20-8.el9.noarch                    6/41 
-#18 6.094   Verifying        : dhcp-client-12:4.4.2-19.b1.el9.x86_64                 7/41 
-#18 6.094   Verifying        : dhcp-common-12:4.4.2-19.b1.el9.noarch                 8/41 
-#18 6.094   Verifying        : gzip-1.12-1.el9.x86_64                                9/41 
-#18 6.094   Verifying        : ipcalc-1.0.0-5.el9.x86_64                            10/41 
-#18 6.094   Verifying        : iproute-6.2.0-5.el9.x86_64                           11/41 
-#18 6.094   Verifying        : iptables-libs-1.8.10-5.el9.x86_64                    12/41 
-#18 6.094   Verifying        : iptables-nft-1.8.10-5.el9.x86_64                     13/41 
-#18 6.094   Verifying        : iputils-20210202-11.el9.x86_64                       14/41 
-#18 6.094   Verifying        : jq-1.6-17.el9.x86_64                                 15/41 
-#18 6.094   Verifying        : kmod-libs-28-10.el9.x86_64                           16/41 
-#18 6.094   Verifying        : libbpf-2:1.4.0-1.el9.x86_64                          17/41 
-#18 6.094   Verifying        : libdb-5.3.28-55.el9.x86_64                           18/41 
-#18 6.094   Verifying        : libeconf-0.4.1-4.el9.x86_64                          19/41 
-#18 6.094   Verifying        : libfdisk-2.37.4-20.el9.x86_64                        20/41 
-#18 6.094   Verifying        : libmnl-1.0.4-16.el9.x86_64                           21/41 
-#18 6.094   Verifying        : libnetfilter_conntrack-1.0.9-1.el9.x86_64            22/41 
-#18 6.094   Verifying        : libnfnetlink-1.0.1-21.el9.x86_64                     23/41 
-#18 6.094   Verifying        : libnftnl-1.2.6-4.el9.x86_64                          24/41 
-#18 6.094   Verifying        : libpwquality-1.4.4-8.el9.x86_64                      25/41 
-#18 6.094   Verifying        : libseccomp-2.5.2-2.el9.x86_64                        26/41 
-#18 6.094   Verifying        : libutempter-1.2.1-6.el9.x86_64                       27/41 
-#18 6.094   Verifying        : oniguruma-6.9.6-1.el9.6.x86_64                       28/41 
-#18 6.094   Verifying        : openssl-1:3.2.2-6.el9.x86_64                         29/41 
-#18 6.094   Verifying        : pam-1.5.1-20.el9.x86_64                              30/41 
-#18 6.094   Verifying        : psmisc-23.4-3.el9.x86_64                             31/41 
-#18 6.094   Verifying        : systemd-252-48.el9.x86_64                            32/41 
-#18 6.095   Verifying        : systemd-pam-252-48.el9.x86_64                        33/41 
-#18 6.095   Verifying        : systemd-rpm-macros-252-48.el9.noarch                 34/41 
-#18 6.095   Verifying        : tar-2:1.34-7.el9.x86_64                              35/41 
-#18 6.095   Verifying        : util-linux-2.37.4-20.el9.x86_64                      36/41 
-#18 6.095   Verifying        : util-linux-core-2.37.4-20.el9.x86_64                 37/41 
-#18 6.096   Verifying        : geolite2-city-20191217-6.el9.noarch                  38/41 
-#18 6.096   Verifying        : geolite2-country-20191217-6.el9.noarch               39/41 
-#18 6.096   Verifying        : libmaxminddb-1.5.2-4.el9.x86_64                      40/41 
-#18 6.096   Verifying        : nmstate-2.2.38-1.el9.x86_64                          41/41 
-#18 6.184 
-#18 6.184 Installed:
-#18 6.184   acl-2.3.1-4.el9.x86_64                                                        
-#18 6.184   cracklib-2.9.6-27.el9.x86_64                                                  
-#18 6.184   cracklib-dicts-2.9.6-27.el9.x86_64                                            
-#18 6.184   dbus-1:1.12.20-8.el9.x86_64                                                   
-#18 6.184   dbus-broker-28-7.el9.x86_64                                                   
-#18 6.184   dbus-common-1:1.12.20-8.el9.noarch                                            
-#18 6.184   dhcp-client-12:4.4.2-19.b1.el9.x86_64                                         
-#18 6.184   dhcp-common-12:4.4.2-19.b1.el9.noarch                                         
-#18 6.184   geolite2-city-20191217-6.el9.noarch                                           
-#18 6.184   geolite2-country-20191217-6.el9.noarch                                        
-#18 6.184   gzip-1.12-1.el9.x86_64                                                        
-#18 6.184   ipcalc-1.0.0-5.el9.x86_64                                                     
-#18 6.184   iproute-6.2.0-5.el9.x86_64                                                    
-#18 6.184   iptables-libs-1.8.10-5.el9.x86_64                                             
-#18 6.184   iptables-nft-1.8.10-5.el9.x86_64                                              
-#18 6.184   iputils-20210202-11.el9.x86_64                                                
-#18 6.184   jq-1.6-17.el9.x86_64                                                          
-#18 6.184   kmod-libs-28-10.el9.x86_64                                                    
-#18 6.184   libbpf-2:1.4.0-1.el9.x86_64                                                   
-#18 6.184   libdb-5.3.28-55.el9.x86_64                                                    
-#18 6.184   libeconf-0.4.1-4.el9.x86_64                                                   
-#18 6.184   libfdisk-2.37.4-20.el9.x86_64                                                 
-#18 6.184   libmaxminddb-1.5.2-4.el9.x86_64                                               
-#18 6.184   libmnl-1.0.4-16.el9.x86_64                                                    
-#18 6.184   libnetfilter_conntrack-1.0.9-1.el9.x86_64                                     
-#18 6.184   libnfnetlink-1.0.1-21.el9.x86_64                                              
-#18 6.184   libnftnl-1.2.6-4.el9.x86_64                                                   
-#18 6.184   libpwquality-1.4.4-8.el9.x86_64                                               
-#18 6.184   libseccomp-2.5.2-2.el9.x86_64                                                 
-#18 6.184   libutempter-1.2.1-6.el9.x86_64                                                
-#18 6.184   nmstate-2.2.38-1.el9.x86_64                                                   
-#18 6.184   oniguruma-6.9.6-1.el9.6.x86_64                                                
-#18 6.184   openssl-1:3.2.2-6.el9.x86_64                                                  
-#18 6.184   pam-1.5.1-20.el9.x86_64                                                       
-#18 6.184   psmisc-23.4-3.el9.x86_64                                                      
-#18 6.184   systemd-252-48.el9.x86_64                                                     
-#18 6.184   systemd-pam-252-48.el9.x86_64                                                 
-#18 6.184   systemd-rpm-macros-252-48.el9.noarch                                          
-#18 6.184   tar-2:1.34-7.el9.x86_64                                                       
-#18 6.184   util-linux-2.37.4-20.el9.x86_64                                               
-#18 6.184   util-linux-core-2.37.4-20.el9.x86_64                                          
-#18 6.184 
-#18 6.184 Complete!
-#18 DONE 6.3s
+#18 0.537 Last metadata expiration check: 0:00:07 ago on Mon Nov 11 09:50:17 2024.
+#18 0.651 Dependencies resolved.
+#18 0.655 ================================================================================
+#18 0.655  Package                   Arch      Version                Repository     Size
+#18 0.655 ================================================================================
+#18 0.655 Installing:
+#18 0.655  dhcp-client               x86_64    12:4.4.2-19.b1.el9     centos        790 k
+#18 0.655  iptables-nft              x86_64    1.8.10-5.el9           centos        206 k
+#18 0.655  jq                        x86_64    1.6-17.el9             centos        187 k
+#18 0.655  nmstate                   x86_64    2.2.38-1.el9           centos-app    3.2 M
+#18 0.655  tar                       x86_64    2:1.34-7.el9           centos        885 k
+#18 0.655 Installing dependencies:
+#18 0.655  acl                       x86_64    2.3.1-4.el9            centos         71 k
+#18 0.655  cracklib                  x86_64    2.9.6-27.el9           centos         94 k
+#18 0.655  cracklib-dicts            x86_64    2.9.6-27.el9           centos        3.6 M
+#18 0.655  dbus                      x86_64    1:1.12.20-8.el9        centos        3.8 k
+#18 0.655  dbus-broker               x86_64    28-7.el9               centos        172 k
+#18 0.655  dbus-common               noarch    1:1.12.20-8.el9        centos         15 k
+#18 0.655  dhcp-common               noarch    12:4.4.2-19.b1.el9     centos        129 k
+#18 0.655  gzip                      x86_64    1.12-1.el9             centos        163 k
+#18 0.655  ipcalc                    x86_64    1.0.0-5.el9            centos         42 k
+#18 0.655  iproute                   x86_64    6.2.0-5.el9            centos        813 k
+#18 0.655  iptables-libs             x86_64    1.8.10-5.el9           centos        460 k
+#18 0.655  iputils                   x86_64    20210202-11.el9        centos        175 k
+#18 0.655  kmod-libs                 x86_64    28-10.el9              centos         63 k
+#18 0.655  libbpf                    x86_64    2:1.4.0-1.el9          centos        178 k
+#18 0.655  libdb                     x86_64    5.3.28-55.el9          centos        735 k
+#18 0.655  libeconf                  x86_64    0.4.1-4.el9            centos         27 k
+#18 0.655  libfdisk                  x86_64    2.37.4-20.el9          centos        154 k
+#18 0.655  libmnl                    x86_64    1.0.4-16.el9           centos         28 k
+#18 0.655  libnetfilter_conntrack    x86_64    1.0.9-1.el9            centos         59 k
+#18 0.655  libnfnetlink              x86_64    1.0.1-21.el9           centos         30 k
+#18 0.655  libnftnl                  x86_64    1.2.6-4.el9            centos         88 k
+#18 0.655  libpwquality              x86_64    1.4.4-8.el9            centos        119 k
+#18 0.655  libseccomp                x86_64    2.5.2-2.el9            centos         72 k
+#18 0.655  libutempter               x86_64    1.2.1-6.el9            centos         27 k
+#18 0.655  oniguruma                 x86_64    6.9.6-1.el9.6          centos        218 k
+#18 0.655  openssl                   x86_64    1:3.2.2-6.el9          centos        1.4 M
+#18 0.655  pam                       x86_64    1.5.1-20.el9           centos        628 k
+#18 0.655  psmisc                    x86_64    23.4-3.el9             centos        243 k
+#18 0.655  systemd                   x86_64    252-48.el9             centos        4.2 M
+#18 0.655  systemd-pam               x86_64    252-48.el9             centos        285 k
+#18 0.655  systemd-rpm-macros        noarch    252-48.el9             centos         74 k
+#18 0.655  util-linux                x86_64    2.37.4-20.el9          centos        2.3 M
+#18 0.655  util-linux-core           x86_64    2.37.4-20.el9          centos        464 k
+#18 0.655 Installing weak dependencies:
+#18 0.655  geolite2-city             noarch    20191217-6.el9         centos-app     23 M
+#18 0.655  geolite2-country          noarch    20191217-6.el9         centos-app    1.6 M
+#18 0.655  libmaxminddb              x86_64    1.5.2-4.el9            centos-app     33 k
+#18 0.655 
+#18 0.655 Transaction Summary
+#18 0.655 ================================================================================
+#18 0.655 Install  41 Packages
+#18 0.655 
+#18 0.657 Total download size: 47 M
+#18 0.657 Installed size: 129 M
+#18 0.658 Downloading Packages:
+#18 0.759 (1/41): cracklib-2.9.6-27.el9.x86_64.rpm        972 kB/s |  94 kB     00:00    
+#18 0.778 (2/41): acl-2.3.1-4.el9.x86_64.rpm              626 kB/s |  71 kB     00:00    
+#18 0.780 (3/41): dbus-1.12.20-8.el9.x86_64.rpm           189 kB/s | 3.8 kB     00:00    
+#18 0.816 (4/41): dbus-broker-28-7.el9.x86_64.rpm         4.2 MB/s | 172 kB     00:00    
+#18 0.823 (5/41): dbus-common-1.12.20-8.el9.noarch.rpm    341 kB/s |  15 kB     00:00    
+#18 0.854 (6/41): cracklib-dicts-2.9.6-27.el9.x86_64.rpm   19 MB/s | 3.6 MB     00:00    
+#18 0.883 (7/41): gzip-1.12-1.el9.x86_64.rpm              5.7 MB/s | 163 kB     00:00    
+#18 0.937 (8/41): dhcp-client-4.4.2-19.b1.el9.x86_64.rpm  6.6 MB/s | 790 kB     00:00    
+#18 0.941 (9/41): dhcp-common-4.4.2-19.b1.el9.noarch.rpm  1.1 MB/s | 129 kB     00:00    
+#18 0.975 (10/41): iproute-6.2.0-5.el9.x86_64.rpm          21 MB/s | 813 kB     00:00    
+#18 0.982 (11/41): iptables-libs-1.8.10-5.el9.x86_64.rpm   11 MB/s | 460 kB     00:00    
+#18 1.003 (12/41): iptables-nft-1.8.10-5.el9.x86_64.rpm   8.0 MB/s | 206 kB     00:00    
+#18 1.066 (13/41): iputils-20210202-11.el9.x86_64.rpm     2.1 MB/s | 175 kB     00:00    
+#18 1.087 (14/41): kmod-libs-28-10.el9.x86_64.rpm         3.0 MB/s |  63 kB     00:00    
+#18 1.091 (15/41): ipcalc-1.0.0-5.el9.x86_64.rpm          203 kB/s |  42 kB     00:00    
+#18 1.093 (16/41): jq-1.6-17.el9.x86_64.rpm               2.0 MB/s | 187 kB     00:00    
+#18 1.110 (17/41): libbpf-1.4.0-1.el9.x86_64.rpm          8.1 MB/s | 178 kB     00:00    
+#18 1.117 (18/41): libeconf-0.4.1-4.el9.x86_64.rpm        1.2 MB/s |  27 kB     00:00    
+#18 1.124 (19/41): libdb-5.3.28-55.el9.x86_64.rpm          24 MB/s | 735 kB     00:00    
+#18 1.131 (20/41): libfdisk-2.37.4-20.el9.x86_64.rpm      7.4 MB/s | 154 kB     00:00    
+#18 1.137 (21/41): libmnl-1.0.4-16.el9.x86_64.rpm         1.5 MB/s |  28 kB     00:00    
+#18 1.145 (22/41): libnetfilter_conntrack-1.0.9-1.el9.x86 2.8 MB/s |  59 kB     00:00    
+#18 1.150 (23/41): libnfnetlink-1.0.1-21.el9.x86_64.rpm   1.6 MB/s |  30 kB     00:00    
+#18 1.157 (24/41): libnftnl-1.2.6-4.el9.x86_64.rpm        4.2 MB/s |  88 kB     00:00    
+#18 1.166 (25/41): libpwquality-1.4.4-8.el9.x86_64.rpm    5.7 MB/s | 119 kB     00:00    
+#18 1.171 (26/41): libseccomp-2.5.2-2.el9.x86_64.rpm      3.4 MB/s |  72 kB     00:00    
+#18 1.177 (27/41): libutempter-1.2.1-6.el9.x86_64.rpm     1.3 MB/s |  27 kB     00:00    
+#18 1.206 (28/41): openssl-3.2.2-6.el9.x86_64.rpm          39 MB/s | 1.4 MB     00:00    
+#18 1.214 (29/41): pam-1.5.1-20.el9.x86_64.rpm             17 MB/s | 628 kB     00:00    
+#18 1.235 (30/41): psmisc-23.4-3.el9.x86_64.rpm           8.9 MB/s | 243 kB     00:00    
+#18 1.270 (31/41): systemd-252-48.el9.x86_64.rpm           76 MB/s | 4.2 MB     00:00    
+#18 1.275 (32/41): systemd-pam-252-48.el9.x86_64.rpm      7.5 MB/s | 285 kB     00:00    
+#18 1.297 (33/41): systemd-rpm-macros-252-48.el9.noarch.r 2.8 MB/s |  74 kB     00:00    
+#18 1.306 (34/41): tar-1.34-7.el9.x86_64.rpm               28 MB/s | 885 kB     00:00    
+#18 1.340 (35/41): util-linux-2.37.4-20.el9.x86_64.rpm     55 MB/s | 2.3 MB     00:00    
+#18 1.348 (36/41): util-linux-core-2.37.4-20.el9.x86_64.r  11 MB/s | 464 kB     00:00    
+#18 1.371 (37/41): oniguruma-6.9.6-1.el9.6.x86_64.rpm     1.0 MB/s | 218 kB     00:00    
+#18 1.446 (38/41): geolite2-country-20191217-6.el9.noarch  17 MB/s | 1.6 MB     00:00    
+#18 1.511 (39/41): libmaxminddb-1.5.2-4.el9.x86_64.rpm    236 kB/s |  33 kB     00:00    
+#18 1.586 (40/41): nmstate-2.2.38-1.el9.x86_64.rpm         23 MB/s | 3.2 MB     00:00    
+#18 2.296 (41/41): geolite2-city-20191217-6.el9.noarch.rp  24 MB/s |  23 MB     00:00    
+#18 2.301 --------------------------------------------------------------------------------
+#18 2.302 Total                                            28 MB/s |  47 MB     00:01     
+#18 2.303 Running transaction check
+#18 2.379 Transaction check succeeded.
+#18 2.379 Running transaction test
+#18 2.867 Transaction test succeeded.
+#18 2.868 Running transaction
+#18 3.433   Preparing        :                                                        1/1 
+#18 3.462   Installing       : libmnl-1.0.4-16.el9.x86_64                            1/41 
+#18 3.472   Installing       : libfdisk-2.37.4-20.el9.x86_64                         2/41 
+#18 3.488   Installing       : libdb-5.3.28-55.el9.x86_64                            3/41 
+#18 3.495   Installing       : libnftnl-1.2.6-4.el9.x86_64                           4/41 
+#18 3.501   Installing       : libmaxminddb-1.5.2-4.el9.x86_64                       5/41 
+#18 3.533   Installing       : geolite2-country-20191217-6.el9.noarch                6/41 
+#18 3.958   Installing       : geolite2-city-20191217-6.el9.noarch                   7/41 
+#18 3.964   Installing       : ipcalc-1.0.0-5.el9.x86_64                             8/41 
+#18 3.985   Installing       : util-linux-core-2.37.4-20.el9.x86_64                  9/41 
+#18 3.993   Running scriptlet: util-linux-core-2.37.4-20.el9.x86_64                  9/41 
+#18 4.003   Installing       : systemd-rpm-macros-252-48.el9.noarch                 10/41 
+#18 4.012   Installing       : psmisc-23.4-3.el9.x86_64                             11/41 
+#18 4.052   Installing       : openssl-1:3.2.2-6.el9.x86_64                         12/41 
+#18 4.065   Installing       : oniguruma-6.9.6-1.el9.6.x86_64                       13/41 
+#18 4.070   Running scriptlet: libutempter-1.2.1-6.el9.x86_64                       14/41 
+#18 4.117   Installing       : libutempter-1.2.1-6.el9.x86_64                       14/41 
+#18 4.128   Installing       : libseccomp-2.5.2-2.el9.x86_64                        15/41 
+#18 4.133   Installing       : libnfnetlink-1.0.1-21.el9.x86_64                     16/41 
+#18 4.138   Installing       : libnetfilter_conntrack-1.0.9-1.el9.x86_64            17/41 
+#18 4.174   Installing       : iptables-libs-1.8.10-5.el9.x86_64                    18/41 
+#18 4.184   Installing       : libeconf-0.4.1-4.el9.x86_64                          19/41 
+#18 4.191   Installing       : libbpf-2:1.4.0-1.el9.x86_64                          20/41 
+#18 4.217   Installing       : iproute-6.2.0-5.el9.x86_64                           21/41 
+#18 4.228   Installing       : kmod-libs-28-10.el9.x86_64                           22/41 
+#18 4.238   Installing       : gzip-1.12-1.el9.x86_64                               23/41 
+#18 4.247   Installing       : cracklib-2.9.6-27.el9.x86_64                         24/41 
+#18 4.323   Installing       : cracklib-dicts-2.9.6-27.el9.x86_64                   25/41 
+#18 4.359   Installing       : pam-1.5.1-20.el9.x86_64                              26/41 
+#18 4.374   Installing       : libpwquality-1.4.4-8.el9.x86_64                      27/41 
+#18 4.443   Installing       : util-linux-2.37.4-20.el9.x86_64                      28/41 
+#18 4.445 warning: /etc/adjtime created as /etc/adjtime.rpmnew
+#18 4.445 
+#18 4.460   Installing       : dhcp-common-12:4.4.2-19.b1.el9.noarch                29/41 
+#18 4.466   Installing       : acl-2.3.1-4.el9.x86_64                               30/41 
+#18 4.471   Installing       : dbus-1:1.12.20-8.el9.x86_64                          31/41 
+#18 4.478   Installing       : systemd-pam-252-48.el9.x86_64                        32/41 
+#18 4.485   Running scriptlet: systemd-252-48.el9.x86_64                            33/41 
+#18 4.747   Installing       : systemd-252-48.el9.x86_64                            33/41 
+#18 4.760   Running scriptlet: systemd-252-48.el9.x86_64                            33/41 
+#18 4.898   Installing       : dbus-common-1:1.12.20-8.el9.noarch                   34/41 
+#18 4.902   Running scriptlet: dbus-common-1:1.12.20-8.el9.noarch                   34/41 
+#18 4.925 Created symlink /etc/systemd/system/sockets.target.wants/dbus.socket → /usr/lib/systemd/system/dbus.socket.
+#18 4.925 Created symlink /etc/systemd/user/sockets.target.wants/dbus.socket → /usr/lib/systemd/user/dbus.socket.
+#18 4.925 
+#18 4.927   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/41 
+#18 4.983   Installing       : dbus-broker-28-7.el9.x86_64                          35/41 
+#18 4.988   Running scriptlet: dbus-broker-28-7.el9.x86_64                          35/41 
+#18 5.011 Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service.
+#18 5.011 Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service.
+#18 5.011 
+#18 5.027   Installing       : iputils-20210202-11.el9.x86_64                       36/41 
+#18 5.033   Running scriptlet: iputils-20210202-11.el9.x86_64                       36/41 
+#18 5.064   Installing       : dhcp-client-12:4.4.2-19.b1.el9.x86_64                37/41 
+#18 5.078   Installing       : iptables-nft-1.8.10-5.el9.x86_64                     38/41 
+#18 5.084   Running scriptlet: iptables-nft-1.8.10-5.el9.x86_64                     38/41 
+#18 5.117   Installing       : jq-1.6-17.el9.x86_64                                 39/41 
+#18 5.195   Installing       : nmstate-2.2.38-1.el9.x86_64                          40/41 
+#18 5.212   Installing       : tar-2:1.34-7.el9.x86_64                              41/41 
+#18 5.226   Running scriptlet: tar-2:1.34-7.el9.x86_64                              41/41 
+#18 5.780   Verifying        : acl-2.3.1-4.el9.x86_64                                1/41 
+#18 5.783   Verifying        : cracklib-2.9.6-27.el9.x86_64                          2/41 
+#18 5.783   Verifying        : cracklib-dicts-2.9.6-27.el9.x86_64                    3/41 
+#18 5.783   Verifying        : dbus-1:1.12.20-8.el9.x86_64                           4/41 
+#18 5.783   Verifying        : dbus-broker-28-7.el9.x86_64                           5/41 
+#18 5.783   Verifying        : dbus-common-1:1.12.20-8.el9.noarch                    6/41 
+#18 5.783   Verifying        : dhcp-client-12:4.4.2-19.b1.el9.x86_64                 7/41 
+#18 5.783   Verifying        : dhcp-common-12:4.4.2-19.b1.el9.noarch                 8/41 
+#18 5.783   Verifying        : gzip-1.12-1.el9.x86_64                                9/41 
+#18 5.783   Verifying        : ipcalc-1.0.0-5.el9.x86_64                            10/41 
+#18 5.783   Verifying        : iproute-6.2.0-5.el9.x86_64                           11/41 
+#18 5.783   Verifying        : iptables-libs-1.8.10-5.el9.x86_64                    12/41 
+#18 5.783   Verifying        : iptables-nft-1.8.10-5.el9.x86_64                     13/41 
+#18 5.783   Verifying        : iputils-20210202-11.el9.x86_64                       14/41 
+#18 5.783   Verifying        : jq-1.6-17.el9.x86_64                                 15/41 
+#18 5.783   Verifying        : kmod-libs-28-10.el9.x86_64                           16/41 
+#18 5.783   Verifying        : libbpf-2:1.4.0-1.el9.x86_64                          17/41 
+#18 5.783   Verifying        : libdb-5.3.28-55.el9.x86_64                           18/41 
+#18 5.783   Verifying        : libeconf-0.4.1-4.el9.x86_64                          19/41 
+#18 5.783   Verifying        : libfdisk-2.37.4-20.el9.x86_64                        20/41 
+#18 5.783   Verifying        : libmnl-1.0.4-16.el9.x86_64                           21/41 
+#18 5.783   Verifying        : libnetfilter_conntrack-1.0.9-1.el9.x86_64            22/41 
+#18 5.783   Verifying        : libnfnetlink-1.0.1-21.el9.x86_64                     23/41 
+#18 5.783   Verifying        : libnftnl-1.2.6-4.el9.x86_64                          24/41 
+#18 5.783   Verifying        : libpwquality-1.4.4-8.el9.x86_64                      25/41 
+#18 5.783   Verifying        : libseccomp-2.5.2-2.el9.x86_64                        26/41 
+#18 5.783   Verifying        : libutempter-1.2.1-6.el9.x86_64                       27/41 
+#18 5.783   Verifying        : oniguruma-6.9.6-1.el9.6.x86_64                       28/41 
+#18 5.783   Verifying        : openssl-1:3.2.2-6.el9.x86_64                         29/41 
+#18 5.783   Verifying        : pam-1.5.1-20.el9.x86_64                              30/41 
+#18 5.783   Verifying        : psmisc-23.4-3.el9.x86_64                             31/41 
+#18 5.783   Verifying        : systemd-252-48.el9.x86_64                            32/41 
+#18 5.783   Verifying        : systemd-pam-252-48.el9.x86_64                        33/41 
+#18 5.783   Verifying        : systemd-rpm-macros-252-48.el9.noarch                 34/41 
+#18 5.783   Verifying        : tar-2:1.34-7.el9.x86_64                              35/41 
+#18 5.783   Verifying        : util-linux-2.37.4-20.el9.x86_64                      36/41 
+#18 5.783   Verifying        : util-linux-core-2.37.4-20.el9.x86_64                 37/41 
+#18 5.783   Verifying        : geolite2-city-20191217-6.el9.noarch                  38/41 
+#18 5.783   Verifying        : geolite2-country-20191217-6.el9.noarch               39/41 
+#18 5.783   Verifying        : libmaxminddb-1.5.2-4.el9.x86_64                      40/41 
+#18 5.783   Verifying        : nmstate-2.2.38-1.el9.x86_64                          41/41 
+#18 5.887 
+#18 5.887 Installed:
+#18 5.887   acl-2.3.1-4.el9.x86_64                                                        
+#18 5.887   cracklib-2.9.6-27.el9.x86_64                                                  
+#18 5.887   cracklib-dicts-2.9.6-27.el9.x86_64                                            
+#18 5.887   dbus-1:1.12.20-8.el9.x86_64                                                   
+#18 5.887   dbus-broker-28-7.el9.x86_64                                                   
+#18 5.887   dbus-common-1:1.12.20-8.el9.noarch                                            
+#18 5.887   dhcp-client-12:4.4.2-19.b1.el9.x86_64                                         
+#18 5.887   dhcp-common-12:4.4.2-19.b1.el9.noarch                                         
+#18 5.887   geolite2-city-20191217-6.el9.noarch                                           
+#18 5.887   geolite2-country-20191217-6.el9.noarch                                        
+#18 5.887   gzip-1.12-1.el9.x86_64                                                        
+#18 5.887   ipcalc-1.0.0-5.el9.x86_64                                                     
+#18 5.887   iproute-6.2.0-5.el9.x86_64                                                    
+#18 5.887   iptables-libs-1.8.10-5.el9.x86_64                                             
+#18 5.887   iptables-nft-1.8.10-5.el9.x86_64                                              
+#18 5.887   iputils-20210202-11.el9.x86_64                                                
+#18 5.887   jq-1.6-17.el9.x86_64                                                          
+#18 5.887   kmod-libs-28-10.el9.x86_64                                                    
+#18 5.887   libbpf-2:1.4.0-1.el9.x86_64                                                   
+#18 5.887   libdb-5.3.28-55.el9.x86_64                                                    
+#18 5.887   libeconf-0.4.1-4.el9.x86_64                                                   
+#18 5.887   libfdisk-2.37.4-20.el9.x86_64                                                 
+#18 5.887   libmaxminddb-1.5.2-4.el9.x86_64                                               
+#18 5.887   libmnl-1.0.4-16.el9.x86_64                                                    
+#18 5.887   libnetfilter_conntrack-1.0.9-1.el9.x86_64                                     
+#18 5.887   libnfnetlink-1.0.1-21.el9.x86_64                                              
+#18 5.887   libnftnl-1.2.6-4.el9.x86_64                                                   
+#18 5.887   libpwquality-1.4.4-8.el9.x86_64                                               
+#18 5.887   libseccomp-2.5.2-2.el9.x86_64                                                 
+#18 5.887   libutempter-1.2.1-6.el9.x86_64                                                
+#18 5.887   nmstate-2.2.38-1.el9.x86_64                                                   
+#18 5.887   oniguruma-6.9.6-1.el9.6.x86_64                                                
+#18 5.887   openssl-1:3.2.2-6.el9.x86_64                                                  
+#18 5.887   pam-1.5.1-20.el9.x86_64                                                       
+#18 5.887   psmisc-23.4-3.el9.x86_64                                                      
+#18 5.887   systemd-252-48.el9.x86_64                                                     
+#18 5.887   systemd-pam-252-48.el9.x86_64                                                 
+#18 5.887   systemd-rpm-macros-252-48.el9.noarch                                          
+#18 5.887   tar-2:1.34-7.el9.x86_64                                                       
+#18 5.887   util-linux-2.37.4-20.el9.x86_64                                               
+#18 5.887   util-linux-core-2.37.4-20.el9.x86_64                                          
+#18 5.887 
+#18 5.887 Complete!
+#18 DONE 6.1s
 
 #14 [base  7/15] COPY dist-static/iptables-libs.tar.gz dist-static/iptables-...
 #14 DONE 0.1s
@@ -11611,99 +11611,102 @@ quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0
 
 #21 exporting to image
 #21 exporting layers
-#21 exporting layers 1.6s done
-#21 writing image sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a done
+#21 exporting layers 1.5s done
+#21 writing image sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac done
 #21 naming to quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 done
-#21 DONE 1.6s
+#21 DONE 1.5s
 +docker images
-REPOSITORY                                    TAG                 IMAGE ID       CREATED              SIZE
-quay.io/noirolabs/aci-containers-host         6.0.4.4.81c2369     86a33d83c0fb   2 seconds ago        672MB
-quay.io/noirolabs/aci-containers-controller   6.0.4.4.81c2369     df6f1e78129c   23 seconds ago       648MB
-quay.io/noirolabs/cnideploy                   6.0.4.4.81c2369     cdecf6ab6714   31 seconds ago       492MB
-quay.io/noirolabs/openvswitch                 6.0.4.4.81c2369     abc733d75b12   About a minute ago   660MB
-quay.io/noirolabs/openvswitch-base            6.0.4.4.81c2369     60cf24bb0508   2 minutes ago        1.31GB
-quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
+REPOSITORY                                    TAG                 IMAGE ID       CREATED          SIZE
+quay.io/noirolabs/aci-containers-host         6.0.4.4.81c2369     cd7e95c488fe   2 seconds ago    672MB
+quay.io/noirolabs/aci-containers-controller   6.0.4.4.81c2369     d41b18f31029   23 seconds ago   648MB
+quay.io/noirolabs/cnideploy                   6.0.4.4.81c2369     b9c6dcdbf7ea   29 seconds ago   492MB
+quay.io/noirolabs/openvswitch                 6.0.4.4.81c2369     c85998ec121b   57 seconds ago   660MB
+quay.io/noirolabs/openvswitch-base            6.0.4.4.81c2369     076b30c0055f   2 minutes ago    1.31GB
+quay.io/noirolabs/opflex-build-base           6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago      1.2GB
 +docker build --target with-ovscni -t quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-host .
+#1 [internal] load build definition from Dockerfile-host
+#1 DONE 0.0s
+
 #1 [internal] load build definition from Dockerfile-host
 #1 transferring dockerfile: 4.71kB done
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi-minimal...
-#2 DONE 0.4s
+#2 DONE 0.3s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
 #3 DONE 0.0s
 
-#8 [base  1/15] FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3@sha256...
-#8 DONE 0.0s
+#12 [base  1/15] FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3@sha256...
+#12 DONE 0.0s
 
-#19 [internal] load build context
-#19 transferring context: 58.87MB 0.8s done
-#19 DONE 0.8s
+#6 [internal] load build context
+#6 transferring context: 58.87MB 0.7s done
+#6 DONE 0.7s
+
+#7 [base  7/15] COPY dist-static/iptables-libs.tar.gz dist-static/iptables-...
+#7 CACHED
 
-#6 [base  3/15] RUN yum update --disablerepo=* --enablerepo=ubi-9-appstream...
-#6 CACHED
+#5 [base 10/15] RUN for i in ip6tables-legacy ip6tables-legacy-restore ip6t...
+#5 CACHED
 
-#11 [base 14/15] COPY docker/licenses /licenses
+#11 [base  5/15] RUN yum update --disablerepo=* --repofrompath=centos,https:...
 #11 CACHED
 
-#16 [base  9/15] RUN for i in iptables-legacy iptables-legacy-restore iptabl...
+#16 [base 14/15] COPY docker/licenses /licenses
 #16 CACHED
 
-#17 [base  8/15] RUN tar -zxf /tmp/iptables-bin.tar.gz -C /usr/sbin   && tar...
+#17 [base  3/15] RUN yum update --disablerepo=* --enablerepo=ubi-9-appstream...
 #17 CACHED
 
-#4 [base  5/15] RUN yum update --disablerepo=* --repofrompath=centos,https:...
+#4 [base 11/15] RUN for i in iptables-nft iptables-nft-restore iptables-nft...
 #4 CACHED
 
-#21 [base 11/15] RUN for i in iptables-nft iptables-nft-restore iptables-nft...
-#21 CACHED
-
-#13 [base 12/15] RUN alternatives --install /usr/sbin/iptables iptables /usr...
-#13 CACHED
+#20 [base  2/15] RUN microdnf install -y yum yum-utils  && yum-config-manage...
+#20 CACHED
 
-#7 [base  2/15] RUN microdnf install -y yum yum-utils  && yum-config-manage...
-#7 CACHED
+#15 [base 12/15] RUN alternatives --install /usr/sbin/iptables iptables /usr...
+#15 CACHED
 
-#18 [base  7/15] COPY dist-static/iptables-libs.tar.gz dist-static/iptables-...
-#18 CACHED
+#9 [base 13/15] RUN /tmp/iptables-wrapper-installer.sh
+#9 CACHED
 
-#14 [base  6/15] RUN yum install --disablerepo=* --repofrompath=centos,https...
-#14 CACHED
+#19 [base  4/15] RUN yum install --disablerepo=* --enablerepo=ubi-9-appstrea...
+#19 CACHED
 
-#15 [base 10/15] RUN for i in ip6tables-legacy ip6tables-legacy-restore ip6t...
-#15 CACHED
+#18 [base  6/15] RUN yum install --disablerepo=* --repofrompath=centos,https...
+#18 CACHED
 
-#12 [base 13/15] RUN /tmp/iptables-wrapper-installer.sh
-#12 CACHED
+#13 [base  9/15] RUN for i in iptables-legacy iptables-legacy-restore iptabl...
+#13 CACHED
 
-#5 [base  4/15] RUN yum install --disablerepo=* --enablerepo=ubi-9-appstrea...
-#5 CACHED
+#21 [base  8/15] RUN tar -zxf /tmp/iptables-bin.tar.gz -C /usr/sbin   && tar...
+#21 CACHED
 
 #10 [base 15/15] RUN echo "send dhcp-client-identifier = hardware;" > /usr/l...
 #10 CACHED
 
-#9 [with-ovscni 1/2] COPY dist-static/aci-containers-host-agent-ovscni dist...
-#9 DONE 0.5s
+#14 [with-ovscni 1/2] COPY dist-static/aci-containers-host-agent-ovscni dist...
+#14 DONE 0.5s
 
-#20 [with-ovscni 2/2] RUN mv /usr/local/bin/aci-containers-host-agent-ovscni...
-#20 DONE 0.3s
+#8 [with-ovscni 2/2] RUN mv /usr/local/bin/aci-containers-host-agent-ovscni...
+#8 DONE 0.3s
 
 #22 exporting to image
 #22 exporting layers
-#22 exporting layers 0.4s done
-#22 writing image sha256:498f43b837455bb767a072fcfdf18ec465f4f5d17c6be048e9040e332a6765fb done
+#22 exporting layers 0.5s done
+#22 writing image sha256:84cbe40d7b9766c014bae352e42917b5aa83be057394c2e8058c34d41cc47679 done
 #22 naming to quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 done
 #22 DONE 0.5s
 +docker images
 REPOSITORY                                     TAG                 IMAGE ID       CREATED                  SIZE
-quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     498f43b83745   Less than a second ago   733MB
-quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     86a33d83c0fb   4 seconds ago            672MB
-quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     df6f1e78129c   25 seconds ago           648MB
-quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     cdecf6ab6714   33 seconds ago           492MB
-quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     abc733d75b12   About a minute ago       660MB
-quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     60cf24bb0508   2 minutes ago            1.31GB
+quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     84cbe40d7b97   Less than a second ago   733MB
+quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     cd7e95c488fe   4 seconds ago            672MB
+quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     d41b18f31029   25 seconds ago           648MB
+quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     b9c6dcdbf7ea   31 seconds ago           492MB
+quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     c85998ec121b   59 seconds ago           660MB
+quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     076b30c0055f   2 minutes ago            1.31GB
 quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago              1.2GB
 +docker build -t quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-operator .
 #1 [internal] load build definition from Dockerfile-operator
@@ -11711,7 +11714,7 @@ quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi:9.3
-#2 DONE 0.4s
+#2 DONE 0.5s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
@@ -11728,438 +11731,438 @@ quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0
 #6 DONE 1.2s
 
 #8 [3/6] RUN yum install --disablerepo=* --enablerepo=ubi-9-appstream-rpms ...
-#8 0.996 Updating Subscription Management repositories.
-#8 0.997 Unable to read consumer identity
-#8 1.008 
-#8 1.008 This system is not registered with an entitlement server. You can use subscription-manager to register.
-#8 1.008 
-#8 1.131 Last metadata expiration check: 0:00:52 ago on Wed Nov  6 09:39:36 2024.
-#8 1.188 Dependencies resolved.
-#8 1.196 ================================================================================
-#8 1.196  Package               Arch   Version                Repository            Size
-#8 1.196 ================================================================================
-#8 1.196 Installing:
-#8 1.196  curl                  x86_64 7.76.1-29.el9_4.1      ubi-9-baseos-rpms    297 k
-#8 1.196  git                   x86_64 2.43.5-1.el9_4         ubi-9-appstream-rpms  54 k
-#8 1.196 Installing dependencies:
-#8 1.196  emacs-filesystem      noarch 1:27.2-10.el9_4        ubi-9-appstream-rpms 9.3 k
-#8 1.196  git-core              x86_64 2.43.5-1.el9_4         ubi-9-appstream-rpms 4.4 M
-#8 1.196  git-core-doc          noarch 2.43.5-1.el9_4         ubi-9-appstream-rpms 2.9 M
-#8 1.196  groff-base            x86_64 1.22.4-10.el9          ubi-9-baseos-rpms    1.1 M
-#8 1.196  less                  x86_64 590-4.el9_4            ubi-9-baseos-rpms    166 k
-#8 1.196  libcbor               x86_64 0.7.0-5.el9            ubi-9-baseos-rpms     59 k
-#8 1.196  libedit               x86_64 3.1-38.20210216cvs.el9 ubi-9-baseos-rpms    107 k
-#8 1.196  libfido2              x86_64 1.13.0-2.el9           ubi-9-baseos-rpms    100 k
-#8 1.196  ncurses               x86_64 6.2-10.20210508.el9    ubi-9-baseos-rpms    410 k
-#8 1.196  openssh               x86_64 8.7p1-38.el9_4.4       ubi-9-baseos-rpms    466 k
-#8 1.196  openssh-clients       x86_64 8.7p1-38.el9_4.4       ubi-9-baseos-rpms    722 k
-#8 1.196  perl-AutoLoader       noarch 5.74-481.el9           ubi-9-appstream-rpms  21 k
-#8 1.196  perl-B                x86_64 1.80-481.el9           ubi-9-appstream-rpms 184 k
-#8 1.196  perl-Carp             noarch 1.50-460.el9           ubi-9-appstream-rpms  31 k
-#8 1.196  perl-Class-Struct     noarch 0.66-481.el9           ubi-9-appstream-rpms  22 k
-#8 1.196  perl-Data-Dumper      x86_64 2.174-462.el9          ubi-9-appstream-rpms  59 k
-#8 1.196  perl-Digest           noarch 1.19-4.el9             ubi-9-appstream-rpms  29 k
-#8 1.196  perl-Digest-MD5       x86_64 2.58-4.el9             ubi-9-appstream-rpms  39 k
-#8 1.196  perl-DynaLoader       x86_64 1.47-481.el9           ubi-9-appstream-rpms  26 k
-#8 1.196  perl-Encode           x86_64 4:3.08-462.el9         ubi-9-appstream-rpms 1.7 M
-#8 1.196  perl-Errno            x86_64 1.30-481.el9           ubi-9-appstream-rpms  15 k
-#8 1.196  perl-Error            noarch 1:0.17029-7.el9        ubi-9-appstream-rpms  46 k
-#8 1.196  perl-Exporter         noarch 5.74-461.el9           ubi-9-appstream-rpms  34 k
-#8 1.196  perl-Fcntl            x86_64 1.13-481.el9           ubi-9-appstream-rpms  22 k
-#8 1.196  perl-File-Basename    noarch 2.85-481.el9           ubi-9-appstream-rpms  17 k
-#8 1.196  perl-File-Find        noarch 1.37-481.el9           ubi-9-appstream-rpms  26 k
-#8 1.196  perl-File-Path        noarch 2.18-4.el9             ubi-9-appstream-rpms  38 k
-#8 1.196  perl-File-Temp        noarch 1:0.231.100-4.el9      ubi-9-appstream-rpms  63 k
-#8 1.196  perl-File-stat        noarch 1.09-481.el9           ubi-9-appstream-rpms  17 k
-#8 1.196  perl-FileHandle       noarch 2.03-481.el9           ubi-9-appstream-rpms  16 k
-#8 1.196  perl-Getopt-Long      noarch 1:2.52-4.el9           ubi-9-appstream-rpms  64 k
-#8 1.196  perl-Getopt-Std       noarch 1.12-481.el9           ubi-9-appstream-rpms  16 k
-#8 1.196  perl-Git              noarch 2.43.5-1.el9_4         ubi-9-appstream-rpms  39 k
-#8 1.196  perl-HTTP-Tiny        noarch 0.076-462.el9          ubi-9-appstream-rpms  57 k
-#8 1.196  perl-IO               x86_64 1.43-481.el9           ubi-9-appstream-rpms  92 k
-#8 1.196  perl-IO-Socket-IP     noarch 0.41-5.el9             ubi-9-appstream-rpms  45 k
-#8 1.196  perl-IO-Socket-SSL    noarch 2.073-1.el9            ubi-9-appstream-rpms 223 k
-#8 1.196  perl-IPC-Open3        noarch 1.21-481.el9           ubi-9-appstream-rpms  24 k
-#8 1.196  perl-MIME-Base64      x86_64 3.16-4.el9             ubi-9-appstream-rpms  34 k
-#8 1.196  perl-Mozilla-CA       noarch 20200520-6.el9         ubi-9-appstream-rpms  14 k
-#8 1.196  perl-Net-SSLeay       x86_64 1.92-2.el9             ubi-9-appstream-rpms 392 k
-#8 1.196  perl-POSIX            x86_64 1.94-481.el9           ubi-9-appstream-rpms  98 k
-#8 1.196  perl-PathTools        x86_64 3.78-461.el9           ubi-9-appstream-rpms  92 k
-#8 1.196  perl-Pod-Escapes      noarch 1:1.07-460.el9         ubi-9-appstream-rpms  22 k
-#8 1.196  perl-Pod-Perldoc      noarch 3.28.01-461.el9        ubi-9-appstream-rpms  92 k
-#8 1.196  perl-Pod-Simple       noarch 1:3.42-4.el9           ubi-9-appstream-rpms 229 k
-#8 1.196  perl-Pod-Usage        noarch 4:2.01-4.el9           ubi-9-appstream-rpms  43 k
-#8 1.196  perl-Scalar-List-Utils
-#8 1.196                        x86_64 4:1.56-461.el9         ubi-9-appstream-rpms  77 k
-#8 1.196  perl-SelectSaver      noarch 1.02-481.el9           ubi-9-appstream-rpms  12 k
-#8 1.196  perl-Socket           x86_64 4:2.031-4.el9          ubi-9-appstream-rpms  58 k
-#8 1.196  perl-Storable         x86_64 1:3.21-460.el9         ubi-9-appstream-rpms  98 k
-#8 1.196  perl-Symbol           noarch 1.08-481.el9           ubi-9-appstream-rpms  14 k
-#8 1.196  perl-Term-ANSIColor   noarch 5.01-461.el9           ubi-9-appstream-rpms  51 k
-#8 1.196  perl-Term-Cap         noarch 1.17-460.el9           ubi-9-appstream-rpms  24 k
-#8 1.196  perl-TermReadKey      x86_64 2.38-11.el9            ubi-9-appstream-rpms  40 k
-#8 1.196  perl-Text-ParseWords  noarch 3.30-460.el9           ubi-9-appstream-rpms  18 k
-#8 1.196  perl-Text-Tabs+Wrap   noarch 2013.0523-460.el9      ubi-9-appstream-rpms  25 k
-#8 1.196  perl-Time-Local       noarch 2:1.300-7.el9          ubi-9-appstream-rpms  37 k
-#8 1.196  perl-URI              noarch 5.09-3.el9             ubi-9-appstream-rpms 125 k
-#8 1.196  perl-base             noarch 2.27-481.el9           ubi-9-appstream-rpms  16 k
-#8 1.196  perl-constant         noarch 1.33-461.el9           ubi-9-appstream-rpms  25 k
-#8 1.196  perl-if               noarch 0.60.800-481.el9       ubi-9-appstream-rpms  14 k
-#8 1.196  perl-interpreter      x86_64 4:5.32.1-481.el9       ubi-9-appstream-rpms  73 k
-#8 1.196  perl-lib              x86_64 0.65-481.el9           ubi-9-appstream-rpms  15 k
-#8 1.196  perl-libnet           noarch 3.13-4.el9             ubi-9-appstream-rpms 134 k
-#8 1.196  perl-libs             x86_64 4:5.32.1-481.el9       ubi-9-appstream-rpms 2.2 M
-#8 1.196  perl-mro              x86_64 1.23-481.el9           ubi-9-appstream-rpms  29 k
-#8 1.196  perl-overload         noarch 1.31-481.el9           ubi-9-appstream-rpms  46 k
-#8 1.196  perl-overloading      noarch 0.02-481.el9           ubi-9-appstream-rpms  13 k
-#8 1.196  perl-parent           noarch 1:0.238-460.el9        ubi-9-appstream-rpms  16 k
-#8 1.196  perl-podlators        noarch 1:4.14-460.el9         ubi-9-appstream-rpms 118 k
-#8 1.196  perl-subs             noarch 1.03-481.el9           ubi-9-appstream-rpms  12 k
-#8 1.196  perl-vars             noarch 1.05-481.el9           ubi-9-appstream-rpms  13 k
-#8 1.196 Installing weak dependencies:
-#8 1.196  perl-NDBM_File        x86_64 1.15-481.el9           ubi-9-appstream-rpms  23 k
-#8 1.196 Removing dependent packages:
-#8 1.196  curl-minimal          x86_64 7.76.1-29.el9_4.1      @ubi-9-baseos-rpms   240 k
-#8 1.196 
-#8 1.196 Transaction Summary
-#8 1.196 ================================================================================
-#8 1.196 Install  76 Packages
-#8 1.196 Remove    1 Package
-#8 1.196 
-#8 1.201 Total download size: 18 M
-#8 1.202 Downloading Packages:
-#8 1.437 (1/76): less-590-4.el9_4.x86_64.rpm             728 kB/s | 166 kB     00:00    
-#8 1.451 (2/76): curl-7.76.1-29.el9_4.1.x86_64.rpm       1.2 MB/s | 297 kB     00:00    
-#8 1.458 (3/76): libcbor-0.7.0-5.el9.x86_64.rpm          2.8 MB/s |  59 kB     00:00    
-#8 1.473 (4/76): libedit-3.1-38.20210216cvs.el9.x86_64.r 4.8 MB/s | 107 kB     00:00    
-#8 1.482 (5/76): libfido2-1.13.0-2.el9.x86_64.rpm        4.2 MB/s | 100 kB     00:00    
-#8 1.495 (6/76): groff-base-1.22.4-10.el9.x86_64.rpm     3.8 MB/s | 1.1 MB     00:00    
-#8 1.508 (7/76): ncurses-6.2-10.20210508.el9.x86_64.rpm   12 MB/s | 410 kB     00:00    
-#8 1.526 (8/76): openssh-clients-8.7p1-38.el9_4.4.x86_64  24 MB/s | 722 kB     00:00    
-#8 1.528 (9/76): perl-Carp-1.50-460.el9.noarch.rpm       1.6 MB/s |  31 kB     00:00    
-#8 1.534 (10/76): openssh-8.7p1-38.el9_4.4.x86_64.rpm    9.0 MB/s | 466 kB     00:00    
-#8 1.546 (11/76): perl-Data-Dumper-2.174-462.el9.x86_64. 2.9 MB/s |  59 kB     00:00    
-#8 1.549 (12/76): perl-Digest-1.19-4.el9.noarch.rpm      1.4 MB/s |  29 kB     00:00    
-#8 1.553 (13/76): perl-Digest-MD5-2.58-4.el9.x86_64.rpm  2.1 MB/s |  39 kB     00:00    
-#8 1.568 (14/76): perl-Error-0.17029-7.el9.noarch.rpm    2.4 MB/s |  46 kB     00:00    
-#8 1.571 (15/76): perl-Exporter-5.74-461.el9.noarch.rpm  1.8 MB/s |  34 kB     00:00    
-#8 1.590 (16/76): perl-Encode-3.08-462.el9.x86_64.rpm     40 MB/s | 1.7 MB     00:00    
-#8 1.593 (17/76): perl-File-Path-2.18-4.el9.noarch.rpm   1.5 MB/s |  38 kB     00:00    
-#8 1.596 (18/76): perl-File-Temp-0.231.100-4.el9.noarch. 2.5 MB/s |  63 kB     00:00    
-#8 1.611 (19/76): perl-Getopt-Long-2.52-4.el9.noarch.rpm 3.2 MB/s |  64 kB     00:00    
-#8 1.614 (20/76): perl-IO-Socket-IP-0.41-5.el9.noarch.rp 2.2 MB/s |  45 kB     00:00    
-#8 1.619 (21/76): perl-IO-Socket-SSL-2.073-1.el9.noarch. 9.5 MB/s | 223 kB     00:00    
-#8 1.630 (22/76): perl-MIME-Base64-3.16-4.el9.x86_64.rpm 1.8 MB/s |  34 kB     00:00    
-#8 1.633 (23/76): perl-Mozilla-CA-20200520-6.el9.noarch. 794 kB/s |  14 kB     00:00    
-#8 1.649 (24/76): perl-Net-SSLeay-1.92-2.el9.x86_64.rpm   13 MB/s | 392 kB     00:00    
-#8 1.656 (25/76): perl-Pod-Escapes-1.07-460.el9.noarch.r 1.1 MB/s |  22 kB     00:00    
-#8 1.662 (26/76): perl-PathTools-3.78-461.el9.x86_64.rpm 3.0 MB/s |  92 kB     00:00    
-#8 1.672 (27/76): perl-Pod-Perldoc-3.28.01-461.el9.noarc 4.1 MB/s |  92 kB     00:00    
-#8 1.678 (28/76): perl-Pod-Simple-3.42-4.el9.noarch.rpm  8.9 MB/s | 229 kB     00:00    
-#8 1.681 (29/76): perl-Pod-Usage-2.01-4.el9.noarch.rpm   2.1 MB/s |  43 kB     00:00    
-#8 1.692 (30/76): perl-Scalar-List-Utils-1.56-461.el9.x8 3.8 MB/s |  77 kB     00:00    
-#8 1.698 (31/76): perl-Socket-2.031-4.el9.x86_64.rpm     3.0 MB/s |  58 kB     00:00    
-#8 1.701 (32/76): perl-Storable-3.21-460.el9.x86_64.rpm  4.9 MB/s |  98 kB     00:00    
-#8 1.712 (33/76): perl-Term-ANSIColor-5.01-461.el9.noarc 2.7 MB/s |  51 kB     00:00    
-#8 1.717 (34/76): perl-Term-Cap-1.17-460.el9.noarch.rpm  1.3 MB/s |  24 kB     00:00    
-#8 1.720 (35/76): perl-TermReadKey-2.38-11.el9.x86_64.rp 2.2 MB/s |  40 kB     00:00    
-#8 1.730 (36/76): perl-Text-ParseWords-3.30-460.el9.noar 1.0 MB/s |  18 kB     00:00    
-#8 1.736 (37/76): perl-Text-Tabs+Wrap-2013.0523-460.el9. 1.4 MB/s |  25 kB     00:00    
-#8 1.738 (38/76): perl-Time-Local-1.300-7.el9.noarch.rpm 2.0 MB/s |  37 kB     00:00    
-#8 1.751 (39/76): perl-URI-5.09-3.el9.noarch.rpm         6.0 MB/s | 125 kB     00:00    
-#8 1.756 (40/76): perl-constant-1.33-461.el9.noarch.rpm  1.3 MB/s |  25 kB     00:00    
-#8 1.758 (41/76): perl-if-0.60.800-481.el9.noarch.rpm    722 kB/s |  14 kB     00:00    
-#8 1.773 (42/76): perl-libnet-3.13-4.el9.noarch.rpm      6.1 MB/s | 134 kB     00:00    
-#8 1.776 (43/76): perl-parent-0.238-460.el9.noarch.rpm   819 kB/s |  16 kB     00:00    
-#8 1.779 (44/76): perl-podlators-4.14-460.el9.noarch.rpm 5.6 MB/s | 118 kB     00:00    
-#8 1.792 (45/76): emacs-filesystem-27.2-10.el9_4.noarch. 516 kB/s | 9.3 kB     00:00    
-#8 1.795 (46/76): git-2.43.5-1.el9_4.x86_64.rpm          2.8 MB/s |  54 kB     00:00    
-#8 1.814 (47/76): perl-AutoLoader-5.74-481.el9.noarch.rp 1.2 MB/s |  21 kB     00:00    
-#8 1.847 (48/76): git-core-2.43.5-1.el9_4.x86_64.rpm      66 MB/s | 4.4 MB     00:00    
-#8 1.851 (49/76): perl-B-1.80-481.el9.x86_64.rpm         4.9 MB/s | 184 kB     00:00    
-#8 1.876 (50/76): git-core-doc-2.43.5-1.el9_4.noarch.rpm  35 MB/s | 2.9 MB     00:00    
-#8 1.881 (51/76): perl-Class-Struct-0.66-481.el9.noarch. 679 kB/s |  22 kB     00:00    
-#8 1.884 (52/76): perl-DynaLoader-1.47-481.el9.x86_64.rp 838 kB/s |  26 kB     00:00    
-#8 1.895 (53/76): perl-Errno-1.30-481.el9.x86_64.rpm     829 kB/s |  15 kB     00:00    
-#8 1.901 (54/76): perl-Fcntl-1.13-481.el9.x86_64.rpm     1.2 MB/s |  22 kB     00:00    
-#8 1.903 (55/76): perl-File-Basename-2.85-481.el9.noarch 871 kB/s |  17 kB     00:00    
-#8 1.914 (56/76): perl-File-Find-1.37-481.el9.noarch.rpm 1.4 MB/s |  26 kB     00:00    
-#8 1.919 (57/76): perl-File-stat-1.09-481.el9.noarch.rpm 992 kB/s |  17 kB     00:00    
-#8 1.921 (58/76): perl-FileHandle-2.03-481.el9.noarch.rp 879 kB/s |  16 kB     00:00    
-#8 1.932 (59/76): perl-Getopt-Std-1.12-481.el9.noarch.rp 888 kB/s |  16 kB     00:00    
-#8 1.937 (60/76): perl-Git-2.43.5-1.el9_4.noarch.rpm     2.1 MB/s |  39 kB     00:00    
-#8 1.940 (61/76): perl-HTTP-Tiny-0.076-462.el9.noarch.rp 3.0 MB/s |  57 kB     00:00    
-#8 1.952 (62/76): perl-IO-1.43-481.el9.x86_64.rpm        4.7 MB/s |  92 kB     00:00    
-#8 1.956 (63/76): perl-IPC-Open3-1.21-481.el9.noarch.rpm 1.3 MB/s |  24 kB     00:00    
-#8 1.959 (64/76): perl-NDBM_File-1.15-481.el9.x86_64.rpm 1.3 MB/s |  23 kB     00:00    
-#8 1.971 (65/76): perl-POSIX-1.94-481.el9.x86_64.rpm     5.0 MB/s |  98 kB     00:00    
-#8 1.974 (66/76): perl-SelectSaver-1.02-481.el9.noarch.r 679 kB/s |  12 kB     00:00    
-#8 1.977 (67/76): perl-Symbol-1.08-481.el9.noarch.rpm    808 kB/s |  14 kB     00:00    
-#8 1.994 (68/76): perl-base-2.27-481.el9.noarch.rpm      850 kB/s |  16 kB     00:00    
-#8 1.998 (69/76): perl-interpreter-5.32.1-481.el9.x86_64 3.3 MB/s |  73 kB     00:00    
-#8 2.000 (70/76): perl-lib-0.65-481.el9.x86_64.rpm       672 kB/s |  15 kB     00:00    
-#8 2.015 (71/76): perl-mro-1.23-481.el9.x86_64.rpm       1.6 MB/s |  29 kB     00:00    
-#8 2.019 (72/76): perl-overload-1.31-481.el9.noarch.rpm  2.4 MB/s |  46 kB     00:00    
-#8 2.036 (73/76): perl-libs-5.32.1-481.el9.x86_64.rpm     50 MB/s | 2.2 MB     00:00    
-#8 2.038 (74/76): perl-overloading-0.02-481.el9.noarch.r 589 kB/s |  13 kB     00:00    
-#8 2.040 (75/76): perl-subs-1.03-481.el9.noarch.rpm      566 kB/s |  12 kB     00:00    
-#8 2.054 (76/76): perl-vars-1.05-481.el9.noarch.rpm      738 kB/s |  13 kB     00:00    
-#8 2.058 --------------------------------------------------------------------------------
-#8 2.059 Total                                            21 MB/s |  18 MB     00:00     
-#8 3.029 Running transaction check
-#8 3.069 Transaction check succeeded.
-#8 3.069 Running transaction test
-#8 3.348 Transaction test succeeded.
-#8 3.348 Running transaction
-#8 3.735   Preparing        :                                                        1/1 
-#8 3.790   Installing       : emacs-filesystem-1:27.2-10.el9_4.noarch               1/77 
-#8 3.796   Running scriptlet: openssh-8.7p1-38.el9_4.4.x86_64                       2/77 
-#8 3.851   Installing       : openssh-8.7p1-38.el9_4.4.x86_64                       2/77 
-#8 3.866   Installing       : ncurses-6.2-10.20210508.el9.x86_64                    3/77 
-#8 3.875   Installing       : libedit-3.1-38.20210216cvs.el9.x86_64                 4/77 
-#8 3.881   Installing       : libcbor-0.7.0-5.el9.x86_64                            5/77 
-#8 3.888   Installing       : libfido2-1.13.0-2.el9.x86_64                          6/77 
-#8 3.909   Installing       : openssh-clients-8.7p1-38.el9_4.4.x86_64               7/77 
-#8 3.914   Running scriptlet: openssh-clients-8.7p1-38.el9_4.4.x86_64               7/77 
-#8 3.944   Installing       : less-590-4.el9_4.x86_64                               8/77 
-#8 4.044   Installing       : git-core-2.43.5-1.el9_4.x86_64                        9/77 
-#8 4.253   Installing       : git-core-doc-2.43.5-1.el9_4.noarch                   10/77 
-#8 4.267   Running scriptlet: groff-base-1.22.4-10.el9.x86_64                      11/77 
-#8 4.318   Installing       : groff-base-1.22.4-10.el9.x86_64                      11/77 
-#8 4.326   Running scriptlet: groff-base-1.22.4-10.el9.x86_64                      11/77 
-#8 4.337   Installing       : perl-Digest-1.19-4.el9.noarch                        12/77 
-#8 4.343   Installing       : perl-Digest-MD5-2.58-4.el9.x86_64                    13/77 
-#8 4.352   Installing       : perl-B-1.80-481.el9.x86_64                           14/77 
-#8 4.357   Installing       : perl-FileHandle-2.03-481.el9.noarch                  15/77 
-#8 4.371   Installing       : perl-Data-Dumper-2.174-462.el9.x86_64                16/77 
-#8 4.380   Installing       : perl-libnet-3.13-4.el9.noarch                        17/77 
-#8 4.386   Installing       : perl-AutoLoader-5.74-481.el9.noarch                  18/77 
-#8 4.390   Installing       : perl-base-2.27-481.el9.noarch                        19/77 
-#8 4.400   Installing       : perl-URI-5.09-3.el9.noarch                           20/77 
-#8 4.407   Installing       : perl-if-0.60.800-481.el9.noarch                      21/77 
-#8 4.412   Installing       : perl-Time-Local-2:1.300-7.el9.noarch                 22/77 
-#8 4.416   Installing       : perl-Mozilla-CA-20200520-6.el9.noarch                23/77 
-#8 4.422   Installing       : perl-IO-Socket-IP-0.41-5.el9.noarch                  24/77 
-#8 4.427   Installing       : perl-File-Path-2.18-4.el9.noarch                     25/77 
-#8 4.436   Installing       : perl-IO-Socket-SSL-2.073-1.el9.noarch                26/77 
-#8 4.456   Installing       : perl-Net-SSLeay-1.92-2.el9.x86_64                    27/77 
-#8 4.467   Installing       : perl-Pod-Escapes-1:1.07-460.el9.noarch               28/77 
-#8 4.477   Installing       : perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch         29/77 
-#8 4.484   Installing       : perl-Term-ANSIColor-5.01-461.el9.noarch              30/77 
-#8 4.489   Installing       : perl-Class-Struct-0.66-481.el9.noarch                31/77 
-#8 4.495   Installing       : perl-POSIX-1.94-481.el9.x86_64                       32/77 
-#8 4.499   Installing       : perl-IPC-Open3-1.21-481.el9.noarch                   33/77 
-#8 4.503   Installing       : perl-subs-1.03-481.el9.noarch                        34/77 
-#8 4.510   Installing       : perl-File-Temp-1:0.231.100-4.el9.noarch              35/77 
-#8 4.517   Installing       : perl-HTTP-Tiny-0.076-462.el9.noarch                  36/77 
-#8 4.522   Installing       : perl-Term-Cap-1.17-460.el9.noarch                    37/77 
-#8 4.533   Installing       : perl-Pod-Simple-1:3.42-4.el9.noarch                  38/77 
-#8 4.540   Installing       : perl-Socket-4:2.031-4.el9.x86_64                     39/77 
-#8 4.545   Installing       : perl-SelectSaver-1.02-481.el9.noarch                 40/77 
-#8 4.549   Installing       : perl-Symbol-1.08-481.el9.noarch                      41/77 
-#8 4.553   Installing       : perl-File-stat-1.09-481.el9.noarch                   42/77 
-#8 4.560   Installing       : perl-podlators-1:4.14-460.el9.noarch                 43/77 
-#8 4.569   Installing       : perl-Pod-Perldoc-3.28.01-461.el9.noarch              44/77 
-#8 4.580   Installing       : perl-Text-ParseWords-3.30-460.el9.noarch             45/77 
-#8 4.590   Installing       : perl-Fcntl-1.13-481.el9.x86_64                       46/77 
-#8 4.595   Installing       : perl-mro-1.23-481.el9.x86_64                         47/77 
-#8 4.603   Installing       : perl-IO-1.43-481.el9.x86_64                          48/77 
-#8 4.608   Installing       : perl-overloading-0.02-481.el9.noarch                 49/77 
-#8 4.614   Installing       : perl-Pod-Usage-4:2.01-4.el9.noarch                   50/77 
-#8 4.620   Installing       : perl-MIME-Base64-3.16-4.el9.x86_64                   51/77 
-#8 4.627   Installing       : perl-Scalar-List-Utils-4:1.56-461.el9.x86_64         52/77 
-#8 4.632   Installing       : perl-constant-1.33-461.el9.noarch                    53/77 
-#8 4.636   Installing       : perl-parent-1:0.238-460.el9.noarch                   54/77 
-#8 4.640   Installing       : perl-Errno-1.30-481.el9.x86_64                       55/77 
-#8 4.644   Installing       : perl-File-Basename-2.85-481.el9.noarch               56/77 
-#8 4.648   Installing       : perl-Getopt-Std-1.12-481.el9.noarch                  57/77 
-#8 4.654   Installing       : perl-Storable-1:3.21-460.el9.x86_64                  58/77 
-#8 4.658   Installing       : perl-overload-1.31-481.el9.noarch                    59/77 
-#8 4.662   Installing       : perl-vars-1.05-481.el9.noarch                        60/77 
-#8 4.668   Installing       : perl-Getopt-Long-1:2.52-4.el9.noarch                 61/77 
-#8 4.673   Installing       : perl-Carp-1.50-460.el9.noarch                        62/77 
-#8 4.684   Installing       : perl-Exporter-5.74-461.el9.noarch                    63/77 
-#8 4.697   Installing       : perl-PathTools-3.78-461.el9.x86_64                   64/77 
-#8 4.703   Installing       : perl-NDBM_File-1.15-481.el9.x86_64                   65/77 
-#8 4.765   Installing       : perl-Encode-4:3.08-462.el9.x86_64                    66/77 
-#8 4.878   Installing       : perl-libs-4:5.32.1-481.el9.x86_64                    67/77 
-#8 4.892   Installing       : perl-interpreter-4:5.32.1-481.el9.x86_64             68/77 
-#8 4.899   Installing       : perl-Error-1:0.17029-7.el9.noarch                    69/77 
-#8 4.904   Installing       : perl-DynaLoader-1.47-481.el9.x86_64                  70/77 
-#8 4.910   Installing       : perl-TermReadKey-2.38-11.el9.x86_64                  71/77 
-#8 4.916   Installing       : perl-File-Find-1.37-481.el9.noarch                   72/77 
-#8 4.920   Installing       : perl-lib-0.65-481.el9.x86_64                         73/77 
-#8 4.925   Installing       : perl-Git-2.43.5-1.el9_4.noarch                       74/77 
+#8 1.040 Updating Subscription Management repositories.
+#8 1.040 Unable to read consumer identity
+#8 1.048 
+#8 1.048 This system is not registered with an entitlement server. You can use subscription-manager to register.
+#8 1.048 
+#8 1.160 Last metadata expiration check: 0:00:51 ago on Mon Nov 11 09:49:46 2024.
+#8 1.244 Dependencies resolved.
+#8 1.250 ================================================================================
+#8 1.250  Package               Arch   Version                Repository            Size
+#8 1.250 ================================================================================
+#8 1.250 Installing:
+#8 1.250  curl                  x86_64 7.76.1-29.el9_4.1      ubi-9-baseos-rpms    297 k
+#8 1.250  git                   x86_64 2.43.5-1.el9_4         ubi-9-appstream-rpms  54 k
+#8 1.250 Installing dependencies:
+#8 1.250  emacs-filesystem      noarch 1:27.2-10.el9_4        ubi-9-appstream-rpms 9.3 k
+#8 1.250  git-core              x86_64 2.43.5-1.el9_4         ubi-9-appstream-rpms 4.4 M
+#8 1.250  git-core-doc          noarch 2.43.5-1.el9_4         ubi-9-appstream-rpms 2.9 M
+#8 1.250  groff-base            x86_64 1.22.4-10.el9          ubi-9-baseos-rpms    1.1 M
+#8 1.250  less                  x86_64 590-4.el9_4            ubi-9-baseos-rpms    166 k
+#8 1.250  libcbor               x86_64 0.7.0-5.el9            ubi-9-baseos-rpms     59 k
+#8 1.250  libedit               x86_64 3.1-38.20210216cvs.el9 ubi-9-baseos-rpms    107 k
+#8 1.250  libfido2              x86_64 1.13.0-2.el9           ubi-9-baseos-rpms    100 k
+#8 1.250  ncurses               x86_64 6.2-10.20210508.el9    ubi-9-baseos-rpms    410 k
+#8 1.250  openssh               x86_64 8.7p1-38.el9_4.4       ubi-9-baseos-rpms    466 k
+#8 1.250  openssh-clients       x86_64 8.7p1-38.el9_4.4       ubi-9-baseos-rpms    722 k
+#8 1.250  perl-AutoLoader       noarch 5.74-481.el9           ubi-9-appstream-rpms  21 k
+#8 1.250  perl-B                x86_64 1.80-481.el9           ubi-9-appstream-rpms 184 k
+#8 1.250  perl-Carp             noarch 1.50-460.el9           ubi-9-appstream-rpms  31 k
+#8 1.250  perl-Class-Struct     noarch 0.66-481.el9           ubi-9-appstream-rpms  22 k
+#8 1.250  perl-Data-Dumper      x86_64 2.174-462.el9          ubi-9-appstream-rpms  59 k
+#8 1.250  perl-Digest           noarch 1.19-4.el9             ubi-9-appstream-rpms  29 k
+#8 1.250  perl-Digest-MD5       x86_64 2.58-4.el9             ubi-9-appstream-rpms  39 k
+#8 1.250  perl-DynaLoader       x86_64 1.47-481.el9           ubi-9-appstream-rpms  26 k
+#8 1.250  perl-Encode           x86_64 4:3.08-462.el9         ubi-9-appstream-rpms 1.7 M
+#8 1.250  perl-Errno            x86_64 1.30-481.el9           ubi-9-appstream-rpms  15 k
+#8 1.250  perl-Error            noarch 1:0.17029-7.el9        ubi-9-appstream-rpms  46 k
+#8 1.250  perl-Exporter         noarch 5.74-461.el9           ubi-9-appstream-rpms  34 k
+#8 1.250  perl-Fcntl            x86_64 1.13-481.el9           ubi-9-appstream-rpms  22 k
+#8 1.250  perl-File-Basename    noarch 2.85-481.el9           ubi-9-appstream-rpms  17 k
+#8 1.250  perl-File-Find        noarch 1.37-481.el9           ubi-9-appstream-rpms  26 k
+#8 1.250  perl-File-Path        noarch 2.18-4.el9             ubi-9-appstream-rpms  38 k
+#8 1.250  perl-File-Temp        noarch 1:0.231.100-4.el9      ubi-9-appstream-rpms  63 k
+#8 1.250  perl-File-stat        noarch 1.09-481.el9           ubi-9-appstream-rpms  17 k
+#8 1.250  perl-FileHandle       noarch 2.03-481.el9           ubi-9-appstream-rpms  16 k
+#8 1.250  perl-Getopt-Long      noarch 1:2.52-4.el9           ubi-9-appstream-rpms  64 k
+#8 1.250  perl-Getopt-Std       noarch 1.12-481.el9           ubi-9-appstream-rpms  16 k
+#8 1.250  perl-Git              noarch 2.43.5-1.el9_4         ubi-9-appstream-rpms  39 k
+#8 1.250  perl-HTTP-Tiny        noarch 0.076-462.el9          ubi-9-appstream-rpms  57 k
+#8 1.250  perl-IO               x86_64 1.43-481.el9           ubi-9-appstream-rpms  92 k
+#8 1.250  perl-IO-Socket-IP     noarch 0.41-5.el9             ubi-9-appstream-rpms  45 k
+#8 1.250  perl-IO-Socket-SSL    noarch 2.073-1.el9            ubi-9-appstream-rpms 223 k
+#8 1.250  perl-IPC-Open3        noarch 1.21-481.el9           ubi-9-appstream-rpms  24 k
+#8 1.250  perl-MIME-Base64      x86_64 3.16-4.el9             ubi-9-appstream-rpms  34 k
+#8 1.250  perl-Mozilla-CA       noarch 20200520-6.el9         ubi-9-appstream-rpms  14 k
+#8 1.250  perl-Net-SSLeay       x86_64 1.92-2.el9             ubi-9-appstream-rpms 392 k
+#8 1.250  perl-POSIX            x86_64 1.94-481.el9           ubi-9-appstream-rpms  98 k
+#8 1.250  perl-PathTools        x86_64 3.78-461.el9           ubi-9-appstream-rpms  92 k
+#8 1.250  perl-Pod-Escapes      noarch 1:1.07-460.el9         ubi-9-appstream-rpms  22 k
+#8 1.250  perl-Pod-Perldoc      noarch 3.28.01-461.el9        ubi-9-appstream-rpms  92 k
+#8 1.250  perl-Pod-Simple       noarch 1:3.42-4.el9           ubi-9-appstream-rpms 229 k
+#8 1.250  perl-Pod-Usage        noarch 4:2.01-4.el9           ubi-9-appstream-rpms  43 k
+#8 1.250  perl-Scalar-List-Utils
+#8 1.250                        x86_64 4:1.56-461.el9         ubi-9-appstream-rpms  77 k
+#8 1.250  perl-SelectSaver      noarch 1.02-481.el9           ubi-9-appstream-rpms  12 k
+#8 1.250  perl-Socket           x86_64 4:2.031-4.el9          ubi-9-appstream-rpms  58 k
+#8 1.250  perl-Storable         x86_64 1:3.21-460.el9         ubi-9-appstream-rpms  98 k
+#8 1.250  perl-Symbol           noarch 1.08-481.el9           ubi-9-appstream-rpms  14 k
+#8 1.250  perl-Term-ANSIColor   noarch 5.01-461.el9           ubi-9-appstream-rpms  51 k
+#8 1.250  perl-Term-Cap         noarch 1.17-460.el9           ubi-9-appstream-rpms  24 k
+#8 1.250  perl-TermReadKey      x86_64 2.38-11.el9            ubi-9-appstream-rpms  40 k
+#8 1.250  perl-Text-ParseWords  noarch 3.30-460.el9           ubi-9-appstream-rpms  18 k
+#8 1.250  perl-Text-Tabs+Wrap   noarch 2013.0523-460.el9      ubi-9-appstream-rpms  25 k
+#8 1.250  perl-Time-Local       noarch 2:1.300-7.el9          ubi-9-appstream-rpms  37 k
+#8 1.250  perl-URI              noarch 5.09-3.el9             ubi-9-appstream-rpms 125 k
+#8 1.250  perl-base             noarch 2.27-481.el9           ubi-9-appstream-rpms  16 k
+#8 1.250  perl-constant         noarch 1.33-461.el9           ubi-9-appstream-rpms  25 k
+#8 1.250  perl-if               noarch 0.60.800-481.el9       ubi-9-appstream-rpms  14 k
+#8 1.250  perl-interpreter      x86_64 4:5.32.1-481.el9       ubi-9-appstream-rpms  73 k
+#8 1.250  perl-lib              x86_64 0.65-481.el9           ubi-9-appstream-rpms  15 k
+#8 1.250  perl-libnet           noarch 3.13-4.el9             ubi-9-appstream-rpms 134 k
+#8 1.250  perl-libs             x86_64 4:5.32.1-481.el9       ubi-9-appstream-rpms 2.2 M
+#8 1.250  perl-mro              x86_64 1.23-481.el9           ubi-9-appstream-rpms  29 k
+#8 1.250  perl-overload         noarch 1.31-481.el9           ubi-9-appstream-rpms  46 k
+#8 1.250  perl-overloading      noarch 0.02-481.el9           ubi-9-appstream-rpms  13 k
+#8 1.250  perl-parent           noarch 1:0.238-460.el9        ubi-9-appstream-rpms  16 k
+#8 1.250  perl-podlators        noarch 1:4.14-460.el9         ubi-9-appstream-rpms 118 k
+#8 1.250  perl-subs             noarch 1.03-481.el9           ubi-9-appstream-rpms  12 k
+#8 1.250  perl-vars             noarch 1.05-481.el9           ubi-9-appstream-rpms  13 k
+#8 1.250 Installing weak dependencies:
+#8 1.250  perl-NDBM_File        x86_64 1.15-481.el9           ubi-9-appstream-rpms  23 k
+#8 1.250 Removing dependent packages:
+#8 1.250  curl-minimal          x86_64 7.76.1-29.el9_4.1      @ubi-9-baseos-rpms   240 k
+#8 1.250 
+#8 1.250 Transaction Summary
+#8 1.250 ================================================================================
+#8 1.250 Install  76 Packages
+#8 1.250 Remove    1 Package
+#8 1.250 
+#8 1.254 Total download size: 18 M
+#8 1.255 Downloading Packages:
+#8 1.433 (1/76): less-590-4.el9_4.x86_64.rpm             972 kB/s | 166 kB     00:00    
+#8 1.454 (2/76): libcbor-0.7.0-5.el9.x86_64.rpm          3.1 MB/s |  59 kB     00:00    
+#8 1.477 (3/76): libedit-3.1-38.20210216cvs.el9.x86_64.r 4.7 MB/s | 107 kB     00:00    
+#8 1.500 (4/76): groff-base-1.22.4-10.el9.x86_64.rpm     4.5 MB/s | 1.1 MB     00:00    
+#8 1.507 (5/76): libfido2-1.13.0-2.el9.x86_64.rpm        3.1 MB/s | 100 kB     00:00    
+#8 1.532 (6/76): ncurses-6.2-10.20210508.el9.x86_64.rpm   13 MB/s | 410 kB     00:00    
+#8 1.544 (7/76): curl-7.76.1-29.el9_4.1.x86_64.rpm       1.0 MB/s | 297 kB     00:00    
+#8 1.563 (8/76): openssh-clients-8.7p1-38.el9_4.4.x86_64  23 MB/s | 722 kB     00:00    
+#8 1.566 (9/76): perl-Carp-1.50-460.el9.noarch.rpm       1.5 MB/s |  31 kB     00:00    
+#8 1.571 (10/76): openssh-8.7p1-38.el9_4.4.x86_64.rpm    7.2 MB/s | 466 kB     00:00    
+#8 1.580 (11/76): perl-Data-Dumper-2.174-462.el9.x86_64. 3.5 MB/s |  59 kB     00:00    
+#8 1.584 (12/76): perl-Digest-1.19-4.el9.noarch.rpm      1.6 MB/s |  29 kB     00:00    
+#8 1.596 (13/76): perl-Digest-MD5-2.58-4.el9.x86_64.rpm  1.6 MB/s |  39 kB     00:00    
+#8 1.604 (14/76): perl-Error-0.17029-7.el9.noarch.rpm    2.4 MB/s |  46 kB     00:00    
+#8 1.620 (15/76): perl-Encode-3.08-462.el9.x86_64.rpm     45 MB/s | 1.7 MB     00:00    
+#8 1.622 (16/76): perl-Exporter-5.74-461.el9.noarch.rpm  1.3 MB/s |  34 kB     00:00    
+#8 1.625 (17/76): perl-File-Path-2.18-4.el9.noarch.rpm   1.8 MB/s |  38 kB     00:00    
+#8 1.641 (18/76): perl-IO-Socket-IP-0.41-5.el9.noarch.rp 2.8 MB/s |  45 kB     00:00    
+#8 1.643 (19/76): perl-File-Temp-0.231.100-4.el9.noarch. 2.6 MB/s |  63 kB     00:00    
+#8 1.647 (20/76): perl-Getopt-Long-2.52-4.el9.noarch.rpm 2.5 MB/s |  64 kB     00:00    
+#8 1.660 (21/76): perl-MIME-Base64-3.16-4.el9.x86_64.rpm 2.1 MB/s |  34 kB     00:00    
+#8 1.663 (22/76): perl-IO-Socket-SSL-2.073-1.el9.noarch. 9.8 MB/s | 223 kB     00:00    
+#8 1.676 (23/76): perl-Mozilla-CA-20200520-6.el9.noarch. 502 kB/s |  14 kB     00:00    
+#8 1.680 (24/76): perl-PathTools-3.78-461.el9.x86_64.rpm 5.5 MB/s |  92 kB     00:00    
+#8 1.686 (25/76): perl-Net-SSLeay-1.92-2.el9.x86_64.rpm   15 MB/s | 392 kB     00:00    
+#8 1.698 (26/76): perl-Pod-Escapes-1.07-460.el9.noarch.r 1.1 MB/s |  22 kB     00:00    
+#8 1.701 (27/76): perl-Pod-Perldoc-3.28.01-461.el9.noarc 4.4 MB/s |  92 kB     00:00    
+#8 1.706 (28/76): perl-Pod-Simple-3.42-4.el9.noarch.rpm   12 MB/s | 229 kB     00:00    
+#8 1.714 (29/76): perl-Pod-Usage-2.01-4.el9.noarch.rpm   2.3 MB/s |  43 kB     00:00    
+#8 1.718 (30/76): perl-Scalar-List-Utils-1.56-461.el9.x8 4.6 MB/s |  77 kB     00:00    
+#8 1.722 (31/76): perl-Socket-2.031-4.el9.x86_64.rpm     3.7 MB/s |  58 kB     00:00    
+#8 1.734 (32/76): perl-Term-ANSIColor-5.01-461.el9.noarc 3.2 MB/s |  51 kB     00:00    
+#8 1.737 (33/76): perl-Storable-3.21-460.el9.x86_64.rpm  4.3 MB/s |  98 kB     00:00    
+#8 1.739 (34/76): perl-Term-Cap-1.17-460.el9.noarch.rpm  1.4 MB/s |  24 kB     00:00    
+#8 1.751 (35/76): perl-TermReadKey-2.38-11.el9.x86_64.rp 2.5 MB/s |  40 kB     00:00    
+#8 1.755 (36/76): perl-Text-ParseWords-3.30-460.el9.noar 1.0 MB/s |  18 kB     00:00    
+#8 1.767 (37/76): perl-Time-Local-1.300-7.el9.noarch.rpm 2.2 MB/s |  37 kB     00:00    
+#8 1.784 (38/76): perl-constant-1.33-461.el9.noarch.rpm  1.6 MB/s |  25 kB     00:00    
+#8 1.793 (39/76): perl-URI-5.09-3.el9.noarch.rpm         3.3 MB/s | 125 kB     00:00    
+#8 1.803 (40/76): perl-if-0.60.800-481.el9.noarch.rpm    851 kB/s |  14 kB     00:00    
+#8 1.806 (41/76): perl-Text-Tabs+Wrap-2013.0523-460.el9. 384 kB/s |  25 kB     00:00    
+#8 1.815 (42/76): perl-libnet-3.13-4.el9.noarch.rpm      6.1 MB/s | 134 kB     00:00    
+#8 1.818 (43/76): perl-parent-0.238-460.el9.noarch.rpm   979 kB/s |  16 kB     00:00    
+#8 1.823 (44/76): perl-podlators-4.14-460.el9.noarch.rpm 7.1 MB/s | 118 kB     00:00    
+#8 1.831 (45/76): emacs-filesystem-27.2-10.el9_4.noarch. 597 kB/s | 9.3 kB     00:00    
+#8 1.834 (46/76): git-2.43.5-1.el9_4.x86_64.rpm          3.3 MB/s |  54 kB     00:00    
+#8 1.851 (47/76): perl-AutoLoader-5.74-481.el9.noarch.rp 1.3 MB/s |  21 kB     00:00    
+#8 1.883 (48/76): git-core-2.43.5-1.el9_4.x86_64.rpm      74 MB/s | 4.4 MB     00:00    
+#8 1.889 (49/76): perl-B-1.80-481.el9.x86_64.rpm         4.7 MB/s | 184 kB     00:00    
+#8 1.899 (50/76): perl-Class-Struct-0.66-481.el9.noarch. 1.5 MB/s |  22 kB     00:00    
+#8 1.911 (51/76): perl-DynaLoader-1.47-481.el9.x86_64.rp 1.3 MB/s |  26 kB     00:00    
+#8 1.916 (52/76): perl-Errno-1.30-481.el9.x86_64.rpm     970 kB/s |  15 kB     00:00    
+#8 1.932 (53/76): git-core-doc-2.43.5-1.el9_4.noarch.rpm  29 MB/s | 2.9 MB     00:00    
+#8 1.934 (54/76): perl-Fcntl-1.13-481.el9.x86_64.rpm     979 kB/s |  22 kB     00:00    
+#8 1.936 (55/76): perl-File-Basename-2.85-481.el9.noarch 912 kB/s |  17 kB     00:00    
+#8 1.950 (56/76): perl-File-Find-1.37-481.el9.noarch.rpm 1.4 MB/s |  26 kB     00:00    
+#8 1.953 (57/76): perl-FileHandle-2.03-481.el9.noarch.rp 983 kB/s |  16 kB     00:00    
+#8 1.971 (58/76): perl-Git-2.43.5-1.el9_4.noarch.rpm     2.2 MB/s |  39 kB     00:00    
+#8 1.973 (59/76): perl-Getopt-Std-1.12-481.el9.noarch.rp 690 kB/s |  16 kB     00:00    
+#8 1.976 (60/76): perl-File-stat-1.09-481.el9.noarch.rpm 448 kB/s |  17 kB     00:00    
+#8 1.989 (61/76): perl-HTTP-Tiny-0.076-462.el9.noarch.rp 3.1 MB/s |  57 kB     00:00    
+#8 1.991 (62/76): perl-IPC-Open3-1.21-481.el9.noarch.rpm 1.5 MB/s |  24 kB     00:00    
+#8 1.995 (63/76): perl-IO-1.43-481.el9.x86_64.rpm        4.4 MB/s |  92 kB     00:00    
+#8 2.006 (64/76): perl-NDBM_File-1.15-481.el9.x86_64.rpm 1.4 MB/s |  23 kB     00:00    
+#8 2.014 (65/76): perl-POSIX-1.94-481.el9.x86_64.rpm     4.3 MB/s |  98 kB     00:00    
+#8 2.020 (66/76): perl-SelectSaver-1.02-481.el9.noarch.r 471 kB/s |  12 kB     00:00    
+#8 2.025 (67/76): perl-Symbol-1.08-481.el9.noarch.rpm    780 kB/s |  14 kB     00:00    
+#8 2.031 (68/76): perl-base-2.27-481.el9.noarch.rpm      1.1 MB/s |  16 kB     00:00    
+#8 2.038 (69/76): perl-interpreter-5.32.1-481.el9.x86_64 4.4 MB/s |  73 kB     00:00    
+#8 2.054 (70/76): perl-lib-0.65-481.el9.x86_64.rpm       520 kB/s |  15 kB     00:00    
+#8 2.056 (71/76): perl-mro-1.23-481.el9.x86_64.rpm       1.6 MB/s |  29 kB     00:00    
+#8 2.073 (72/76): perl-libs-5.32.1-481.el9.x86_64.rpm     52 MB/s | 2.2 MB     00:00    
+#8 2.076 (73/76): perl-overloading-0.02-481.el9.noarch.r 694 kB/s |  13 kB     00:00    
+#8 2.079 (74/76): perl-overload-1.31-481.el9.noarch.rpm  2.0 MB/s |  46 kB     00:00    
+#8 2.090 (75/76): perl-subs-1.03-481.el9.noarch.rpm      746 kB/s |  12 kB     00:00    
+#8 2.092 (76/76): perl-vars-1.05-481.el9.noarch.rpm      856 kB/s |  13 kB     00:00    
+#8 2.096 --------------------------------------------------------------------------------
+#8 2.096 Total                                            21 MB/s |  18 MB     00:00     
+#8 3.071 Running transaction check
+#8 3.111 Transaction check succeeded.
+#8 3.111 Running transaction test
+#8 3.390 Transaction test succeeded.
+#8 3.390 Running transaction
+#8 3.776   Preparing        :                                                        1/1 
+#8 3.831   Installing       : emacs-filesystem-1:27.2-10.el9_4.noarch               1/77 
+#8 3.836   Running scriptlet: openssh-8.7p1-38.el9_4.4.x86_64                       2/77 
+#8 3.886   Installing       : openssh-8.7p1-38.el9_4.4.x86_64                       2/77 
+#8 3.901   Installing       : ncurses-6.2-10.20210508.el9.x86_64                    3/77 
+#8 3.909   Installing       : libedit-3.1-38.20210216cvs.el9.x86_64                 4/77 
+#8 3.915   Installing       : libcbor-0.7.0-5.el9.x86_64                            5/77 
+#8 3.921   Installing       : libfido2-1.13.0-2.el9.x86_64                          6/77 
+#8 3.942   Installing       : openssh-clients-8.7p1-38.el9_4.4.x86_64               7/77 
+#8 3.947   Running scriptlet: openssh-clients-8.7p1-38.el9_4.4.x86_64               7/77 
+#8 3.973   Installing       : less-590-4.el9_4.x86_64                               8/77 
+#8 4.073   Installing       : git-core-2.43.5-1.el9_4.x86_64                        9/77 
+#8 4.276   Installing       : git-core-doc-2.43.5-1.el9_4.noarch                   10/77 
+#8 4.290   Running scriptlet: groff-base-1.22.4-10.el9.x86_64                      11/77 
+#8 4.340   Installing       : groff-base-1.22.4-10.el9.x86_64                      11/77 
+#8 4.348   Running scriptlet: groff-base-1.22.4-10.el9.x86_64                      11/77 
+#8 4.358   Installing       : perl-Digest-1.19-4.el9.noarch                        12/77 
+#8 4.364   Installing       : perl-Digest-MD5-2.58-4.el9.x86_64                    13/77 
+#8 4.373   Installing       : perl-B-1.80-481.el9.x86_64                           14/77 
+#8 4.378   Installing       : perl-FileHandle-2.03-481.el9.noarch                  15/77 
+#8 4.384   Installing       : perl-Data-Dumper-2.174-462.el9.x86_64                16/77 
+#8 4.392   Installing       : perl-libnet-3.13-4.el9.noarch                        17/77 
+#8 4.402   Installing       : perl-AutoLoader-5.74-481.el9.noarch                  18/77 
+#8 4.406   Installing       : perl-base-2.27-481.el9.noarch                        19/77 
+#8 4.416   Installing       : perl-URI-5.09-3.el9.noarch                           20/77 
+#8 4.425   Installing       : perl-if-0.60.800-481.el9.noarch                      21/77 
+#8 4.429   Installing       : perl-Time-Local-2:1.300-7.el9.noarch                 22/77 
+#8 4.434   Installing       : perl-Mozilla-CA-20200520-6.el9.noarch                23/77 
+#8 4.439   Installing       : perl-IO-Socket-IP-0.41-5.el9.noarch                  24/77 
+#8 4.444   Installing       : perl-File-Path-2.18-4.el9.noarch                     25/77 
+#8 4.454   Installing       : perl-IO-Socket-SSL-2.073-1.el9.noarch                26/77 
+#8 4.474   Installing       : perl-Net-SSLeay-1.92-2.el9.x86_64                    27/77 
+#8 4.482   Installing       : perl-Pod-Escapes-1:1.07-460.el9.noarch               28/77 
+#8 4.487   Installing       : perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch         29/77 
+#8 4.493   Installing       : perl-Term-ANSIColor-5.01-461.el9.noarch              30/77 
+#8 4.506   Installing       : perl-Class-Struct-0.66-481.el9.noarch                31/77 
+#8 4.512   Installing       : perl-POSIX-1.94-481.el9.x86_64                       32/77 
+#8 4.517   Installing       : perl-IPC-Open3-1.21-481.el9.noarch                   33/77 
+#8 4.521   Installing       : perl-subs-1.03-481.el9.noarch                        34/77 
+#8 4.526   Installing       : perl-File-Temp-1:0.231.100-4.el9.noarch              35/77 
+#8 4.532   Installing       : perl-HTTP-Tiny-0.076-462.el9.noarch                  36/77 
+#8 4.537   Installing       : perl-Term-Cap-1.17-460.el9.noarch                    37/77 
+#8 4.549   Installing       : perl-Pod-Simple-1:3.42-4.el9.noarch                  38/77 
+#8 4.557   Installing       : perl-Socket-4:2.031-4.el9.x86_64                     39/77 
+#8 4.561   Installing       : perl-SelectSaver-1.02-481.el9.noarch                 40/77 
+#8 4.565   Installing       : perl-Symbol-1.08-481.el9.noarch                      41/77 
+#8 4.569   Installing       : perl-File-stat-1.09-481.el9.noarch                   42/77 
+#8 4.577   Installing       : perl-podlators-1:4.14-460.el9.noarch                 43/77 
+#8 4.586   Installing       : perl-Pod-Perldoc-3.28.01-461.el9.noarch              44/77 
+#8 4.591   Installing       : perl-Text-ParseWords-3.30-460.el9.noarch             45/77 
+#8 4.596   Installing       : perl-Fcntl-1.13-481.el9.x86_64                       46/77 
+#8 4.607   Installing       : perl-mro-1.23-481.el9.x86_64                         47/77 
+#8 4.618   Installing       : perl-IO-1.43-481.el9.x86_64                          48/77 
+#8 4.624   Installing       : perl-overloading-0.02-481.el9.noarch                 49/77 
+#8 4.629   Installing       : perl-Pod-Usage-4:2.01-4.el9.noarch                   50/77 
+#8 4.634   Installing       : perl-MIME-Base64-3.16-4.el9.x86_64                   51/77 
+#8 4.641   Installing       : perl-Scalar-List-Utils-4:1.56-461.el9.x86_64         52/77 
+#8 4.646   Installing       : perl-constant-1.33-461.el9.noarch                    53/77 
+#8 4.651   Installing       : perl-parent-1:0.238-460.el9.noarch                   54/77 
+#8 4.655   Installing       : perl-Errno-1.30-481.el9.x86_64                       55/77 
+#8 4.658   Installing       : perl-File-Basename-2.85-481.el9.noarch               56/77 
+#8 4.662   Installing       : perl-Getopt-Std-1.12-481.el9.noarch                  57/77 
+#8 4.668   Installing       : perl-Storable-1:3.21-460.el9.x86_64                  58/77 
+#8 4.672   Installing       : perl-overload-1.31-481.el9.noarch                    59/77 
+#8 4.676   Installing       : perl-vars-1.05-481.el9.noarch                        60/77 
+#8 4.681   Installing       : perl-Getopt-Long-1:2.52-4.el9.noarch                 61/77 
+#8 4.686   Installing       : perl-Carp-1.50-460.el9.noarch                        62/77 
+#8 4.691   Installing       : perl-Exporter-5.74-461.el9.noarch                    63/77 
+#8 4.698   Installing       : perl-PathTools-3.78-461.el9.x86_64                   64/77 
+#8 4.709   Installing       : perl-NDBM_File-1.15-481.el9.x86_64                   65/77 
+#8 4.774   Installing       : perl-Encode-4:3.08-462.el9.x86_64                    66/77 
+#8 4.884   Installing       : perl-libs-4:5.32.1-481.el9.x86_64                    67/77 
+#8 4.899   Installing       : perl-interpreter-4:5.32.1-481.el9.x86_64             68/77 
+#8 4.906   Installing       : perl-Error-1:0.17029-7.el9.noarch                    69/77 
+#8 4.911   Installing       : perl-DynaLoader-1.47-481.el9.x86_64                  70/77 
+#8 4.917   Installing       : perl-TermReadKey-2.38-11.el9.x86_64                  71/77 
+#8 4.922   Installing       : perl-File-Find-1.37-481.el9.noarch                   72/77 
+#8 4.926   Installing       : perl-lib-0.65-481.el9.x86_64                         73/77 
+#8 4.930   Installing       : perl-Git-2.43.5-1.el9_4.noarch                       74/77 
 #8 4.935   Installing       : git-2.43.5-1.el9_4.x86_64                            75/77 
 #8 4.945   Installing       : curl-7.76.1-29.el9_4.1.x86_64                        76/77 
 #8 4.950   Erasing          : curl-minimal-7.76.1-29.el9_4.1.x86_64                77/77 
-#8 4.964   Running scriptlet: curl-minimal-7.76.1-29.el9_4.1.x86_64                77/77 
-#8 5.494   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                         1/77 
-#8 5.495   Verifying        : groff-base-1.22.4-10.el9.x86_64                       2/77 
-#8 5.495   Verifying        : less-590-4.el9_4.x86_64                               3/77 
-#8 5.495   Verifying        : libcbor-0.7.0-5.el9.x86_64                            4/77 
-#8 5.495   Verifying        : libedit-3.1-38.20210216cvs.el9.x86_64                 5/77 
-#8 5.495   Verifying        : libfido2-1.13.0-2.el9.x86_64                          6/77 
-#8 5.495   Verifying        : ncurses-6.2-10.20210508.el9.x86_64                    7/77 
-#8 5.495   Verifying        : openssh-8.7p1-38.el9_4.4.x86_64                       8/77 
-#8 5.495   Verifying        : openssh-clients-8.7p1-38.el9_4.4.x86_64               9/77 
-#8 5.495   Verifying        : perl-Carp-1.50-460.el9.noarch                        10/77 
-#8 5.495   Verifying        : perl-Data-Dumper-2.174-462.el9.x86_64                11/77 
-#8 5.495   Verifying        : perl-Digest-1.19-4.el9.noarch                        12/77 
-#8 5.495   Verifying        : perl-Digest-MD5-2.58-4.el9.x86_64                    13/77 
-#8 5.495   Verifying        : perl-Encode-4:3.08-462.el9.x86_64                    14/77 
-#8 5.495   Verifying        : perl-Error-1:0.17029-7.el9.noarch                    15/77 
-#8 5.495   Verifying        : perl-Exporter-5.74-461.el9.noarch                    16/77 
-#8 5.495   Verifying        : perl-File-Path-2.18-4.el9.noarch                     17/77 
-#8 5.495   Verifying        : perl-File-Temp-1:0.231.100-4.el9.noarch              18/77 
-#8 5.496   Verifying        : perl-Getopt-Long-1:2.52-4.el9.noarch                 19/77 
-#8 5.496   Verifying        : perl-IO-Socket-IP-0.41-5.el9.noarch                  20/77 
-#8 5.496   Verifying        : perl-IO-Socket-SSL-2.073-1.el9.noarch                21/77 
-#8 5.496   Verifying        : perl-MIME-Base64-3.16-4.el9.x86_64                   22/77 
-#8 5.497   Verifying        : perl-Mozilla-CA-20200520-6.el9.noarch                23/77 
-#8 5.497   Verifying        : perl-Net-SSLeay-1.92-2.el9.x86_64                    24/77 
-#8 5.497   Verifying        : perl-PathTools-3.78-461.el9.x86_64                   25/77 
-#8 5.497   Verifying        : perl-Pod-Escapes-1:1.07-460.el9.noarch               26/77 
-#8 5.497   Verifying        : perl-Pod-Perldoc-3.28.01-461.el9.noarch              27/77 
-#8 5.497   Verifying        : perl-Pod-Simple-1:3.42-4.el9.noarch                  28/77 
-#8 5.497   Verifying        : perl-Pod-Usage-4:2.01-4.el9.noarch                   29/77 
-#8 5.497   Verifying        : perl-Scalar-List-Utils-4:1.56-461.el9.x86_64         30/77 
-#8 5.497   Verifying        : perl-Socket-4:2.031-4.el9.x86_64                     31/77 
-#8 5.497   Verifying        : perl-Storable-1:3.21-460.el9.x86_64                  32/77 
-#8 5.497   Verifying        : perl-Term-ANSIColor-5.01-461.el9.noarch              33/77 
-#8 5.497   Verifying        : perl-Term-Cap-1.17-460.el9.noarch                    34/77 
-#8 5.497   Verifying        : perl-TermReadKey-2.38-11.el9.x86_64                  35/77 
-#8 5.497   Verifying        : perl-Text-ParseWords-3.30-460.el9.noarch             36/77 
-#8 5.497   Verifying        : perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch         37/77 
-#8 5.498   Verifying        : perl-Time-Local-2:1.300-7.el9.noarch                 38/77 
-#8 5.498   Verifying        : perl-URI-5.09-3.el9.noarch                           39/77 
-#8 5.498   Verifying        : perl-constant-1.33-461.el9.noarch                    40/77 
-#8 5.498   Verifying        : perl-if-0.60.800-481.el9.noarch                      41/77 
-#8 5.498   Verifying        : perl-libnet-3.13-4.el9.noarch                        42/77 
-#8 5.498   Verifying        : perl-parent-1:0.238-460.el9.noarch                   43/77 
-#8 5.499   Verifying        : perl-podlators-1:4.14-460.el9.noarch                 44/77 
-#8 5.499   Verifying        : emacs-filesystem-1:27.2-10.el9_4.noarch              45/77 
-#8 5.499   Verifying        : git-2.43.5-1.el9_4.x86_64                            46/77 
-#8 5.499   Verifying        : git-core-2.43.5-1.el9_4.x86_64                       47/77 
-#8 5.499   Verifying        : git-core-doc-2.43.5-1.el9_4.noarch                   48/77 
-#8 5.499   Verifying        : perl-AutoLoader-5.74-481.el9.noarch                  49/77 
-#8 5.499   Verifying        : perl-B-1.80-481.el9.x86_64                           50/77 
-#8 5.499   Verifying        : perl-Class-Struct-0.66-481.el9.noarch                51/77 
-#8 5.499   Verifying        : perl-DynaLoader-1.47-481.el9.x86_64                  52/77 
-#8 5.500   Verifying        : perl-Errno-1.30-481.el9.x86_64                       53/77 
-#8 5.500   Verifying        : perl-Fcntl-1.13-481.el9.x86_64                       54/77 
-#8 5.500   Verifying        : perl-File-Basename-2.85-481.el9.noarch               55/77 
-#8 5.500   Verifying        : perl-File-Find-1.37-481.el9.noarch                   56/77 
-#8 5.500   Verifying        : perl-File-stat-1.09-481.el9.noarch                   57/77 
-#8 5.500   Verifying        : perl-FileHandle-2.03-481.el9.noarch                  58/77 
-#8 5.500   Verifying        : perl-Getopt-Std-1.12-481.el9.noarch                  59/77 
-#8 5.500   Verifying        : perl-Git-2.43.5-1.el9_4.noarch                       60/77 
-#8 5.500   Verifying        : perl-HTTP-Tiny-0.076-462.el9.noarch                  61/77 
-#8 5.500   Verifying        : perl-IO-1.43-481.el9.x86_64                          62/77 
-#8 5.500   Verifying        : perl-IPC-Open3-1.21-481.el9.noarch                   63/77 
-#8 5.500   Verifying        : perl-NDBM_File-1.15-481.el9.x86_64                   64/77 
-#8 5.500   Verifying        : perl-POSIX-1.94-481.el9.x86_64                       65/77 
-#8 5.501   Verifying        : perl-SelectSaver-1.02-481.el9.noarch                 66/77 
-#8 5.501   Verifying        : perl-Symbol-1.08-481.el9.noarch                      67/77 
-#8 5.501   Verifying        : perl-base-2.27-481.el9.noarch                        68/77 
-#8 5.501   Verifying        : perl-interpreter-4:5.32.1-481.el9.x86_64             69/77 
-#8 5.501   Verifying        : perl-lib-0.65-481.el9.x86_64                         70/77 
-#8 5.501   Verifying        : perl-libs-4:5.32.1-481.el9.x86_64                    71/77 
-#8 5.501   Verifying        : perl-mro-1.23-481.el9.x86_64                         72/77 
-#8 5.501   Verifying        : perl-overload-1.31-481.el9.noarch                    73/77 
-#8 5.501   Verifying        : perl-overloading-0.02-481.el9.noarch                 74/77 
-#8 5.502   Verifying        : perl-subs-1.03-481.el9.noarch                        75/77 
-#8 5.502   Verifying        : perl-vars-1.05-481.el9.noarch                        76/77 
-#8 5.502   Verifying        : curl-minimal-7.76.1-29.el9_4.1.x86_64                77/77 
-#8 5.619 Installed products updated.
-#8 5.659 
-#8 5.659 Installed:
-#8 5.659   curl-7.76.1-29.el9_4.1.x86_64                                                 
-#8 5.659   emacs-filesystem-1:27.2-10.el9_4.noarch                                       
-#8 5.659   git-2.43.5-1.el9_4.x86_64                                                     
-#8 5.659   git-core-2.43.5-1.el9_4.x86_64                                                
-#8 5.659   git-core-doc-2.43.5-1.el9_4.noarch                                            
-#8 5.659   groff-base-1.22.4-10.el9.x86_64                                               
-#8 5.659   less-590-4.el9_4.x86_64                                                       
-#8 5.659   libcbor-0.7.0-5.el9.x86_64                                                    
-#8 5.659   libedit-3.1-38.20210216cvs.el9.x86_64                                         
-#8 5.659   libfido2-1.13.0-2.el9.x86_64                                                  
-#8 5.659   ncurses-6.2-10.20210508.el9.x86_64                                            
-#8 5.659   openssh-8.7p1-38.el9_4.4.x86_64                                               
-#8 5.659   openssh-clients-8.7p1-38.el9_4.4.x86_64                                       
-#8 5.659   perl-AutoLoader-5.74-481.el9.noarch                                           
-#8 5.659   perl-B-1.80-481.el9.x86_64                                                    
-#8 5.659   perl-Carp-1.50-460.el9.noarch                                                 
-#8 5.659   perl-Class-Struct-0.66-481.el9.noarch                                         
-#8 5.659   perl-Data-Dumper-2.174-462.el9.x86_64                                         
-#8 5.659   perl-Digest-1.19-4.el9.noarch                                                 
-#8 5.659   perl-Digest-MD5-2.58-4.el9.x86_64                                             
-#8 5.659   perl-DynaLoader-1.47-481.el9.x86_64                                           
-#8 5.659   perl-Encode-4:3.08-462.el9.x86_64                                             
-#8 5.659   perl-Errno-1.30-481.el9.x86_64                                                
-#8 5.659   perl-Error-1:0.17029-7.el9.noarch                                             
-#8 5.659   perl-Exporter-5.74-461.el9.noarch                                             
-#8 5.659   perl-Fcntl-1.13-481.el9.x86_64                                                
-#8 5.659   perl-File-Basename-2.85-481.el9.noarch                                        
-#8 5.659   perl-File-Find-1.37-481.el9.noarch                                            
-#8 5.659   perl-File-Path-2.18-4.el9.noarch                                              
-#8 5.659   perl-File-Temp-1:0.231.100-4.el9.noarch                                       
-#8 5.659   perl-File-stat-1.09-481.el9.noarch                                            
-#8 5.659   perl-FileHandle-2.03-481.el9.noarch                                           
-#8 5.659   perl-Getopt-Long-1:2.52-4.el9.noarch                                          
-#8 5.659   perl-Getopt-Std-1.12-481.el9.noarch                                           
-#8 5.659   perl-Git-2.43.5-1.el9_4.noarch                                                
-#8 5.659   perl-HTTP-Tiny-0.076-462.el9.noarch                                           
-#8 5.659   perl-IO-1.43-481.el9.x86_64                                                   
-#8 5.659   perl-IO-Socket-IP-0.41-5.el9.noarch                                           
-#8 5.659   perl-IO-Socket-SSL-2.073-1.el9.noarch                                         
-#8 5.659   perl-IPC-Open3-1.21-481.el9.noarch                                            
-#8 5.659   perl-MIME-Base64-3.16-4.el9.x86_64                                            
-#8 5.659   perl-Mozilla-CA-20200520-6.el9.noarch                                         
-#8 5.659   perl-NDBM_File-1.15-481.el9.x86_64                                            
-#8 5.659   perl-Net-SSLeay-1.92-2.el9.x86_64                                             
-#8 5.659   perl-POSIX-1.94-481.el9.x86_64                                                
-#8 5.659   perl-PathTools-3.78-461.el9.x86_64                                            
-#8 5.659   perl-Pod-Escapes-1:1.07-460.el9.noarch                                        
-#8 5.659   perl-Pod-Perldoc-3.28.01-461.el9.noarch                                       
-#8 5.659   perl-Pod-Simple-1:3.42-4.el9.noarch                                           
-#8 5.659   perl-Pod-Usage-4:2.01-4.el9.noarch                                            
-#8 5.659   perl-Scalar-List-Utils-4:1.56-461.el9.x86_64                                  
-#8 5.659   perl-SelectSaver-1.02-481.el9.noarch                                          
-#8 5.659   perl-Socket-4:2.031-4.el9.x86_64                                              
-#8 5.659   perl-Storable-1:3.21-460.el9.x86_64                                           
-#8 5.659   perl-Symbol-1.08-481.el9.noarch                                               
-#8 5.659   perl-Term-ANSIColor-5.01-461.el9.noarch                                       
-#8 5.659   perl-Term-Cap-1.17-460.el9.noarch                                             
-#8 5.659   perl-TermReadKey-2.38-11.el9.x86_64                                           
-#8 5.659   perl-Text-ParseWords-3.30-460.el9.noarch                                      
-#8 5.659   perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch                                  
-#8 5.659   perl-Time-Local-2:1.300-7.el9.noarch                                          
-#8 5.659   perl-URI-5.09-3.el9.noarch                                                    
-#8 5.659   perl-base-2.27-481.el9.noarch                                                 
-#8 5.659   perl-constant-1.33-461.el9.noarch                                             
-#8 5.659   perl-if-0.60.800-481.el9.noarch                                               
-#8 5.659   perl-interpreter-4:5.32.1-481.el9.x86_64                                      
-#8 5.659   perl-lib-0.65-481.el9.x86_64                                                  
-#8 5.659   perl-libnet-3.13-4.el9.noarch                                                 
-#8 5.659   perl-libs-4:5.32.1-481.el9.x86_64                                             
-#8 5.659   perl-mro-1.23-481.el9.x86_64                                                  
-#8 5.659   perl-overload-1.31-481.el9.noarch                                             
-#8 5.659   perl-overloading-0.02-481.el9.noarch                                          
-#8 5.659   perl-parent-1:0.238-460.el9.noarch                                            
-#8 5.659   perl-podlators-1:4.14-460.el9.noarch                                          
-#8 5.659   perl-subs-1.03-481.el9.noarch                                                 
-#8 5.659   perl-vars-1.05-481.el9.noarch                                                 
-#8 5.659 Removed:
-#8 5.659   curl-minimal-7.76.1-29.el9_4.1.x86_64                                         
-#8 5.659 
-#8 5.659 Complete!
-#8 DONE 5.9s
+#8 4.970   Running scriptlet: curl-minimal-7.76.1-29.el9_4.1.x86_64                77/77 
+#8 5.499   Verifying        : curl-7.76.1-29.el9_4.1.x86_64                         1/77 
+#8 5.499   Verifying        : groff-base-1.22.4-10.el9.x86_64                       2/77 
+#8 5.500   Verifying        : less-590-4.el9_4.x86_64                               3/77 
+#8 5.500   Verifying        : libcbor-0.7.0-5.el9.x86_64                            4/77 
+#8 5.500   Verifying        : libedit-3.1-38.20210216cvs.el9.x86_64                 5/77 
+#8 5.500   Verifying        : libfido2-1.13.0-2.el9.x86_64                          6/77 
+#8 5.500   Verifying        : ncurses-6.2-10.20210508.el9.x86_64                    7/77 
+#8 5.500   Verifying        : openssh-8.7p1-38.el9_4.4.x86_64                       8/77 
+#8 5.500   Verifying        : openssh-clients-8.7p1-38.el9_4.4.x86_64               9/77 
+#8 5.500   Verifying        : perl-Carp-1.50-460.el9.noarch                        10/77 
+#8 5.500   Verifying        : perl-Data-Dumper-2.174-462.el9.x86_64                11/77 
+#8 5.500   Verifying        : perl-Digest-1.19-4.el9.noarch                        12/77 
+#8 5.500   Verifying        : perl-Digest-MD5-2.58-4.el9.x86_64                    13/77 
+#8 5.501   Verifying        : perl-Encode-4:3.08-462.el9.x86_64                    14/77 
+#8 5.501   Verifying        : perl-Error-1:0.17029-7.el9.noarch                    15/77 
+#8 5.501   Verifying        : perl-Exporter-5.74-461.el9.noarch                    16/77 
+#8 5.501   Verifying        : perl-File-Path-2.18-4.el9.noarch                     17/77 
+#8 5.501   Verifying        : perl-File-Temp-1:0.231.100-4.el9.noarch              18/77 
+#8 5.501   Verifying        : perl-Getopt-Long-1:2.52-4.el9.noarch                 19/77 
+#8 5.501   Verifying        : perl-IO-Socket-IP-0.41-5.el9.noarch                  20/77 
+#8 5.501   Verifying        : perl-IO-Socket-SSL-2.073-1.el9.noarch                21/77 
+#8 5.501   Verifying        : perl-MIME-Base64-3.16-4.el9.x86_64                   22/77 
+#8 5.501   Verifying        : perl-Mozilla-CA-20200520-6.el9.noarch                23/77 
+#8 5.501   Verifying        : perl-Net-SSLeay-1.92-2.el9.x86_64                    24/77 
+#8 5.502   Verifying        : perl-PathTools-3.78-461.el9.x86_64                   25/77 
+#8 5.502   Verifying        : perl-Pod-Escapes-1:1.07-460.el9.noarch               26/77 
+#8 5.502   Verifying        : perl-Pod-Perldoc-3.28.01-461.el9.noarch              27/77 
+#8 5.502   Verifying        : perl-Pod-Simple-1:3.42-4.el9.noarch                  28/77 
+#8 5.502   Verifying        : perl-Pod-Usage-4:2.01-4.el9.noarch                   29/77 
+#8 5.502   Verifying        : perl-Scalar-List-Utils-4:1.56-461.el9.x86_64         30/77 
+#8 5.502   Verifying        : perl-Socket-4:2.031-4.el9.x86_64                     31/77 
+#8 5.504   Verifying        : perl-Storable-1:3.21-460.el9.x86_64                  32/77 
+#8 5.504   Verifying        : perl-Term-ANSIColor-5.01-461.el9.noarch              33/77 
+#8 5.504   Verifying        : perl-Term-Cap-1.17-460.el9.noarch                    34/77 
+#8 5.504   Verifying        : perl-TermReadKey-2.38-11.el9.x86_64                  35/77 
+#8 5.504   Verifying        : perl-Text-ParseWords-3.30-460.el9.noarch             36/77 
+#8 5.504   Verifying        : perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch         37/77 
+#8 5.504   Verifying        : perl-Time-Local-2:1.300-7.el9.noarch                 38/77 
+#8 5.504   Verifying        : perl-URI-5.09-3.el9.noarch                           39/77 
+#8 5.504   Verifying        : perl-constant-1.33-461.el9.noarch                    40/77 
+#8 5.504   Verifying        : perl-if-0.60.800-481.el9.noarch                      41/77 
+#8 5.504   Verifying        : perl-libnet-3.13-4.el9.noarch                        42/77 
+#8 5.504   Verifying        : perl-parent-1:0.238-460.el9.noarch                   43/77 
+#8 5.504   Verifying        : perl-podlators-1:4.14-460.el9.noarch                 44/77 
+#8 5.504   Verifying        : emacs-filesystem-1:27.2-10.el9_4.noarch              45/77 
+#8 5.504   Verifying        : git-2.43.5-1.el9_4.x86_64                            46/77 
+#8 5.504   Verifying        : git-core-2.43.5-1.el9_4.x86_64                       47/77 
+#8 5.504   Verifying        : git-core-doc-2.43.5-1.el9_4.noarch                   48/77 
+#8 5.504   Verifying        : perl-AutoLoader-5.74-481.el9.noarch                  49/77 
+#8 5.504   Verifying        : perl-B-1.80-481.el9.x86_64                           50/77 
+#8 5.504   Verifying        : perl-Class-Struct-0.66-481.el9.noarch                51/77 
+#8 5.504   Verifying        : perl-DynaLoader-1.47-481.el9.x86_64                  52/77 
+#8 5.504   Verifying        : perl-Errno-1.30-481.el9.x86_64                       53/77 
+#8 5.504   Verifying        : perl-Fcntl-1.13-481.el9.x86_64                       54/77 
+#8 5.504   Verifying        : perl-File-Basename-2.85-481.el9.noarch               55/77 
+#8 5.505   Verifying        : perl-File-Find-1.37-481.el9.noarch                   56/77 
+#8 5.505   Verifying        : perl-File-stat-1.09-481.el9.noarch                   57/77 
+#8 5.505   Verifying        : perl-FileHandle-2.03-481.el9.noarch                  58/77 
+#8 5.505   Verifying        : perl-Getopt-Std-1.12-481.el9.noarch                  59/77 
+#8 5.505   Verifying        : perl-Git-2.43.5-1.el9_4.noarch                       60/77 
+#8 5.505   Verifying        : perl-HTTP-Tiny-0.076-462.el9.noarch                  61/77 
+#8 5.505   Verifying        : perl-IO-1.43-481.el9.x86_64                          62/77 
+#8 5.505   Verifying        : perl-IPC-Open3-1.21-481.el9.noarch                   63/77 
+#8 5.506   Verifying        : perl-NDBM_File-1.15-481.el9.x86_64                   64/77 
+#8 5.506   Verifying        : perl-POSIX-1.94-481.el9.x86_64                       65/77 
+#8 5.506   Verifying        : perl-SelectSaver-1.02-481.el9.noarch                 66/77 
+#8 5.506   Verifying        : perl-Symbol-1.08-481.el9.noarch                      67/77 
+#8 5.506   Verifying        : perl-base-2.27-481.el9.noarch                        68/77 
+#8 5.506   Verifying        : perl-interpreter-4:5.32.1-481.el9.x86_64             69/77 
+#8 5.506   Verifying        : perl-lib-0.65-481.el9.x86_64                         70/77 
+#8 5.506   Verifying        : perl-libs-4:5.32.1-481.el9.x86_64                    71/77 
+#8 5.506   Verifying        : perl-mro-1.23-481.el9.x86_64                         72/77 
+#8 5.506   Verifying        : perl-overload-1.31-481.el9.noarch                    73/77 
+#8 5.506   Verifying        : perl-overloading-0.02-481.el9.noarch                 74/77 
+#8 5.506   Verifying        : perl-subs-1.03-481.el9.noarch                        75/77 
+#8 5.506   Verifying        : perl-vars-1.05-481.el9.noarch                        76/77 
+#8 5.506   Verifying        : curl-minimal-7.76.1-29.el9_4.1.x86_64                77/77 
+#8 5.616 Installed products updated.
+#8 5.652 
+#8 5.652 Installed:
+#8 5.652   curl-7.76.1-29.el9_4.1.x86_64                                                 
+#8 5.652   emacs-filesystem-1:27.2-10.el9_4.noarch                                       
+#8 5.652   git-2.43.5-1.el9_4.x86_64                                                     
+#8 5.652   git-core-2.43.5-1.el9_4.x86_64                                                
+#8 5.652   git-core-doc-2.43.5-1.el9_4.noarch                                            
+#8 5.652   groff-base-1.22.4-10.el9.x86_64                                               
+#8 5.652   less-590-4.el9_4.x86_64                                                       
+#8 5.652   libcbor-0.7.0-5.el9.x86_64                                                    
+#8 5.652   libedit-3.1-38.20210216cvs.el9.x86_64                                         
+#8 5.652   libfido2-1.13.0-2.el9.x86_64                                                  
+#8 5.652   ncurses-6.2-10.20210508.el9.x86_64                                            
+#8 5.652   openssh-8.7p1-38.el9_4.4.x86_64                                               
+#8 5.652   openssh-clients-8.7p1-38.el9_4.4.x86_64                                       
+#8 5.652   perl-AutoLoader-5.74-481.el9.noarch                                           
+#8 5.652   perl-B-1.80-481.el9.x86_64                                                    
+#8 5.652   perl-Carp-1.50-460.el9.noarch                                                 
+#8 5.652   perl-Class-Struct-0.66-481.el9.noarch                                         
+#8 5.652   perl-Data-Dumper-2.174-462.el9.x86_64                                         
+#8 5.652   perl-Digest-1.19-4.el9.noarch                                                 
+#8 5.652   perl-Digest-MD5-2.58-4.el9.x86_64                                             
+#8 5.652   perl-DynaLoader-1.47-481.el9.x86_64                                           
+#8 5.652   perl-Encode-4:3.08-462.el9.x86_64                                             
+#8 5.652   perl-Errno-1.30-481.el9.x86_64                                                
+#8 5.652   perl-Error-1:0.17029-7.el9.noarch                                             
+#8 5.652   perl-Exporter-5.74-461.el9.noarch                                             
+#8 5.652   perl-Fcntl-1.13-481.el9.x86_64                                                
+#8 5.652   perl-File-Basename-2.85-481.el9.noarch                                        
+#8 5.652   perl-File-Find-1.37-481.el9.noarch                                            
+#8 5.652   perl-File-Path-2.18-4.el9.noarch                                              
+#8 5.652   perl-File-Temp-1:0.231.100-4.el9.noarch                                       
+#8 5.652   perl-File-stat-1.09-481.el9.noarch                                            
+#8 5.652   perl-FileHandle-2.03-481.el9.noarch                                           
+#8 5.652   perl-Getopt-Long-1:2.52-4.el9.noarch                                          
+#8 5.652   perl-Getopt-Std-1.12-481.el9.noarch                                           
+#8 5.652   perl-Git-2.43.5-1.el9_4.noarch                                                
+#8 5.652   perl-HTTP-Tiny-0.076-462.el9.noarch                                           
+#8 5.652   perl-IO-1.43-481.el9.x86_64                                                   
+#8 5.652   perl-IO-Socket-IP-0.41-5.el9.noarch                                           
+#8 5.652   perl-IO-Socket-SSL-2.073-1.el9.noarch                                         
+#8 5.652   perl-IPC-Open3-1.21-481.el9.noarch                                            
+#8 5.652   perl-MIME-Base64-3.16-4.el9.x86_64                                            
+#8 5.652   perl-Mozilla-CA-20200520-6.el9.noarch                                         
+#8 5.652   perl-NDBM_File-1.15-481.el9.x86_64                                            
+#8 5.652   perl-Net-SSLeay-1.92-2.el9.x86_64                                             
+#8 5.652   perl-POSIX-1.94-481.el9.x86_64                                                
+#8 5.652   perl-PathTools-3.78-461.el9.x86_64                                            
+#8 5.652   perl-Pod-Escapes-1:1.07-460.el9.noarch                                        
+#8 5.652   perl-Pod-Perldoc-3.28.01-461.el9.noarch                                       
+#8 5.652   perl-Pod-Simple-1:3.42-4.el9.noarch                                           
+#8 5.652   perl-Pod-Usage-4:2.01-4.el9.noarch                                            
+#8 5.652   perl-Scalar-List-Utils-4:1.56-461.el9.x86_64                                  
+#8 5.652   perl-SelectSaver-1.02-481.el9.noarch                                          
+#8 5.652   perl-Socket-4:2.031-4.el9.x86_64                                              
+#8 5.652   perl-Storable-1:3.21-460.el9.x86_64                                           
+#8 5.652   perl-Symbol-1.08-481.el9.noarch                                               
+#8 5.652   perl-Term-ANSIColor-5.01-461.el9.noarch                                       
+#8 5.652   perl-Term-Cap-1.17-460.el9.noarch                                             
+#8 5.652   perl-TermReadKey-2.38-11.el9.x86_64                                           
+#8 5.652   perl-Text-ParseWords-3.30-460.el9.noarch                                      
+#8 5.652   perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch                                  
+#8 5.652   perl-Time-Local-2:1.300-7.el9.noarch                                          
+#8 5.652   perl-URI-5.09-3.el9.noarch                                                    
+#8 5.652   perl-base-2.27-481.el9.noarch                                                 
+#8 5.652   perl-constant-1.33-461.el9.noarch                                             
+#8 5.652   perl-if-0.60.800-481.el9.noarch                                               
+#8 5.652   perl-interpreter-4:5.32.1-481.el9.x86_64                                      
+#8 5.652   perl-lib-0.65-481.el9.x86_64                                                  
+#8 5.652   perl-libnet-3.13-4.el9.noarch                                                 
+#8 5.652   perl-libs-4:5.32.1-481.el9.x86_64                                             
+#8 5.652   perl-mro-1.23-481.el9.x86_64                                                  
+#8 5.652   perl-overload-1.31-481.el9.noarch                                             
+#8 5.652   perl-overloading-0.02-481.el9.noarch                                          
+#8 5.652   perl-parent-1:0.238-460.el9.noarch                                            
+#8 5.652   perl-podlators-1:4.14-460.el9.noarch                                          
+#8 5.652   perl-subs-1.03-481.el9.noarch                                                 
+#8 5.652   perl-vars-1.05-481.el9.noarch                                                 
+#8 5.652 Removed:
+#8 5.652   curl-minimal-7.76.1-29.el9_4.1.x86_64                                         
+#8 5.652 
+#8 5.652 Complete!
+#8 DONE 5.8s
 
 #7 [4/6] RUN curl -LO https://storage.googleapis.com/kubernetes-release/rel...
-#7 0.166   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-#7 0.167                                  Dload  Upload   Total   Spent    Left  Speed
-#7 0.167   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  9 44.2M    9 4120k    0     0  18.8M      0  0:00:02 --:--:--  0:00:02 18.7M100 44.2M  100 44.2M    0     0  97.5M      0 --:--:-- --:--:-- --:--:-- 97.3M
+#7 0.223   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+#7 0.223                                  Dload  Upload   Total   Spent    Left  Speed
+#7 0.223   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 44.2M  100 44.2M    0     0   116M      0 --:--:-- --:--:-- --:--:--  116M
 #7 DONE 0.7s
 
 #5 [5/6] COPY docker/licenses /licenses
@@ -12170,19 +12173,19 @@ quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0
 
 #11 exporting to image
 #11 exporting layers
-#11 exporting layers 0.9s done
-#11 writing image sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417 done
+#11 exporting layers 1.0s done
+#11 writing image sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128 done
 #11 naming to quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 done
 #11 DONE 1.0s
 +docker images
 REPOSITORY                                     TAG                 IMAGE ID       CREATED              SIZE
-quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     79675933efd3   1 second ago         585MB
-quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     498f43b83745   9 seconds ago        733MB
-quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     86a33d83c0fb   13 seconds ago       672MB
-quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     df6f1e78129c   34 seconds ago       648MB
-quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     cdecf6ab6714   42 seconds ago       492MB
-quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     abc733d75b12   About a minute ago   660MB
-quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     60cf24bb0508   2 minutes ago        1.31GB
+quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     ab7cabebc916   2 seconds ago        585MB
+quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     84cbe40d7b97   9 seconds ago        733MB
+quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     cd7e95c488fe   13 seconds ago       672MB
+quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     d41b18f31029   34 seconds ago       648MB
+quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     b9c6dcdbf7ea   40 seconds ago       492MB
+quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     c85998ec121b   About a minute ago   660MB
+quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     076b30c0055f   2 minutes ago        1.31GB
 quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
 +docker build -t quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-webhook .
 #1 [internal] load build definition from Dockerfile-webhook
@@ -12190,7 +12193,7 @@ quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi:9.3
-#2 DONE 0.9s
+#2 DONE 0.1s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
@@ -12215,28 +12218,27 @@ quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0
 #9 exporting to image
 #9 exporting layers
 #9 exporting layers 0.2s done
-#9 writing image sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051
-#9 writing image sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051 done
+#9 writing image sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d done
 #9 naming to quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 done
 #9 DONE 0.2s
 +docker images
-REPOSITORY                                     TAG                 IMAGE ID       CREATED                  SIZE
-quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     5cc383ac6334   Less than a second ago   428MB
-quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     79675933efd3   3 seconds ago            585MB
-quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     498f43b83745   11 seconds ago           733MB
-quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     86a33d83c0fb   15 seconds ago           672MB
-quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     df6f1e78129c   36 seconds ago           648MB
-quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     cdecf6ab6714   44 seconds ago           492MB
-quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     abc733d75b12   About a minute ago       660MB
-quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     60cf24bb0508   2 minutes ago            1.31GB
-quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago              1.2GB
+REPOSITORY                                     TAG                 IMAGE ID       CREATED              SIZE
+quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     3ecd3075dac1   1 second ago         428MB
+quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     ab7cabebc916   3 seconds ago        585MB
+quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     84cbe40d7b97   10 seconds ago       733MB
+quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     cd7e95c488fe   14 seconds ago       672MB
+quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     d41b18f31029   35 seconds ago       648MB
+quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     b9c6dcdbf7ea   41 seconds ago       492MB
+quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     c85998ec121b   About a minute ago   660MB
+quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     076b30c0055f   2 minutes ago        1.31GB
+quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
 +docker build -t quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 --file=docker/travis/Dockerfile-certmanager .
 #1 [internal] load build definition from Dockerfile-certmanager
 #1 transferring dockerfile: 652B done
 #1 DONE 0.0s
 
 #2 [internal] load metadata for registry.access.redhat.com/ubi9/ubi:9.3
-#2 DONE 0.5s
+#2 DONE 0.3s
 
 #3 [internal] load .dockerignore
 #3 transferring context: 46B done
@@ -12261,21 +12263,21 @@ quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0
 #9 exporting to image
 #9 exporting layers
 #9 exporting layers 0.2s done
-#9 writing image sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479 done
+#9 writing image sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92 done
 #9 naming to quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 done
 #9 DONE 0.2s
 +docker images
-REPOSITORY                                     TAG                 IMAGE ID       CREATED              SIZE
-quay.io/noirolabs/aci-containers-certmanager   6.0.4.4.81c2369     8a32036d3745   1 second ago         428MB
-quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     5cc383ac6334   2 seconds ago        428MB
-quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     79675933efd3   5 seconds ago        585MB
-quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     498f43b83745   13 seconds ago       733MB
-quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     86a33d83c0fb   17 seconds ago       672MB
-quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     df6f1e78129c   38 seconds ago       648MB
-quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     cdecf6ab6714   46 seconds ago       492MB
-quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     abc733d75b12   About a minute ago   660MB
-quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     60cf24bb0508   2 minutes ago        1.31GB
-quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
+REPOSITORY                                     TAG                 IMAGE ID       CREATED                  SIZE
+quay.io/noirolabs/aci-containers-certmanager   6.0.4.4.81c2369     e5ce9f068a85   Less than a second ago   428MB
+quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     3ecd3075dac1   2 seconds ago            428MB
+quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     ab7cabebc916   4 seconds ago            585MB
+quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     84cbe40d7b97   11 seconds ago           733MB
+quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     cd7e95c488fe   15 seconds ago           672MB
+quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     d41b18f31029   36 seconds ago           648MB
+quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     b9c6dcdbf7ea   42 seconds ago           492MB
+quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     c85998ec121b   About a minute ago       660MB
+quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     076b30c0055f   2 minutes ago            1.31GB
+quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago              1.2GB
 ++grep -E '^FROM' docker/travis/Dockerfile-controller
 ++awk '{print $2}'
 +ACI_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
@@ -12287,15 +12289,15 @@ Status: Downloaded newer image for registry.access.redhat.com/ubi9/ubi:9.3
 registry.access.redhat.com/ubi9/ubi:9.3
 +docker images
 REPOSITORY                                     TAG                 IMAGE ID       CREATED              SIZE
-quay.io/noirolabs/aci-containers-certmanager   6.0.4.4.81c2369     8a32036d3745   2 seconds ago        428MB
-quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     5cc383ac6334   3 seconds ago        428MB
-quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     79675933efd3   6 seconds ago        585MB
-quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     498f43b83745   14 seconds ago       733MB
-quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     86a33d83c0fb   18 seconds ago       672MB
-quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     df6f1e78129c   39 seconds ago       648MB
-quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     cdecf6ab6714   47 seconds ago       492MB
-quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     abc733d75b12   About a minute ago   660MB
-quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     60cf24bb0508   2 minutes ago        1.31GB
+quay.io/noirolabs/aci-containers-certmanager   6.0.4.4.81c2369     e5ce9f068a85   1 second ago         428MB
+quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     3ecd3075dac1   3 seconds ago        428MB
+quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     ab7cabebc916   5 seconds ago        585MB
+quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     84cbe40d7b97   12 seconds ago       733MB
+quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     cd7e95c488fe   16 seconds ago       672MB
+quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     d41b18f31029   37 seconds ago       648MB
+quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     b9c6dcdbf7ea   43 seconds ago       492MB
+quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     c85998ec121b   About a minute ago   660MB
+quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     076b30c0055f   2 minutes ago        1.31GB
 quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
 registry.access.redhat.com/ubi9/ubi            9.3                 8d2a8803cfca   8 months ago         211MB
 ++grep -E '^FROM' docker/travis/Dockerfile-openvswitch
@@ -12309,22 +12311,22 @@ Status: Downloaded newer image for registry.access.redhat.com/ubi9/ubi-minimal:9
 registry.access.redhat.com/ubi9/ubi-minimal:9.3
 +docker images
 REPOSITORY                                     TAG                 IMAGE ID       CREATED              SIZE
-quay.io/noirolabs/aci-containers-certmanager   6.0.4.4.81c2369     8a32036d3745   3 seconds ago        428MB
-quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     5cc383ac6334   4 seconds ago        428MB
-quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     79675933efd3   7 seconds ago        585MB
-quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     498f43b83745   15 seconds ago       733MB
-quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     86a33d83c0fb   19 seconds ago       672MB
-quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     df6f1e78129c   40 seconds ago       648MB
-quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     cdecf6ab6714   48 seconds ago       492MB
-quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     abc733d75b12   About a minute ago   660MB
-quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     60cf24bb0508   2 minutes ago        1.31GB
+quay.io/noirolabs/aci-containers-certmanager   6.0.4.4.81c2369     e5ce9f068a85   3 seconds ago        428MB
+quay.io/noirolabs/aci-containers-webhook       6.0.4.4.81c2369     3ecd3075dac1   5 seconds ago        428MB
+quay.io/noirolabs/aci-containers-operator      6.0.4.4.81c2369     ab7cabebc916   7 seconds ago        585MB
+quay.io/noirolabs/aci-containers-host-ovscni   6.0.4.4.81c2369     84cbe40d7b97   14 seconds ago       733MB
+quay.io/noirolabs/aci-containers-host          6.0.4.4.81c2369     cd7e95c488fe   18 seconds ago       672MB
+quay.io/noirolabs/aci-containers-controller    6.0.4.4.81c2369     d41b18f31029   39 seconds ago       648MB
+quay.io/noirolabs/cnideploy                    6.0.4.4.81c2369     b9c6dcdbf7ea   45 seconds ago       492MB
+quay.io/noirolabs/openvswitch                  6.0.4.4.81c2369     c85998ec121b   About a minute ago   660MB
+quay.io/noirolabs/openvswitch-base             6.0.4.4.81c2369     076b30c0055f   2 minutes ago        1.31GB
 quay.io/noirolabs/opflex-build-base            6.0.4.4.81c2369.z   04ef140ac4e0   4 weeks ago          1.2GB
 registry.access.redhat.com/ubi9/ubi-minimal    9.3                 94c019837352   8 months ago         95.6MB
 registry.access.redhat.com/ubi9/ubi            9.3                 8d2a8803cfca   8 months ago         211MB
 +ALL_IMAGES=("aci-containers-host" "aci-containers-controller" "cnideploy" "aci-containers-operator" "openvswitch" "aci-containers-webhook" "aci-containers-certmanager" "aci-containers-host-ovscni")
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ aci-containers-host != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-host 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-host 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -12332,9 +12334,9 @@ registry.access.redhat.com/ubi9/ubi            9.3                 8d2a8803cfca
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -12349,9 +12351,9 @@ registry.access.redhat.com/ubi9/ubi            9.3                 8d2a8803cfca
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=aci-containers-host
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 +sh -s -- -b /tmp
@@ -12366,1087 +12368,1087 @@ registry.access.redhat.com/ubi9/ubi            9.3                 8d2a8803cfca
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:40:47--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
-Resolving github.com (github.com)... 140.82.112.3
-Connecting to github.com (github.com)|140.82.112.3|:443... connected.
+--2024-11-11 09:50:54--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+Resolving github.com (github.com)... 140.82.114.3
+Connecting to github.com (github.com)|140.82.114.3|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
-Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
+Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb’
 
-     0K .......... .......... .......... .......... ..........  0% 3.41M 15s
-    50K .......... .......... .......... .......... ..........  0% 3.89M 14s
-   100K .......... .......... .......... .......... ..........  0% 12.9M 11s
-   150K .......... .......... .......... .......... ..........  0% 17.3M 9s
-   200K .......... .......... .......... .......... ..........  0% 7.20M 9s
-   250K .......... .......... .......... .......... ..........  0% 19.8M 8s
-   300K .......... .......... .......... .......... ..........  0% 32.8M 7s
-   350K .......... .......... .......... .......... ..........  0% 26.1M 6s
-   400K .......... .......... .......... .......... ..........  0% 47.9M 6s
-   450K .......... .......... .......... .......... ..........  0% 7.84M 6s
-   500K .......... .......... .......... .......... ..........  1% 37.1M 5s
-   550K .......... .......... .......... .......... ..........  1% 56.4M 5s
-   600K .......... .......... .......... .......... ..........  1% 46.9M 5s
-   650K .......... .......... .......... .......... ..........  1% 84.8M 4s
-   700K .......... .......... .......... .......... ..........  1% 46.9M 4s
-   750K .......... .......... .......... .......... ..........  1% 69.7M 4s
-   800K .......... .......... .......... .......... ..........  1% 56.9M 4s
-   850K .......... .......... .......... .......... ..........  1%  158M 4s
-   900K .......... .......... .......... .......... ..........  1% 56.8M 3s
-   950K .......... .......... .......... .......... ..........  1% 8.43M 3s
-  1000K .......... .......... .......... .......... ..........  1% 53.4M 3s
-  1050K .......... .......... .......... .......... ..........  2% 93.6M 3s
-  1100K .......... .......... .......... .......... ..........  2% 64.9M 3s
-  1150K .......... .......... .......... .......... ..........  2%  234M 3s
-  1200K .......... .......... .......... .......... ..........  2% 75.5M 3s
-  1250K .......... .......... .......... .......... ..........  2% 61.4M 3s
-  1300K .......... .......... .......... .......... ..........  2%  150M 3s
-  1350K .......... .......... .......... .......... ..........  2%  207M 3s
-  1400K .......... .......... .......... .......... ..........  2%  253M 3s
-  1450K .......... .......... .......... .......... ..........  2%  101M 2s
-  1500K .......... .......... .......... .......... ..........  2% 95.0M 2s
-  1550K .......... .......... .......... .......... ..........  2% 70.2M 2s
-  1600K .......... .......... .......... .......... ..........  3% 66.6M 2s
-  1650K .......... .......... .......... .......... ..........  3% 90.5M 2s
-  1700K .......... .......... .......... .......... ..........  3% 58.9M 2s
-  1750K .......... .......... .......... .......... ..........  3%  143M 2s
-  1800K .......... .......... .......... .......... ..........  3%  239M 2s
-  1850K .......... .......... .......... .......... ..........  3%  259M 2s
-  1900K .......... .......... .......... .......... ..........  3% 34.7M 2s
-  1950K .......... .......... .......... .......... ..........  3% 17.3M 2s
-  2000K .......... .......... .......... .......... ..........  3%  125M 2s
-  2050K .......... .......... .......... .......... ..........  3%  158M 2s
-  2100K .......... .......... .......... .......... ..........  4%  188M 2s
-  2150K .......... .......... .......... .......... ..........  4%  248M 2s
-  2200K .......... .......... .......... .......... ..........  4%  199M 2s
-  2250K .......... .......... .......... .......... ..........  4%  154M 2s
-  2300K .......... .......... .......... .......... ..........  4% 80.8M 2s
-  2350K .......... .......... .......... .......... ..........  4% 86.1M 2s
-  2400K .......... .......... .......... .......... ..........  4% 46.6M 2s
-  2450K .......... .......... .......... .......... ..........  4% 78.5M 2s
-  2500K .......... .......... .......... .......... ..........  4% 42.3M 2s
-  2550K .......... .......... .......... .......... ..........  4% 48.3M 2s
-  2600K .......... .......... .......... .......... ..........  4%  119M 2s
-  2650K .......... .......... .......... .......... ..........  5%  229M 2s
-  2700K .......... .......... .......... .......... ..........  5% 57.3M 2s
-  2750K .......... .......... .......... .......... ..........  5%  186M 2s
-  2800K .......... .......... .......... .......... ..........  5%  215M 2s
-  2850K .......... .......... .......... .......... ..........  5%  113M 2s
-  2900K .......... .......... .......... .......... ..........  5% 64.8M 2s
-  2950K .......... .......... .......... .......... ..........  5%  156M 2s
-  3000K .......... .......... .......... .......... ..........  5% 79.6M 1s
-  3050K .......... .......... .......... .......... ..........  5% 74.5M 1s
-  3100K .......... .......... .......... .......... ..........  5% 21.1M 1s
-  3150K .......... .......... .......... .......... ..........  5%  113M 1s
-  3200K .......... .......... .......... .......... ..........  6%  226M 1s
-  3250K .......... .......... .......... .......... ..........  6%  178M 1s
-  3300K .......... .......... .......... .......... ..........  6%  156M 1s
-  3350K .......... .......... .......... .......... ..........  6%  220M 1s
-  3400K .......... .......... .......... .......... ..........  6%  202M 1s
-  3450K .......... .......... .......... .......... ..........  6%  199M 1s
-  3500K .......... .......... .......... .......... ..........  6% 16.1M 1s
-  3550K .......... .......... .......... .......... ..........  6% 29.8M 1s
-  3600K .......... .......... .......... .......... ..........  6% 38.7M 1s
-  3650K .......... .......... .......... .......... ..........  6%  157M 1s
-  3700K .......... .......... .......... .......... ..........  7% 88.6M 1s
-  3750K .......... .......... .......... .......... ..........  7% 90.9M 1s
-  3800K .......... .......... .......... .......... ..........  7%  250M 1s
-  3850K .......... .......... .......... .......... ..........  7%  189M 1s
-  3900K .......... .......... .......... .......... ..........  7%  216M 1s
-  3950K .......... .......... .......... .......... ..........  7%  232M 1s
-  4000K .......... .......... .......... .......... ..........  7%  246M 1s
-  4050K .......... .......... .......... .......... ..........  7%  248M 1s
-  4100K .......... .......... .......... .......... ..........  7%  207M 1s
-  4150K .......... .......... .......... .......... ..........  7%  228M 1s
-  4200K .......... .......... .......... .......... ..........  7% 19.1M 1s
-  4250K .......... .......... .......... .......... ..........  8% 38.7M 1s
-  4300K .......... .......... .......... .......... ..........  8% 47.0M 1s
-  4350K .......... .......... .......... .......... ..........  8%  241M 1s
-  4400K .......... .......... .......... .......... ..........  8%  199M 1s
-  4450K .......... .......... .......... .......... ..........  8% 80.1M 1s
-  4500K .......... .......... .......... .......... ..........  8% 70.1M 1s
-  4550K .......... .......... .......... .......... ..........  8% 66.7M 1s
-  4600K .......... .......... .......... .......... ..........  8%  191M 1s
-  4650K .......... .......... .......... .......... ..........  8%  211M 1s
-  4700K .......... .......... .......... .......... ..........  8%  185M 1s
-  4750K .......... .......... .......... .......... ..........  8%  245M 1s
-  4800K .......... .......... .......... .......... ..........  9%  197M 1s
-  4850K .......... .......... .......... .......... ..........  9%  241M 1s
-  4900K .......... .......... .......... .......... ..........  9%  183M 1s
-  4950K .......... .......... .......... .......... ..........  9% 15.8M 1s
-  5000K .......... .......... .......... .......... ..........  9% 80.6M 1s
-  5050K .......... .......... .......... .......... ..........  9%  248M 1s
-  5100K .......... .......... .......... .......... ..........  9%  195M 1s
-  5150K .......... .......... .......... .......... ..........  9% 79.4M 1s
-  5200K .......... .......... .......... .......... ..........  9% 78.9M 1s
-  5250K .......... .......... .......... .......... ..........  9% 70.6M 1s
-  5300K .......... .......... .......... .......... .......... 10% 54.9M 1s
-  5350K .......... .......... .......... .......... .......... 10% 71.3M 1s
-  5400K .......... .......... .......... .......... .......... 10% 74.9M 1s
-  5450K .......... .......... .......... .......... .......... 10% 62.6M 1s
-  5500K .......... .......... .......... .......... .......... 10%  188M 1s
-  5550K .......... .......... .......... .......... .......... 10%  250M 1s
-  5600K .......... .......... .......... .......... .......... 10%  212M 1s
-  5650K .......... .......... .......... .......... .......... 10%  188M 1s
-  5700K .......... .......... .......... .......... .......... 10% 32.2M 1s
-  5750K .......... .......... .......... .......... .......... 10%  237M 1s
-  5800K .......... .......... .......... .......... .......... 10% 70.6M 1s
-  5850K .......... .......... .......... .......... .......... 11% 60.6M 1s
-  5900K .......... .......... .......... .......... .......... 11% 50.3M 1s
-  5950K .......... .......... .......... .......... .......... 11% 88.8M 1s
-  6000K .......... .......... .......... .......... .......... 11%  120M 1s
-  6050K .......... .......... .......... .......... .......... 11%  240M 1s
+     0K .......... .......... .......... .......... ..........  0% 4.35M 12s
+    50K .......... .......... .......... .......... ..........  0% 4.65M 12s
+   100K .......... .......... .......... .......... ..........  0% 24.5M 8s
+   150K .......... .......... .......... .......... ..........  0% 23.2M 7s
+   200K .......... .......... .......... .......... ..........  0% 7.68M 7s
+   250K .......... .......... .......... .......... ..........  0% 39.7M 6s
+   300K .......... .......... .......... .......... ..........  0% 39.1M 5s
+   350K .......... .......... .......... .......... ..........  0% 27.4M 5s
+   400K .......... .......... .......... .......... ..........  0% 69.9M 4s
+   450K .......... .......... .......... .......... ..........  0% 59.3M 4s
+   500K .......... .......... .......... .......... ..........  1% 9.80M 4s
+   550K .......... .......... .......... .......... ..........  1% 28.3M 4s
+   600K .......... .......... .......... .......... ..........  1%  237M 4s
+   650K .......... .......... .......... .......... ..........  1%  145M 3s
+   700K .......... .......... .......... .......... ..........  1% 57.3M 3s
+   750K .......... .......... .......... .......... ..........  1% 70.7M 3s
+   800K .......... .......... .......... .......... ..........  1% 74.2M 3s
+   850K .......... .......... .......... .......... ..........  1%  228M 3s
+   900K .......... .......... .......... .......... ..........  1% 84.8M 3s
+   950K .......... .......... .......... .......... ..........  1% 75.8M 3s
+  1000K .......... .......... .......... .......... ..........  1% 93.5M 2s
+  1050K .......... .......... .......... .......... ..........  2% 71.5M 2s
+  1100K .......... .......... .......... .......... ..........  2% 12.8M 2s
+  1150K .......... .......... .......... .......... ..........  2% 54.0M 2s
+  1200K .......... .......... .......... .......... ..........  2% 68.8M 2s
+  1250K .......... .......... .......... .......... ..........  2%  224M 2s
+  1300K .......... .......... .......... .......... ..........  2%  100M 2s
+  1350K .......... .......... .......... .......... ..........  2% 75.8M 2s
+  1400K .......... .......... .......... .......... ..........  2%  206M 2s
+  1450K .......... .......... .......... .......... ..........  2%  103M 2s
+  1500K .......... .......... .......... .......... ..........  2% 59.4M 2s
+  1550K .......... .......... .......... .......... ..........  2% 80.7M 2s
+  1600K .......... .......... .......... .......... ..........  3%  227M 2s
+  1650K .......... .......... .......... .......... ..........  3%  230M 2s
+  1700K .......... .......... .......... .......... ..........  3%  256M 2s
+  1750K .......... .......... .......... .......... ..........  3%  221M 2s
+  1800K .......... .......... .......... .......... ..........  3%  122M 2s
+  1850K .......... .......... .......... .......... ..........  3% 31.0M 2s
+  1900K .......... .......... .......... .......... ..........  3% 64.0M 2s
+  1950K .......... .......... .......... .......... ..........  3%  132M 2s
+  2000K .......... .......... .......... .......... ..........  3%  244M 2s
+  2050K .......... .......... .......... .......... ..........  3%  251M 2s
+  2100K .......... .......... .......... .......... ..........  4%  253M 2s
+  2150K .......... .......... .......... .......... ..........  4%  228M 1s
+  2200K .......... .......... .......... .......... ..........  4% 46.1M 1s
+  2250K .......... .......... .......... .......... ..........  4%  244M 1s
+  2300K .......... .......... .......... .......... ..........  4%  220M 1s
+  2350K .......... .......... .......... .......... ..........  4%  206M 1s
+  2400K .......... .......... .......... .......... ..........  4%  255M 1s
+  2450K .......... .......... .......... .......... ..........  4% 75.8M 1s
+  2500K .......... .......... .......... .......... ..........  4%  251M 1s
+  2550K .......... .......... .......... .......... ..........  4%  218M 1s
+  2600K .......... .......... .......... .......... ..........  4%  257M 1s
+  2650K .......... .......... .......... .......... ..........  5%  220M 1s
+  2700K .......... .......... .......... .......... ..........  5%  236M 1s
+  2750K .......... .......... .......... .......... ..........  5%  207M 1s
+  2800K .......... .......... .......... .......... ..........  5%  242M 1s
+  2850K .......... .......... .......... .......... ..........  5%  237M 1s
+  2900K .......... .......... .......... .......... ..........  5%  106M 1s
+  2950K .......... .......... .......... .......... ..........  5% 65.4M 1s
+  3000K .......... .......... .......... .......... ..........  5% 91.3M 1s
+  3050K .......... .......... .......... .......... ..........  5% 84.0M 1s
+  3100K .......... .......... .......... .......... ..........  5%  117M 1s
+  3150K .......... .......... .......... .......... ..........  5% 77.0M 1s
+  3200K .......... .......... .......... .......... ..........  6% 81.1M 1s
+  3250K .......... .......... .......... .......... ..........  6% 95.9M 1s
+  3300K .......... .......... .......... .......... ..........  6%  122M 1s
+  3350K .......... .......... .......... .......... ..........  6%  207M 1s
+  3400K .......... .......... .......... .......... ..........  6%  236M 1s
+  3450K .......... .......... .......... .......... ..........  6% 96.5M 1s
+  3500K .......... .......... .......... .......... ..........  6% 89.8M 1s
+  3550K .......... .......... .......... .......... ..........  6% 68.9M 1s
+  3600K .......... .......... .......... .......... ..........  6% 80.0M 1s
+  3650K .......... .......... .......... .......... ..........  6%  222M 1s
+  3700K .......... .......... .......... .......... ..........  7%  136M 1s
+  3750K .......... .......... .......... .......... ..........  7% 93.4M 1s
+  3800K .......... .......... .......... .......... ..........  7% 89.7M 1s
+  3850K .......... .......... .......... .......... ..........  7% 98.5M 1s
+  3900K .......... .......... .......... .......... ..........  7% 73.1M 1s
+  3950K .......... .......... .......... .......... ..........  7%  169M 1s
+  4000K .......... .......... .......... .......... ..........  7%  244M 1s
+  4050K .......... .......... .......... .......... ..........  7%  201M 1s
+  4100K .......... .......... .......... .......... ..........  7%  232M 1s
+  4150K .......... .......... .......... .......... ..........  7%  203M 1s
+  4200K .......... .......... .......... .......... ..........  7%  236M 1s
+  4250K .......... .......... .......... .......... ..........  8%  109M 1s
+  4300K .......... .......... .......... .......... ..........  8%  193M 1s
+  4350K .......... .......... .......... .......... ..........  8% 49.2M 1s
+  4400K .......... .......... .......... .......... ..........  8% 25.6M 1s
+  4450K .......... .......... .......... .......... ..........  8%  240M 1s
+  4500K .......... .......... .......... .......... ..........  8%  210M 1s
+  4550K .......... .......... .......... .......... ..........  8%  181M 1s
+  4600K .......... .......... .......... .......... ..........  8% 75.2M 1s
+  4650K .......... .......... .......... .......... ..........  8% 69.1M 1s
+  4700K .......... .......... .......... .......... ..........  8% 75.1M 1s
+  4750K .......... .......... .......... .......... ..........  8% 77.3M 1s
+  4800K .......... .......... .......... .......... ..........  9% 75.0M 1s
+  4850K .......... .......... .......... .......... ..........  9%  133M 1s
+  4900K .......... .......... .......... .......... ..........  9% 71.8M 1s
+  4950K .......... .......... .......... .......... ..........  9%  211M 1s
+  5000K .......... .......... .......... .......... ..........  9%  254M 1s
+  5050K .......... .......... .......... .......... ..........  9%  222M 1s
+  5100K .......... .......... .......... .......... ..........  9%  238M 1s
+  5150K .......... .......... .......... .......... ..........  9%  211M 1s
+  5200K .......... .......... .......... .......... ..........  9%  199M 1s
+  5250K .......... .......... .......... .......... ..........  9%  240M 1s
+  5300K .......... .......... .......... .......... .......... 10% 88.1M 1s
+  5350K .......... .......... .......... .......... .......... 10% 62.6M 1s
+  5400K .......... .......... .......... .......... .......... 10%  113M 1s
+  5450K .......... .......... .......... .......... .......... 10% 77.5M 1s
+  5500K .......... .......... .......... .......... .......... 10% 84.2M 1s
+  5550K .......... .......... .......... .......... .......... 10%  140M 1s
+  5600K .......... .......... .......... .......... .......... 10%  250M 1s
+  5650K .......... .......... .......... .......... .......... 10%  212M 1s
+  5700K .......... .......... .......... .......... .......... 10% 78.1M 1s
+  5750K .......... .......... .......... .......... .......... 10% 79.7M 1s
+  5800K .......... .......... .......... .......... .......... 10% 73.1M 1s
+  5850K .......... .......... .......... .......... .......... 11% 87.1M 1s
+  5900K .......... .......... .......... .......... .......... 11% 68.9M 1s
+  5950K .......... .......... .......... .......... .......... 11% 89.0M 1s
+  6000K .......... .......... .......... .......... .......... 11% 62.2M 1s
+  6050K .......... .......... .......... .......... .......... 11% 82.5M 1s
   6100K .......... .......... .......... .......... .......... 11%  216M 1s
-  6150K .......... .......... .......... .......... .......... 11%  194M 1s
-  6200K .......... .......... .......... .......... .......... 11%  190M 1s
-  6250K .......... .......... .......... .......... .......... 11%  245M 1s
-  6300K .......... .......... .......... .......... .......... 11%  214M 1s
-  6350K .......... .......... .......... .......... .......... 11%  246M 1s
-  6400K .......... .......... .......... .......... .......... 12%  214M 1s
-  6450K .......... .......... .......... .......... .......... 12% 26.4M 1s
-  6500K .......... .......... .......... .......... .......... 12%  184M 1s
-  6550K .......... .......... .......... .......... .......... 12%  245M 1s
-  6600K .......... .......... .......... .......... .......... 12% 26.9M 1s
-  6650K .......... .......... .......... .......... .......... 12% 64.8M 1s
-  6700K .......... .......... .......... .......... .......... 12% 81.2M 1s
-  6750K .......... .......... .......... .......... .......... 12% 61.5M 1s
-  6800K .......... .......... .......... .......... .......... 12% 66.9M 1s
-  6850K .......... .......... .......... .......... .......... 12% 62.2M 1s
-  6900K .......... .......... .......... .......... .......... 13% 63.3M 1s
-  6950K .......... .......... .......... .......... .......... 13% 71.4M 1s
-  7000K .......... .......... .......... .......... .......... 13% 78.6M 1s
-  7050K .......... .......... .......... .......... .......... 13%  109M 1s
-  7100K .......... .......... .......... .......... .......... 13%  133M 1s
-  7150K .......... .......... .......... .......... .......... 13%  226M 1s
-  7200K .......... .......... .......... .......... .......... 13% 62.5M 1s
-  7250K .......... .......... .......... .......... .......... 13% 33.1M 1s
-  7300K .......... .......... .......... .......... .......... 13% 90.4M 1s
-  7350K .......... .......... .......... .......... .......... 13% 62.1M 1s
-  7400K .......... .......... .......... .......... .......... 13% 72.9M 1s
-  7450K .......... .......... .......... .......... .......... 14% 73.0M 1s
-  7500K .......... .......... .......... .......... .......... 14%  208M 1s
-  7550K .......... .......... .......... .......... .......... 14% 41.7M 1s
-  7600K .......... .......... .......... .......... .......... 14% 95.0M 1s
-  7650K .......... .......... .......... .......... .......... 14%  236M 1s
-  7700K .......... .......... .......... .......... .......... 14%  204M 1s
-  7750K .......... .......... .......... .......... .......... 14%  175M 1s
-  7800K .......... .......... .......... .......... .......... 14%  176M 1s
-  7850K .......... .......... .......... .......... .......... 14%  245M 1s
-  7900K .......... .......... .......... .......... .......... 14% 21.4M 1s
-  7950K .......... .......... .......... .......... .......... 14% 74.4M 1s
-  8000K .......... .......... .......... .......... .......... 15% 59.7M 1s
-  8050K .......... .......... .......... .......... .......... 15% 78.4M 1s
-  8100K .......... .......... .......... .......... .......... 15% 54.7M 1s
-  8150K .......... .......... .......... .......... .......... 15% 80.3M 1s
-  8200K .......... .......... .......... .......... .......... 15% 61.8M 1s
-  8250K .......... .......... .......... .......... .......... 15% 65.0M 1s
-  8300K .......... .......... .......... .......... .......... 15%  207M 1s
-  8350K .......... .......... .......... .......... .......... 15%  240M 1s
-  8400K .......... .......... .......... .......... .......... 15% 74.6M 1s
-  8450K .......... .......... .......... .......... .......... 15% 65.3M 1s
-  8500K .......... .......... .......... .......... .......... 16% 96.1M 1s
-  8550K .......... .......... .......... .......... .......... 16%  238M 1s
-  8600K .......... .......... .......... .......... .......... 16% 61.3M 1s
-  8650K .......... .......... .......... .......... .......... 16% 52.8M 1s
-  8700K .......... .......... .......... .......... .......... 16% 55.1M 1s
-  8750K .......... .......... .......... .......... .......... 16% 58.2M 1s
-  8800K .......... .......... .......... .......... .......... 16%  242M 1s
-  8850K .......... .......... .......... .......... .......... 16%  252M 1s
-  8900K .......... .......... .......... .......... .......... 16%  215M 1s
-  8950K .......... .......... .......... .......... .......... 16% 32.2M 1s
-  9000K .......... .......... .......... .......... .......... 16%  240M 1s
-  9050K .......... .......... .......... .......... .......... 17%  213M 1s
-  9100K .......... .......... .......... .......... .......... 17% 31.0M 1s
-  9150K .......... .......... .......... .......... .......... 17% 71.7M 1s
-  9200K .......... .......... .......... .......... .......... 17%  113M 1s
-  9250K .......... .......... .......... .......... .......... 17%  252M 1s
-  9300K .......... .......... .......... .......... .......... 17%  207M 1s
-  9350K .......... .......... .......... .......... .......... 17% 31.3M 1s
-  9400K .......... .......... .......... .......... .......... 17% 53.0M 1s
-  9450K .......... .......... .......... .......... .......... 17% 78.1M 1s
-  9500K .......... .......... .......... .......... .......... 17%  102M 1s
-  9550K .......... .......... .......... .......... .......... 17%  250M 1s
-  9600K .......... .......... .......... .......... .......... 18%  244M 1s
-  9650K .......... .......... .......... .......... .......... 18% 55.4M 1s
-  9700K .......... .......... .......... .......... .......... 18% 64.1M 1s
-  9750K .......... .......... .......... .......... .......... 18% 73.6M 1s
-  9800K .......... .......... .......... .......... .......... 18% 71.1M 1s
-  9850K .......... .......... .......... .......... .......... 18% 61.0M 1s
-  9900K .......... .......... .......... .......... .......... 18%  108M 1s
-  9950K .......... .......... .......... .......... .......... 18%  168M 1s
- 10000K .......... .......... .......... .......... .......... 18%  256M 1s
- 10050K .......... .......... .......... .......... .......... 18%  241M 1s
- 10100K .......... .......... .......... .......... .......... 19% 24.0M 1s
- 10150K .......... .......... .......... .......... .......... 19% 57.7M 1s
- 10200K .......... .......... .......... .......... .......... 19% 68.4M 1s
- 10250K .......... .......... .......... .......... .......... 19%  101M 1s
- 10300K .......... .......... .......... .......... .......... 19%  198M 1s
- 10350K .......... .......... .......... .......... .......... 19%  172M 1s
- 10400K .......... .......... .......... .......... .......... 19% 59.7M 1s
- 10450K .......... .......... .......... .......... .......... 19% 67.3M 1s
- 10500K .......... .......... .......... .......... .......... 19% 83.8M 1s
- 10550K .......... .......... .......... .......... .......... 19%  249M 1s
- 10600K .......... .......... .......... .......... .......... 19%  164M 1s
- 10650K .......... .......... .......... .......... .......... 20% 40.6M 1s
- 10700K .......... .......... .......... .......... .......... 20% 65.4M 1s
- 10750K .......... .......... .......... .......... .......... 20%  240M 1s
- 10800K .......... .......... .......... .......... .......... 20%  248M 1s
- 10850K .......... .......... .......... .......... .......... 20%  240M 1s
- 10900K .......... .......... .......... .......... .......... 20%  221M 1s
- 10950K .......... .......... .......... .......... .......... 20% 35.4M 1s
- 11000K .......... .......... .......... .......... .......... 20% 58.5M 1s
- 11050K .......... .......... .......... .......... .......... 20%  245M 1s
- 11100K .......... .......... .......... .......... .......... 20%  127M 1s
- 11150K .......... .......... .......... .......... .......... 20% 56.6M 1s
- 11200K .......... .......... .......... .......... .......... 21% 74.0M 1s
- 11250K .......... .......... .......... .......... .......... 21% 60.8M 1s
- 11300K .......... .......... .......... .......... .......... 21%  116M 1s
- 11350K .......... .......... .......... .......... .......... 21%  219M 1s
- 11400K .......... .......... .......... .......... .......... 21%  192M 1s
- 11450K .......... .......... .......... .......... .......... 21% 32.9M 1s
- 11500K .......... .......... .......... .......... .......... 21% 60.0M 1s
- 11550K .......... .......... .......... .......... .......... 21% 55.1M 1s
- 11600K .......... .......... .......... .......... .......... 21%  110M 1s
- 11650K .......... .......... .......... .......... .......... 21%  233M 1s
- 11700K .......... .......... .......... .......... .......... 22%  219M 1s
- 11750K .......... .......... .......... .......... .......... 22%  226M 1s
- 11800K .......... .......... .......... .......... .......... 22%  223M 1s
- 11850K .......... .......... .......... .......... .......... 22%  226M 1s
- 11900K .......... .......... .......... .......... .......... 22%  210M 1s
- 11950K .......... .......... .......... .......... .......... 22%  153M 1s
- 12000K .......... .......... .......... .......... .......... 22% 57.6M 1s
- 12050K .......... .......... .......... .......... .......... 22% 66.7M 1s
- 12100K .......... .......... .......... .......... .......... 22% 65.9M 1s
- 12150K .......... .......... .......... .......... .......... 22% 78.9M 1s
- 12200K .......... .......... .......... .......... .......... 22%  172M 1s
- 12250K .......... .......... .......... .......... .......... 23%  168M 1s
- 12300K .......... .......... .......... .......... .......... 23%  125M 1s
- 12350K .......... .......... .......... .......... .......... 23%  136M 1s
- 12400K .......... .......... .......... .......... .......... 23%  178M 1s
- 12450K .......... .......... .......... .......... .......... 23%  171M 1s
- 12500K .......... .......... .......... .......... .......... 23%  107M 1s
- 12550K .......... .......... .......... .......... .......... 23%  182M 1s
- 12600K .......... .......... .......... .......... .......... 23%  163M 1s
- 12650K .......... .......... .......... .......... .......... 23%  122M 1s
- 12700K .......... .......... .......... .......... .......... 23%  143M 1s
- 12750K .......... .......... .......... .......... .......... 23%  217M 1s
- 12800K .......... .......... .......... .......... .......... 24%  231M 1s
- 12850K .......... .......... .......... .......... .......... 24%  225M 1s
- 12900K .......... .......... .......... .......... .......... 24%  216M 1s
- 12950K .......... .......... .......... .......... .......... 24%  257M 1s
- 13000K .......... .......... .......... .......... .......... 24%  204M 1s
- 13050K .......... .......... .......... .......... .......... 24%  175M 1s
- 13100K .......... .......... .......... .......... .......... 24%  213M 1s
- 13150K .......... .......... .......... .......... .......... 24%  244M 1s
- 13200K .......... .......... .......... .......... .......... 24%  222M 1s
- 13250K .......... .......... .......... .......... .......... 24%  158M 1s
- 13300K .......... .......... .......... .......... .......... 24%  174M 1s
- 13350K .......... .......... .......... .......... .......... 25%  122M 1s
- 13400K .......... .......... .......... .......... .......... 25%  166M 1s
- 13450K .......... .......... .......... .......... .......... 25%  186M 1s
- 13500K .......... .......... .......... .......... .......... 25%  134M 1s
- 13550K .......... .......... .......... .......... .......... 25%  172M 1s
- 13600K .......... .......... .......... .......... .......... 25%  183M 1s
- 13650K .......... .......... .......... .......... .......... 25%  167M 1s
- 13700K .......... .......... .......... .......... .......... 25%  140M 1s
- 13750K .......... .......... .......... .......... .......... 25%  188M 1s
- 13800K .......... .......... .......... .......... .......... 25%  188M 1s
- 13850K .......... .......... .......... .......... .......... 26%  128M 1s
- 13900K .......... .......... .......... .......... .......... 26%  124M 1s
- 13950K .......... .......... .......... .......... .......... 26%  127M 1s
- 14000K .......... .......... .......... .......... .......... 26%  164M 1s
- 14050K .......... .......... .......... .......... .......... 26%  175M 1s
- 14100K .......... .......... .......... .......... .......... 26%  155M 1s
- 14150K .......... .......... .......... .......... .......... 26%  145M 1s
- 14200K .......... .......... .......... .......... .......... 26%  175M 1s
- 14250K .......... .......... .......... .......... .......... 26%  171M 1s
- 14300K .......... .......... .......... .......... .......... 26%  148M 1s
- 14350K .......... .......... .......... .......... .......... 26%  144M 1s
- 14400K .......... .......... .......... .......... .......... 27%  122M 1s
- 14450K .......... .......... .......... .......... .......... 27%  171M 1s
- 14500K .......... .......... .......... .......... .......... 27%  147M 1s
- 14550K .......... .......... .......... .......... .......... 27%  167M 1s
- 14600K .......... .......... .......... .......... .......... 27%  131M 1s
- 14650K .......... .......... .......... .......... .......... 27%  149M 1s
- 14700K .......... .......... .......... .......... .......... 27%  116M 1s
- 14750K .......... .......... .......... .......... .......... 27%  154M 1s
- 14800K .......... .......... .......... .......... .......... 27%  174M 1s
- 14850K .......... .......... .......... .......... .......... 27%  163M 1s
- 14900K .......... .......... .......... .......... .......... 27% 97.2M 1s
- 14950K .......... .......... .......... .......... .......... 28%  186M 1s
- 15000K .......... .......... .......... .......... .......... 28%  173M 1s
- 15050K .......... .......... .......... .......... .......... 28%  158M 1s
- 15100K .......... .......... .......... .......... .......... 28%  177M 1s
- 15150K .......... .......... .......... .......... .......... 28%  212M 1s
- 15200K .......... .......... .......... .......... .......... 28%  127M 1s
- 15250K .......... .......... .......... .......... .......... 28%  150M 1s
- 15300K .......... .......... .......... .......... .......... 28%  162M 1s
- 15350K .......... .......... .......... .......... .......... 28%  201M 1s
- 15400K .......... .......... .......... .......... .......... 28%  158M 1s
- 15450K .......... .......... .......... .......... .......... 29%  103M 1s
- 15500K .......... .......... .......... .......... .......... 29%  137M 1s
- 15550K .......... .......... .......... .......... .......... 29%  114M 1s
- 15600K .......... .......... .......... .......... .......... 29%  171M 1s
- 15650K .......... .......... .......... .......... .......... 29%  176M 1s
- 15700K .......... .......... .......... .......... .......... 29%  115M 1s
- 15750K .......... .......... .......... .......... .......... 29%  183M 1s
- 15800K .......... .......... .......... .......... .......... 29%  199M 1s
- 15850K .......... .......... .......... .......... .......... 29%  113M 1s
- 15900K .......... .......... .......... .......... .......... 29%  127M 1s
- 15950K .......... .......... .......... .......... .......... 29%  205M 1s
- 16000K .......... .......... .......... .......... .......... 30%  109M 1s
- 16050K .......... .......... .......... .......... .......... 30%  187M 1s
- 16100K .......... .......... .......... .......... .......... 30%  170M 1s
- 16150K .......... .......... .......... .......... .......... 30%  155M 1s
- 16200K .......... .......... .......... .......... .......... 30%  137M 1s
- 16250K .......... .......... .......... .......... .......... 30%  162M 1s
- 16300K .......... .......... .......... .......... .......... 30%  140M 1s
- 16350K .......... .......... .......... .......... .......... 30%  160M 1s
- 16400K .......... .......... .......... .......... .......... 30%  103M 1s
- 16450K .......... .......... .......... .......... .......... 30%  170M 1s
- 16500K .......... .......... .......... .......... .......... 30%  164M 1s
- 16550K .......... .......... .......... .......... .......... 31%  171M 1s
- 16600K .......... .......... .......... .......... .......... 31%  156M 1s
- 16650K .......... .......... .......... .......... .......... 31%  107M 1s
- 16700K .......... .......... .......... .......... .......... 31% 97.5M 1s
- 16750K .......... .......... .......... .......... .......... 31%  174M 1s
- 16800K .......... .......... .......... .......... .......... 31%  165M 1s
- 16850K .......... .......... .......... .......... .......... 31%  119M 1s
- 16900K .......... .......... .......... .......... .......... 31%  125M 0s
- 16950K .......... .......... .......... .......... .......... 31%  180M 0s
- 17000K .......... .......... .......... .......... .......... 31%  167M 0s
- 17050K .......... .......... .......... .......... .......... 32%  173M 0s
- 17100K .......... .......... .......... .......... .......... 32%  159M 0s
- 17150K .......... .......... .......... .......... .......... 32%  198M 0s
- 17200K .......... .......... .......... .......... .......... 32%  120M 0s
- 17250K .......... .......... .......... .......... .......... 32%  241M 0s
- 17300K .......... .......... .......... .......... .......... 32%  227M 0s
- 17350K .......... .......... .......... .......... .......... 32%  246M 0s
- 17400K .......... .......... .......... .......... .......... 32%  200M 0s
- 17450K .......... .......... .......... .......... .......... 32%  168M 0s
- 17500K .......... .......... .......... .......... .......... 32% 94.6M 0s
- 17550K .......... .......... .......... .......... .......... 32%  167M 0s
- 17600K .......... .......... .......... .......... .......... 33%  186M 0s
- 17650K .......... .......... .......... .......... .......... 33%  144M 0s
- 17700K .......... .......... .......... .......... .......... 33%  122M 0s
- 17750K .......... .......... .......... .......... .......... 33%  164M 0s
- 17800K .......... .......... .......... .......... .......... 33%  169M 0s
- 17850K .......... .......... .......... .......... .......... 33%  190M 0s
- 17900K .......... .......... .......... .......... .......... 33%  141M 0s
- 17950K .......... .......... .......... .......... .......... 33%  110M 0s
- 18000K .......... .......... .......... .......... .......... 33%  162M 0s
- 18050K .......... .......... .......... .......... .......... 33%  178M 0s
- 18100K .......... .......... .......... .......... .......... 33%  104M 0s
- 18150K .......... .......... .......... .......... .......... 34%  162M 0s
- 18200K .......... .......... .......... .......... .......... 34%  138M 0s
- 18250K .......... .......... .......... .......... .......... 34%  126M 0s
- 18300K .......... .......... .......... .......... .......... 34%  144M 0s
- 18350K .......... .......... .......... .......... .......... 34%  173M 0s
- 18400K .......... .......... .......... .......... .......... 34%  187M 0s
- 18450K .......... .......... .......... .......... .......... 34%  124M 0s
- 18500K .......... .......... .......... .......... .......... 34%  148M 0s
- 18550K .......... .......... .......... .......... .......... 34% 68.1M 0s
- 18600K .......... .......... .......... .......... .......... 34%  125M 0s
- 18650K .......... .......... .......... .......... .......... 35% 79.4M 0s
- 18700K .......... .......... .......... .......... .......... 35%  119M 0s
- 18750K .......... .......... .......... .......... .......... 35%  151M 0s
- 18800K .......... .......... .......... .......... .......... 35%  152M 0s
- 18850K .......... .......... .......... .......... .......... 35%  124M 0s
- 18900K .......... .......... .......... .......... .......... 35%  204M 0s
- 18950K .......... .......... .......... .......... .......... 35%  216M 0s
- 19000K .......... .......... .......... .......... .......... 35%  214M 0s
- 19050K .......... .......... .......... .......... .......... 35%  186M 0s
- 19100K .......... .......... .......... .......... .......... 35%  150M 0s
- 19150K .......... .......... .......... .......... .......... 35%  202M 0s
- 19200K .......... .......... .......... .......... .......... 36%  227M 0s
- 19250K .......... .......... .......... .......... .......... 36%  170M 0s
- 19300K .......... .......... .......... .......... .......... 36%  140M 0s
- 19350K .......... .......... .......... .......... .......... 36%  178M 0s
- 19400K .......... .......... .......... .......... .......... 36%  172M 0s
- 19450K .......... .......... .......... .......... .......... 36%  179M 0s
- 19500K .......... .......... .......... .......... .......... 36% 95.4M 0s
- 19550K .......... .......... .......... .......... .......... 36%  161M 0s
- 19600K .......... .......... .......... .......... .......... 36%  123M 0s
- 19650K .......... .......... .......... .......... .......... 36%  205M 0s
- 19700K .......... .......... .......... .......... .......... 36%  134M 0s
- 19750K .......... .......... .......... .......... .......... 37%  159M 0s
- 19800K .......... .......... .......... .......... .......... 37%  167M 0s
- 19850K .......... .......... .......... .......... .......... 37%  180M 0s
- 19900K .......... .......... .......... .......... .......... 37%  109M 0s
- 19950K .......... .......... .......... .......... .......... 37%  137M 0s
- 20000K .......... .......... .......... .......... .......... 37%  183M 0s
- 20050K .......... .......... .......... .......... .......... 37%  108M 0s
- 20100K .......... .......... .......... .......... .......... 37%  156M 0s
- 20150K .......... .......... .......... .......... .......... 37%  188M 0s
- 20200K .......... .......... .......... .......... .......... 37%  146M 0s
- 20250K .......... .......... .......... .......... .......... 38%  120M 0s
- 20300K .......... .......... .......... .......... .......... 38%  143M 0s
- 20350K .......... .......... .......... .......... .......... 38%  157M 0s
- 20400K .......... .......... .......... .......... .......... 38%  166M 0s
- 20450K .......... .......... .......... .......... .......... 38%  102M 0s
- 20500K .......... .......... .......... .......... .......... 38%  173M 0s
- 20550K .......... .......... .......... .......... .......... 38%  162M 0s
- 20600K .......... .......... .......... .......... .......... 38%  155M 0s
- 20650K .......... .......... .......... .......... .......... 38%  169M 0s
- 20700K .......... .......... .......... .......... .......... 38%  136M 0s
- 20750K .......... .......... .......... .......... .......... 38%  162M 0s
- 20800K .......... .......... .......... .......... .......... 39%  183M 0s
- 20850K .......... .......... .......... .......... .......... 39%  217M 0s
- 20900K .......... .......... .......... .......... .......... 39%  262M 0s
- 20950K .......... .......... .......... .......... .......... 39%  207M 0s
- 21000K .......... .......... .......... .......... .......... 39%  217M 0s
- 21050K .......... .......... .......... .......... .......... 39%  128M 0s
- 21100K .......... .......... .......... .......... .......... 39%  185M 0s
- 21150K .......... .......... .......... .......... .......... 39%  150M 0s
- 21200K .......... .......... .......... .......... .......... 39%  139M 0s
- 21250K .......... .......... .......... .......... .......... 39%  184M 0s
- 21300K .......... .......... .......... .......... .......... 39%  177M 0s
- 21350K .......... .......... .......... .......... .......... 40% 80.9M 0s
- 21400K .......... .......... .......... .......... .......... 40%  159M 0s
- 21450K .......... .......... .......... .......... .......... 40%  174M 0s
- 21500K .......... .......... .......... .......... .......... 40%  151M 0s
- 21550K .......... .......... .......... .......... .......... 40% 94.2M 0s
- 21600K .......... .......... .......... .......... .......... 40%  198M 0s
- 21650K .......... .......... .......... .......... .......... 40%  182M 0s
- 21700K .......... .......... .......... .......... .......... 40%  158M 0s
- 21750K .......... .......... .......... .......... .......... 40%  157M 0s
- 21800K .......... .......... .......... .......... .......... 40%  155M 0s
- 21850K .......... .......... .......... .......... .......... 41%  183M 0s
- 21900K .......... .......... .......... .......... .......... 41%  180M 0s
- 21950K .......... .......... .......... .......... .......... 41%  146M 0s
- 22000K .......... .......... .......... .......... .......... 41%  157M 0s
- 22050K .......... .......... .......... .......... .......... 41%  103M 0s
- 22100K .......... .......... .......... .......... .......... 41%  156M 0s
- 22150K .......... .......... .......... .......... .......... 41%  109M 0s
- 22200K .......... .......... .......... .......... .......... 41%  189M 0s
- 22250K .......... .......... .......... .......... .......... 41%  170M 0s
- 22300K .......... .......... .......... .......... .......... 41%  138M 0s
- 22350K .......... .......... .......... .......... .......... 41%  119M 0s
- 22400K .......... .......... .......... .......... .......... 42%  160M 0s
- 22450K .......... .......... .......... .......... .......... 42%  174M 0s
- 22500K .......... .......... .......... .......... .......... 42%  126M 0s
- 22550K .......... .......... .......... .......... .......... 42%  140M 0s
- 22600K .......... .......... .......... .......... .......... 42%  188M 0s
- 22650K .......... .......... .......... .......... .......... 42%  150M 0s
- 22700K .......... .......... .......... .......... .......... 42%  151M 0s
- 22750K .......... .......... .......... .......... .......... 42%  116M 0s
- 22800K .......... .......... .......... .......... .......... 42%  204M 0s
- 22850K .......... .......... .......... .......... .......... 42%  166M 0s
- 22900K .......... .......... .......... .......... .......... 42%  179M 0s
- 22950K .......... .......... .......... .......... .......... 43%  180M 0s
- 23000K .......... .......... .......... .......... .......... 43%  181M 0s
- 23050K .......... .......... .......... .......... .......... 43%  122M 0s
- 23100K .......... .......... .......... .......... .......... 43%  194M 0s
- 23150K .......... .......... .......... .......... .......... 43%  214M 0s
- 23200K .......... .......... .......... .......... .......... 43%  252M 0s
- 23250K .......... .......... .......... .......... .......... 43%  240M 0s
- 23300K .......... .......... .......... .......... .......... 43%  198M 0s
- 23350K .......... .......... .......... .......... .......... 43%  234M 0s
- 23400K .......... .......... .......... .......... .......... 43%  262M 0s
- 23450K .......... .......... .......... .......... .......... 44%  222M 0s
- 23500K .......... .......... .......... .......... .......... 44%  230M 0s
- 23550K .......... .......... .......... .......... .......... 44% 95.4M 0s
- 23600K .......... .......... .......... .......... .......... 44%  176M 0s
- 23650K .......... .......... .......... .......... .......... 44%  178M 0s
- 23700K .......... .......... .......... .......... .......... 44%  130M 0s
- 23750K .......... .......... .......... .......... .......... 44% 98.7M 0s
- 23800K .......... .......... .......... .......... .......... 44%  159M 0s
- 23850K .......... .......... .......... .......... .......... 44%  178M 0s
- 23900K .......... .......... .......... .......... .......... 44%  169M 0s
- 23950K .......... .......... .......... .......... .......... 44%  145M 0s
- 24000K .......... .......... .......... .......... .......... 45%  184M 0s
- 24050K .......... .......... .......... .......... .......... 45%  167M 0s
- 24100K .......... .......... .......... .......... .......... 45%  181M 0s
- 24150K .......... .......... .......... .......... .......... 45%  175M 0s
- 24200K .......... .......... .......... .......... .......... 45%  191M 0s
- 24250K .......... .......... .......... .......... .......... 45%  104M 0s
- 24300K .......... .......... .......... .......... .......... 45%  174M 0s
- 24350K .......... .......... .......... .......... .......... 45% 88.2M 0s
- 24400K .......... .......... .......... .......... .......... 45%  173M 0s
- 24450K .......... .......... .......... .......... .......... 45%  185M 0s
- 24500K .......... .......... .......... .......... .......... 45%  123M 0s
- 24550K .......... .......... .......... .......... .......... 46%  139M 0s
- 24600K .......... .......... .......... .......... .......... 46%  177M 0s
- 24650K .......... .......... .......... .......... .......... 46%  217M 0s
- 24700K .......... .......... .......... .......... .......... 46%  169M 0s
- 24750K .......... .......... .......... .......... .......... 46%  185M 0s
- 24800K .......... .......... .......... .......... .......... 46%  165M 0s
- 24850K .......... .......... .......... .......... .......... 46%  181M 0s
- 24900K .......... .......... .......... .......... .......... 46%  176M 0s
- 24950K .......... .......... .......... .......... .......... 46%  118M 0s
- 25000K .......... .......... .......... .......... .......... 46%  157M 0s
- 25050K .......... .......... .......... .......... .......... 47%  106M 0s
- 25100K .......... .......... .......... .......... .......... 47%  189M 0s
- 25150K .......... .......... .......... .......... .......... 47%  143M 0s
- 25200K .......... .......... .......... .......... .......... 47%  177M 0s
- 25250K .......... .......... .......... .......... .......... 47%  142M 0s
- 25300K .......... .......... .......... .......... .......... 47%  121M 0s
- 25350K .......... .......... .......... .......... .......... 47%  147M 0s
- 25400K .......... .......... .......... .......... .......... 47%  170M 0s
- 25450K .......... .......... .......... .......... .......... 47%  193M 0s
- 25500K .......... .......... .......... .......... .......... 47%  221M 0s
- 25550K .......... .......... .......... .......... .......... 47%  145M 0s
- 25600K .......... .......... .......... .......... .......... 48%  191M 0s
- 25650K .......... .......... .......... .......... .......... 48%  140M 0s
- 25700K .......... .......... .......... .......... .......... 48%  258M 0s
- 25750K .......... .......... .......... .......... .......... 48%  232M 0s
- 25800K .......... .......... .......... .......... .......... 48%  263M 0s
- 25850K .......... .......... .......... .......... .......... 48%  159M 0s
- 25900K .......... .......... .......... .......... .......... 48%  157M 0s
- 25950K .......... .......... .......... .......... .......... 48%  133M 0s
- 26000K .......... .......... .......... .......... .......... 48%  175M 0s
- 26050K .......... .......... .......... .......... .......... 48%  178M 0s
- 26100K .......... .......... .......... .......... .......... 48%  177M 0s
- 26150K .......... .......... .......... .......... .......... 49%  162M 0s
- 26200K .......... .......... .......... .......... .......... 49%  167M 0s
- 26250K .......... .......... .......... .......... .......... 49%  185M 0s
- 26300K .......... .......... .......... .......... .......... 49%  161M 0s
- 26350K .......... .......... .......... .......... .......... 49%  137M 0s
- 26400K .......... .......... .......... .......... .......... 49%  140M 0s
- 26450K .......... .......... .......... .......... .......... 49%  104M 0s
- 26500K .......... .......... .......... .......... .......... 49%  123M 0s
- 26550K .......... .......... .......... .......... .......... 49%  115M 0s
- 26600K .......... .......... .......... .......... .......... 49%  164M 0s
- 26650K .......... .......... .......... .......... .......... 49%  239M 0s
- 26700K .......... .......... .......... .......... .......... 50%  235M 0s
- 26750K .......... .......... .......... .......... .......... 50%  147M 0s
- 26800K .......... .......... .......... .......... .......... 50%  183M 0s
- 26850K .......... .......... .......... .......... .......... 50%  145M 0s
- 26900K .......... .......... .......... .......... .......... 50%  121M 0s
- 26950K .......... .......... .......... .......... .......... 50%  147M 0s
- 27000K .......... .......... .......... .......... .......... 50%  183M 0s
- 27050K .......... .......... .......... .......... .......... 50%  172M 0s
- 27100K .......... .......... .......... .......... .......... 50%  125M 0s
- 27150K .......... .......... .......... .......... .......... 50%  118M 0s
- 27200K .......... .......... .......... .......... .......... 51%  181M 0s
- 27250K .......... .......... .......... .......... .......... 51%  150M 0s
- 27300K .......... .......... .......... .......... .......... 51%  168M 0s
- 27350K .......... .......... .......... .......... .......... 51%  140M 0s
- 27400K .......... .......... .......... .......... .......... 51%  169M 0s
- 27450K .......... .......... .......... .......... .......... 51%  175M 0s
- 27500K .......... .......... .......... .......... .......... 51%  150M 0s
- 27550K .......... .......... .......... .......... .......... 51%  148M 0s
- 27600K .......... .......... .......... .......... .......... 51%  164M 0s
- 27650K .......... .......... .......... .......... .......... 51%  184M 0s
- 27700K .......... .......... .......... .......... .......... 51%  186M 0s
- 27750K .......... .......... .......... .......... .......... 52%  160M 0s
- 27800K .......... .......... .......... .......... .......... 52%  185M 0s
- 27850K .......... .......... .......... .......... .......... 52% 90.2M 0s
- 27900K .......... .......... .......... .......... .......... 52%  125M 0s
- 27950K .......... .......... .......... .......... .......... 52%  107M 0s
- 28000K .......... .......... .......... .......... .......... 52%  224M 0s
- 28050K .......... .......... .......... .......... .......... 52%  232M 0s
- 28100K .......... .......... .......... .......... .......... 52%  222M 0s
- 28150K .......... .......... .......... .......... .......... 52%  230M 0s
- 28200K .......... .......... .......... .......... .......... 52%  257M 0s
- 28250K .......... .......... .......... .......... .......... 52%  255M 0s
- 28300K .......... .......... .......... .......... .......... 53%  225M 0s
- 28350K .......... .......... .......... .......... .......... 53%  136M 0s
- 28400K .......... .......... .......... .......... .......... 53%  176M 0s
- 28450K .......... .......... .......... .......... .......... 53%  178M 0s
- 28500K .......... .......... .......... .......... .......... 53%  177M 0s
- 28550K .......... .......... .......... .......... .......... 53%  163M 0s
- 28600K .......... .......... .......... .......... .......... 53%  135M 0s
- 28650K .......... .......... .......... .......... .......... 53% 89.1M 0s
- 28700K .......... .......... .......... .......... .......... 53%  158M 0s
- 28750K .......... .......... .......... .......... .......... 53%  131M 0s
- 28800K .......... .......... .......... .......... .......... 54%  183M 0s
- 28850K .......... .......... .......... .......... .......... 54%  246M 0s
- 28900K .......... .......... .......... .......... .......... 54%  137M 0s
- 28950K .......... .......... .......... .......... .......... 54%  144M 0s
- 29000K .......... .......... .......... .......... .......... 54%  173M 0s
+  6150K .......... .......... .......... .......... .......... 11%  207M 1s
+  6200K .......... .......... .......... .......... .......... 11%  254M 1s
+  6250K .......... .......... .......... .......... .......... 11%  241M 1s
+  6300K .......... .......... .......... .......... .......... 11%  237M 1s
+  6350K .......... .......... .......... .......... .......... 11% 32.8M 1s
+  6400K .......... .......... .......... .......... .......... 12% 52.6M 1s
+  6450K .......... .......... .......... .......... .......... 12%  106M 1s
+  6500K .......... .......... .......... .......... .......... 12%  252M 1s
+  6550K .......... .......... .......... .......... .......... 12%  208M 1s
+  6600K .......... .......... .......... .......... .......... 12% 52.1M 1s
+  6650K .......... .......... .......... .......... .......... 12% 60.3M 1s
+  6700K .......... .......... .......... .......... .......... 12% 70.8M 1s
+  6750K .......... .......... .......... .......... .......... 12% 69.3M 1s
+  6800K .......... .......... .......... .......... .......... 12% 64.0M 1s
+  6850K .......... .......... .......... .......... .......... 12% 78.3M 1s
+  6900K .......... .......... .......... .......... .......... 13% 93.5M 1s
+  6950K .......... .......... .......... .......... .......... 13%  177M 1s
+  7000K .......... .......... .......... .......... .......... 13%  252M 1s
+  7050K .......... .......... .......... .......... .......... 13%  249M 1s
+  7100K .......... .......... .......... .......... .......... 13% 32.9M 1s
+  7150K .......... .......... .......... .......... .......... 13% 85.6M 1s
+  7200K .......... .......... .......... .......... .......... 13% 66.7M 1s
+  7250K .......... .......... .......... .......... .......... 13% 96.6M 1s
+  7300K .......... .......... .......... .......... .......... 13%  195M 1s
+  7350K .......... .......... .......... .......... .......... 13%  232M 1s
+  7400K .......... .......... .......... .......... .......... 13%  252M 1s
+  7450K .......... .......... .......... .......... .......... 14% 36.4M 1s
+  7500K .......... .......... .......... .......... .......... 14% 79.1M 1s
+  7550K .......... .......... .......... .......... .......... 14% 71.7M 1s
+  7600K .......... .......... .......... .......... .......... 14% 94.5M 1s
+  7650K .......... .......... .......... .......... .......... 14%  109M 1s
+  7700K .......... .......... .......... .......... .......... 14% 60.3M 1s
+  7750K .......... .......... .......... .......... .......... 14%  207M 1s
+  7800K .......... .......... .......... .......... .......... 14%  250M 1s
+  7850K .......... .......... .......... .......... .......... 14%  255M 1s
+  7900K .......... .......... .......... .......... .......... 14% 45.7M 1s
+  7950K .......... .......... .......... .......... .......... 14% 58.0M 1s
+  8000K .......... .......... .......... .......... .......... 15% 90.3M 1s
+  8050K .......... .......... .......... .......... .......... 15% 91.8M 1s
+  8100K .......... .......... .......... .......... .......... 15% 84.8M 1s
+  8150K .......... .......... .......... .......... .......... 15%  101M 1s
+  8200K .......... .......... .......... .......... .......... 15%  195M 1s
+  8250K .......... .......... .......... .......... .......... 15%  210M 1s
+  8300K .......... .......... .......... .......... .......... 15% 75.1M 1s
+  8350K .......... .......... .......... .......... .......... 15% 85.5M 1s
+  8400K .......... .......... .......... .......... .......... 15%  247M 1s
+  8450K .......... .......... .......... .......... .......... 15%  211M 1s
+  8500K .......... .......... .......... .......... .......... 16%  230M 1s
+  8550K .......... .......... .......... .......... .......... 16%  226M 1s
+  8600K .......... .......... .......... .......... .......... 16%  256M 1s
+  8650K .......... .......... .......... .......... .......... 16%  254M 1s
+  8700K .......... .......... .......... .......... .......... 16%  111M 1s
+  8750K .......... .......... .......... .......... .......... 16%  151M 1s
+  8800K .......... .......... .......... .......... .......... 16%  221M 1s
+  8850K .......... .......... .......... .......... .......... 16% 42.8M 1s
+  8900K .......... .......... .......... .......... .......... 16% 28.4M 1s
+  8950K .......... .......... .......... .......... .......... 16% 64.2M 1s
+  9000K .......... .......... .......... .......... .......... 16%  123M 1s
+  9050K .......... .......... .......... .......... .......... 17% 62.6M 1s
+  9100K .......... .......... .......... .......... .......... 17%  126M 1s
+  9150K .......... .......... .......... .......... .......... 17%  204M 1s
+  9200K .......... .......... .......... .......... .......... 17%  234M 1s
+  9250K .......... .......... .......... .......... .......... 17%  204M 1s
+  9300K .......... .......... .......... .......... .......... 17%  247M 1s
+  9350K .......... .......... .......... .......... .......... 17%  166M 1s
+  9400K .......... .......... .......... .......... .......... 17% 96.9M 1s
+  9450K .......... .......... .......... .......... .......... 17% 74.7M 1s
+  9500K .......... .......... .......... .......... .......... 17% 86.1M 1s
+  9550K .......... .......... .......... .......... .......... 17% 72.6M 1s
+  9600K .......... .......... .......... .......... .......... 18% 70.2M 1s
+  9650K .......... .......... .......... .......... .......... 18%  153M 1s
+  9700K .......... .......... .......... .......... .......... 18% 85.0M 1s
+  9750K .......... .......... .......... .......... .......... 18% 88.3M 1s
+  9800K .......... .......... .......... .......... .......... 18% 64.0M 1s
+  9850K .......... .......... .......... .......... .......... 18% 90.8M 1s
+  9900K .......... .......... .......... .......... .......... 18%  240M 1s
+  9950K .......... .......... .......... .......... .......... 18%  212M 1s
+ 10000K .......... .......... .......... .......... .......... 18%  249M 1s
+ 10050K .......... .......... .......... .......... .......... 18%  253M 1s
+ 10100K .......... .......... .......... .......... .......... 19% 28.7M 1s
+ 10150K .......... .......... .......... .......... .......... 19% 91.6M 1s
+ 10200K .......... .......... .......... .......... .......... 19%  209M 1s
+ 10250K .......... .......... .......... .......... .......... 19%  245M 1s
+ 10300K .......... .......... .......... .......... .......... 19%  114M 1s
+ 10350K .......... .......... .......... .......... .......... 19% 33.0M 1s
+ 10400K .......... .......... .......... .......... .......... 19% 77.1M 1s
+ 10450K .......... .......... .......... .......... .......... 19%  114M 1s
+ 10500K .......... .......... .......... .......... .......... 19%  214M 1s
+ 10550K .......... .......... .......... .......... .......... 19%  148M 1s
+ 10600K .......... .......... .......... .......... .......... 19%  178M 1s
+ 10650K .......... .......... .......... .......... .......... 20%  217M 1s
+ 10700K .......... .......... .......... .......... .......... 20%  220M 1s
+ 10750K .......... .......... .......... .......... .......... 20% 36.0M 1s
+ 10800K .......... .......... .......... .......... .......... 20% 88.8M 1s
+ 10850K .......... .......... .......... .......... .......... 20% 28.6M 1s
+ 10900K .......... .......... .......... .......... .......... 20% 56.6M 1s
+ 10950K .......... .......... .......... .......... .......... 20% 93.4M 1s
+ 11000K .......... .......... .......... .......... .......... 20% 83.9M 1s
+ 11050K .......... .......... .......... .......... .......... 20% 92.5M 1s
+ 11100K .......... .......... .......... .......... .......... 20%  165M 1s
+ 11150K .......... .......... .......... .......... .......... 20%  209M 1s
+ 11200K .......... .......... .......... .......... .......... 21%  244M 1s
+ 11250K .......... .......... .......... .......... .......... 21% 66.9M 1s
+ 11300K .......... .......... .......... .......... .......... 21%  248M 1s
+ 11350K .......... .......... .......... .......... .......... 21%  225M 1s
+ 11400K .......... .......... .......... .......... .......... 21%  236M 1s
+ 11450K .......... .......... .......... .......... .......... 21%  225M 1s
+ 11500K .......... .......... .......... .......... .......... 21%  246M 1s
+ 11550K .......... .......... .......... .......... .......... 21%  194M 1s
+ 11600K .......... .......... .......... .......... .......... 21%  243M 1s
+ 11650K .......... .......... .......... .......... .......... 21%  169M 1s
+ 11700K .......... .......... .......... .......... .......... 22% 48.3M 1s
+ 11750K .......... .......... .......... .......... .......... 22% 65.1M 1s
+ 11800K .......... .......... .......... .......... .......... 22% 70.7M 1s
+ 11850K .......... .......... .......... .......... .......... 22%  111M 1s
+ 11900K .......... .......... .......... .......... .......... 22%  106M 1s
+ 11950K .......... .......... .......... .......... .......... 22% 49.5M 1s
+ 12000K .......... .......... .......... .......... .......... 22% 78.8M 1s
+ 12050K .......... .......... .......... .......... .......... 22% 81.1M 1s
+ 12100K .......... .......... .......... .......... .......... 22%  102M 1s
+ 12150K .......... .......... .......... .......... .......... 22%  218M 1s
+ 12200K .......... .......... .......... .......... .......... 22%  241M 1s
+ 12250K .......... .......... .......... .......... .......... 23% 69.5M 1s
+ 12300K .......... .......... .......... .......... .......... 23% 93.4M 1s
+ 12350K .......... .......... .......... .......... .......... 23% 51.2M 1s
+ 12400K .......... .......... .......... .......... .......... 23%  129M 1s
+ 12450K .......... .......... .......... .......... .......... 23% 62.2M 1s
+ 12500K .......... .......... .......... .......... .......... 23% 58.2M 1s
+ 12550K .......... .......... .......... .......... .......... 23%  106M 1s
+ 12600K .......... .......... .......... .......... .......... 23% 72.8M 1s
+ 12650K .......... .......... .......... .......... .......... 23% 61.6M 1s
+ 12700K .......... .......... .......... .......... .......... 23%  104M 1s
+ 12750K .......... .......... .......... .......... .......... 23% 57.4M 1s
+ 12800K .......... .......... .......... .......... .......... 24%  196M 1s
+ 12850K .......... .......... .......... .......... .......... 24%  202M 1s
+ 12900K .......... .......... .......... .......... .......... 24%  220M 1s
+ 12950K .......... .......... .......... .......... .......... 24% 36.7M 1s
+ 13000K .......... .......... .......... .......... .......... 24% 37.2M 1s
+ 13050K .......... .......... .......... .......... .......... 24%  191M 1s
+ 13100K .......... .......... .......... .......... .......... 24%  190M 1s
+ 13150K .......... .......... .......... .......... .......... 24%  130M 1s
+ 13200K .......... .......... .......... .......... .......... 24% 54.7M 1s
+ 13250K .......... .......... .......... .......... .......... 24% 65.2M 1s
+ 13300K .......... .......... .......... .......... .......... 24% 58.9M 1s
+ 13350K .......... .......... .......... .......... .......... 25%  173M 1s
+ 13400K .......... .......... .......... .......... .......... 25%  194M 1s
+ 13450K .......... .......... .......... .......... .......... 25%  206M 1s
+ 13500K .......... .......... .......... .......... .......... 25%  193M 1s
+ 13550K .......... .......... .......... .......... .......... 25% 96.7M 1s
+ 13600K .......... .......... .......... .......... .......... 25% 62.9M 1s
+ 13650K .......... .......... .......... .......... .......... 25% 71.9M 1s
+ 13700K .......... .......... .......... .......... .......... 25%  102M 1s
+ 13750K .......... .......... .......... .......... .......... 25% 54.9M 1s
+ 13800K .......... .......... .......... .......... .......... 25% 82.7M 1s
+ 13850K .......... .......... .......... .......... .......... 26% 69.6M 1s
+ 13900K .......... .......... .......... .......... .......... 26% 76.6M 1s
+ 13950K .......... .......... .......... .......... .......... 26% 80.0M 1s
+ 14000K .......... .......... .......... .......... .......... 26%  240M 1s
+ 14050K .......... .......... .......... .......... .......... 26%  227M 1s
+ 14100K .......... .......... .......... .......... .......... 26%  104M 1s
+ 14150K .......... .......... .......... .......... .......... 26%  218M 1s
+ 14200K .......... .......... .......... .......... .......... 26%  172M 1s
+ 14250K .......... .......... .......... .......... .......... 26% 45.9M 1s
+ 14300K .......... .......... .......... .......... .......... 26% 69.0M 1s
+ 14350K .......... .......... .......... .......... .......... 26% 86.0M 1s
+ 14400K .......... .......... .......... .......... .......... 27%  240M 1s
+ 14450K .......... .......... .......... .......... .......... 27%  235M 1s
+ 14500K .......... .......... .......... .......... .......... 27%  229M 0s
+ 14550K .......... .......... .......... .......... .......... 27%  221M 0s
+ 14600K .......... .......... .......... .......... .......... 27%  253M 0s
+ 14650K .......... .......... .......... .......... .......... 27%  218M 0s
+ 14700K .......... .......... .......... .......... .......... 27%  236M 0s
+ 14750K .......... .......... .......... .......... .......... 27% 21.9M 0s
+ 14800K .......... .......... .......... .......... .......... 27% 44.3M 0s
+ 14850K .......... .......... .......... .......... .......... 27%  108M 0s
+ 14900K .......... .......... .......... .......... .......... 27%  252M 0s
+ 14950K .......... .......... .......... .......... .......... 28%  204M 0s
+ 15000K .......... .......... .......... .......... .......... 28% 89.7M 0s
+ 15050K .......... .......... .......... .......... .......... 28% 58.1M 0s
+ 15100K .......... .......... .......... .......... .......... 28% 66.8M 0s
+ 15150K .......... .......... .......... .......... .......... 28% 93.6M 0s
+ 15200K .......... .......... .......... .......... .......... 28%  127M 0s
+ 15250K .......... .......... .......... .......... .......... 28% 69.3M 0s
+ 15300K .......... .......... .......... .......... .......... 28% 71.9M 0s
+ 15350K .......... .......... .......... .......... .......... 28% 70.2M 0s
+ 15400K .......... .......... .......... .......... .......... 28%  237M 0s
+ 15450K .......... .......... .......... .......... .......... 29%  255M 0s
+ 15500K .......... .......... .......... .......... .......... 29%  257M 0s
+ 15550K .......... .......... .......... .......... .......... 29%  189M 0s
+ 15600K .......... .......... .......... .......... .......... 29%  232M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  244M 0s
+ 15700K .......... .......... .......... .......... .......... 29%  207M 0s
+ 15750K .......... .......... .......... .......... .......... 29%  217M 0s
+ 15800K .......... .......... .......... .......... .......... 29% 30.5M 0s
+ 15850K .......... .......... .......... .......... .......... 29% 97.1M 0s
+ 15900K .......... .......... .......... .......... .......... 29%  235M 0s
+ 15950K .......... .......... .......... .......... .......... 29% 62.6M 0s
+ 16000K .......... .......... .......... .......... .......... 30% 38.6M 0s
+ 16050K .......... .......... .......... .......... .......... 30% 79.8M 0s
+ 16100K .......... .......... .......... .......... .......... 30% 73.4M 0s
+ 16150K .......... .......... .......... .......... .......... 30%  142M 0s
+ 16200K .......... .......... .......... .......... .......... 30% 80.2M 0s
+ 16250K .......... .......... .......... .......... .......... 30%  102M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  104M 0s
+ 16350K .......... .......... .......... .......... .......... 30% 64.5M 0s
+ 16400K .......... .......... .......... .......... .......... 30% 81.2M 0s
+ 16450K .......... .......... .......... .......... .......... 30% 68.1M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  105M 0s
+ 16550K .......... .......... .......... .......... .......... 31%  142M 0s
+ 16600K .......... .......... .......... .......... .......... 31%  247M 0s
+ 16650K .......... .......... .......... .......... .......... 31%  258M 0s
+ 16700K .......... .......... .......... .......... .......... 31%  247M 0s
+ 16750K .......... .......... .......... .......... .......... 31%  101M 0s
+ 16800K .......... .......... .......... .......... .......... 31%  237M 0s
+ 16850K .......... .......... .......... .......... .......... 31%  226M 0s
+ 16900K .......... .......... .......... .......... .......... 31% 60.5M 0s
+ 16950K .......... .......... .......... .......... .......... 31% 44.6M 0s
+ 17000K .......... .......... .......... .......... .......... 31% 79.7M 0s
+ 17050K .......... .......... .......... .......... .......... 32% 77.6M 0s
+ 17100K .......... .......... .......... .......... .......... 32%  112M 0s
+ 17150K .......... .......... .......... .......... .......... 32% 95.6M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  137M 0s
+ 17250K .......... .......... .......... .......... .......... 32%  249M 0s
+ 17300K .......... .......... .......... .......... .......... 32%  240M 0s
+ 17350K .......... .......... .......... .......... .......... 32%  231M 0s
+ 17400K .......... .......... .......... .......... .......... 32% 71.2M 0s
+ 17450K .......... .......... .......... .......... .......... 32%  110M 0s
+ 17500K .......... .......... .......... .......... .......... 32% 38.1M 0s
+ 17550K .......... .......... .......... .......... .......... 32% 66.0M 0s
+ 17600K .......... .......... .......... .......... .......... 33% 94.0M 0s
+ 17650K .......... .......... .......... .......... .......... 33% 97.0M 0s
+ 17700K .......... .......... .......... .......... .......... 33%  228M 0s
+ 17750K .......... .......... .......... .......... .......... 33%  226M 0s
+ 17800K .......... .......... .......... .......... .......... 33% 61.4M 0s
+ 17850K .......... .......... .......... .......... .......... 33%  121M 0s
+ 17900K .......... .......... .......... .......... .......... 33%  244M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  132M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  246M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  243M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  253M 0s
+ 18150K .......... .......... .......... .......... .......... 34% 67.4M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  145M 0s
+ 18250K .......... .......... .......... .......... .......... 34% 81.0M 0s
+ 18300K .......... .......... .......... .......... .......... 34% 70.1M 0s
+ 18350K .......... .......... .......... .......... .......... 34% 60.2M 0s
+ 18400K .......... .......... .......... .......... .......... 34% 77.4M 0s
+ 18450K .......... .......... .......... .......... .......... 34% 86.6M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  105M 0s
+ 18550K .......... .......... .......... .......... .......... 34%  115M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  109M 0s
+ 18650K .......... .......... .......... .......... .......... 35%  251M 0s
+ 18700K .......... .......... .......... .......... .......... 35%  237M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  198M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  264M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  252M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  252M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  171M 0s
+ 19000K .......... .......... .......... .......... .......... 35% 96.6M 0s
+ 19050K .......... .......... .......... .......... .......... 35% 74.5M 0s
+ 19100K .......... .......... .......... .......... .......... 35% 82.0M 0s
+ 19150K .......... .......... .......... .......... .......... 35% 79.9M 0s
+ 19200K .......... .......... .......... .......... .......... 36% 90.4M 0s
+ 19250K .......... .......... .......... .......... .......... 36%  146M 0s
+ 19300K .......... .......... .......... .......... .......... 36% 94.1M 0s
+ 19350K .......... .......... .......... .......... .......... 36% 69.0M 0s
+ 19400K .......... .......... .......... .......... .......... 36% 79.1M 0s
+ 19450K .......... .......... .......... .......... .......... 36% 65.0M 0s
+ 19500K .......... .......... .......... .......... .......... 36% 88.0M 0s
+ 19550K .......... .......... .......... .......... .......... 36% 71.2M 0s
+ 19600K .......... .......... .......... .......... .......... 36% 72.3M 0s
+ 19650K .......... .......... .......... .......... .......... 36% 84.5M 0s
+ 19700K .......... .......... .......... .......... .......... 36%  142M 0s
+ 19750K .......... .......... .......... .......... .......... 37%  194M 0s
+ 19800K .......... .......... .......... .......... .......... 37%  233M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  213M 0s
+ 19900K .......... .......... .......... .......... .......... 37% 95.8M 0s
+ 19950K .......... .......... .......... .......... .......... 37% 72.7M 0s
+ 20000K .......... .......... .......... .......... .......... 37%  151M 0s
+ 20050K .......... .......... .......... .......... .......... 37%  190M 0s
+ 20100K .......... .......... .......... .......... .......... 37%  214M 0s
+ 20150K .......... .......... .......... .......... .......... 37%  255M 0s
+ 20200K .......... .......... .......... .......... .......... 37%  257M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  142M 0s
+ 20300K .......... .......... .......... .......... .......... 38%  199M 0s
+ 20350K .......... .......... .......... .......... .......... 38% 73.3M 0s
+ 20400K .......... .......... .......... .......... .......... 38% 57.1M 0s
+ 20450K .......... .......... .......... .......... .......... 38% 75.0M 0s
+ 20500K .......... .......... .......... .......... .......... 38% 76.9M 0s
+ 20550K .......... .......... .......... .......... .......... 38% 88.6M 0s
+ 20600K .......... .......... .......... .......... .......... 38% 74.6M 0s
+ 20650K .......... .......... .......... .......... .......... 38% 63.9M 0s
+ 20700K .......... .......... .......... .......... .......... 38% 75.6M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  148M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  252M 0s
+ 20850K .......... .......... .......... .......... .......... 39%  226M 0s
+ 20900K .......... .......... .......... .......... .......... 39%  120M 0s
+ 20950K .......... .......... .......... .......... .......... 39%  232M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  240M 0s
+ 21050K .......... .......... .......... .......... .......... 39%  204M 0s
+ 21100K .......... .......... .......... .......... .......... 39%  195M 0s
+ 21150K .......... .......... .......... .......... .......... 39% 38.3M 0s
+ 21200K .......... .......... .......... .......... .......... 39% 58.7M 0s
+ 21250K .......... .......... .......... .......... .......... 39% 80.0M 0s
+ 21300K .......... .......... .......... .......... .......... 39% 88.0M 0s
+ 21350K .......... .......... .......... .......... .......... 40% 86.0M 0s
+ 21400K .......... .......... .......... .......... .......... 40% 78.6M 0s
+ 21450K .......... .......... .......... .......... .......... 40% 68.4M 0s
+ 21500K .......... .......... .......... .......... .......... 40%  243M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  256M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  254M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  233M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  229M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  256M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  260M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  213M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  237M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  180M 0s
+ 22000K .......... .......... .......... .......... .......... 41%  251M 0s
+ 22050K .......... .......... .......... .......... .......... 41% 59.6M 0s
+ 22100K .......... .......... .......... .......... .......... 41% 34.2M 0s
+ 22150K .......... .......... .......... .......... .......... 41% 63.0M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  128M 0s
+ 22250K .......... .......... .......... .......... .......... 41% 53.0M 0s
+ 22300K .......... .......... .......... .......... .......... 41%  113M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  101M 0s
+ 22400K .......... .......... .......... .......... .......... 42% 80.8M 0s
+ 22450K .......... .......... .......... .......... .......... 42% 76.9M 0s
+ 22500K .......... .......... .......... .......... .......... 42% 82.0M 0s
+ 22550K .......... .......... .......... .......... .......... 42% 78.5M 0s
+ 22600K .......... .......... .......... .......... .......... 42% 79.9M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  249M 0s
+ 22700K .......... .......... .......... .......... .......... 42% 74.0M 0s
+ 22750K .......... .......... .......... .......... .......... 42% 58.5M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  171M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  246M 0s
+ 22900K .......... .......... .......... .......... .......... 42% 69.3M 0s
+ 22950K .......... .......... .......... .......... .......... 43%  104M 0s
+ 23000K .......... .......... .......... .......... .......... 43% 63.3M 0s
+ 23050K .......... .......... .......... .......... .......... 43% 99.6M 0s
+ 23100K .......... .......... .......... .......... .......... 43%  211M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  263M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  259M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  140M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  135M 0s
+ 23350K .......... .......... .......... .......... .......... 43% 86.0M 0s
+ 23400K .......... .......... .......... .......... .......... 43% 83.4M 0s
+ 23450K .......... .......... .......... .......... .......... 44% 84.9M 0s
+ 23500K .......... .......... .......... .......... .......... 44% 78.4M 0s
+ 23550K .......... .......... .......... .......... .......... 44% 76.2M 0s
+ 23600K .......... .......... .......... .......... .......... 44% 74.5M 0s
+ 23650K .......... .......... .......... .......... .......... 44% 88.2M 0s
+ 23700K .......... .......... .......... .......... .......... 44% 80.9M 0s
+ 23750K .......... .......... .......... .......... .......... 44% 94.0M 0s
+ 23800K .......... .......... .......... .......... .......... 44%  234M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  252M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  216M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  253M 0s
+ 24000K .......... .......... .......... .......... .......... 45%  243M 0s
+ 24050K .......... .......... .......... .......... .......... 45% 71.0M 0s
+ 24100K .......... .......... .......... .......... .......... 45% 67.5M 0s
+ 24150K .......... .......... .......... .......... .......... 45% 83.3M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  113M 0s
+ 24250K .......... .......... .......... .......... .......... 45% 71.7M 0s
+ 24300K .......... .......... .......... .......... .......... 45% 68.4M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  108M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  112M 0s
+ 24450K .......... .......... .......... .......... .......... 45% 97.6M 0s
+ 24500K .......... .......... .......... .......... .......... 45% 66.3M 0s
+ 24550K .......... .......... .......... .......... .......... 46% 91.1M 0s
+ 24600K .......... .......... .......... .......... .......... 46% 79.1M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  128M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  212M 0s
+ 24750K .......... .......... .......... .......... .......... 46%  261M 0s
+ 24800K .......... .......... .......... .......... .......... 46% 70.9M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  233M 0s
+ 24900K .......... .......... .......... .......... .......... 46%  196M 0s
+ 24950K .......... .......... .......... .......... .......... 46% 96.8M 0s
+ 25000K .......... .......... .......... .......... .......... 46% 39.5M 0s
+ 25050K .......... .......... .......... .......... .......... 47% 69.6M 0s
+ 25100K .......... .......... .......... .......... .......... 47% 68.7M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  231M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  250M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  257M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  218M 0s
+ 25350K .......... .......... .......... .......... .......... 47% 90.9M 0s
+ 25400K .......... .......... .......... .......... .......... 47% 75.6M 0s
+ 25450K .......... .......... .......... .......... .......... 47% 79.2M 0s
+ 25500K .......... .......... .......... .......... .......... 47% 95.6M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  190M 0s
+ 25600K .......... .......... .......... .......... .......... 48% 64.8M 0s
+ 25650K .......... .......... .......... .......... .......... 48% 83.3M 0s
+ 25700K .......... .......... .......... .......... .......... 48% 88.1M 0s
+ 25750K .......... .......... .......... .......... .......... 48% 83.3M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  211M 0s
+ 25850K .......... .......... .......... .......... .......... 48%  224M 0s
+ 25900K .......... .......... .......... .......... .......... 48%  214M 0s
+ 25950K .......... .......... .......... .......... .......... 48% 94.4M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  210M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  245M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  231M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  212M 0s
+ 26200K .......... .......... .......... .......... .......... 49% 70.4M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  102M 0s
+ 26300K .......... .......... .......... .......... .......... 49% 79.8M 0s
+ 26350K .......... .......... .......... .......... .......... 49% 97.2M 0s
+ 26400K .......... .......... .......... .......... .......... 49% 67.3M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  250M 0s
+ 26500K .......... .......... .......... .......... .......... 49%  246M 0s
+ 26550K .......... .......... .......... .......... .......... 49%  118M 0s
+ 26600K .......... .......... .......... .......... .......... 49% 85.4M 0s
+ 26650K .......... .......... .......... .......... .......... 49% 88.9M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  192M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  257M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  209M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  218M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  104M 0s
+ 26950K .......... .......... .......... .......... .......... 50% 28.3M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  131M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  238M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  196M 0s
+ 27150K .......... .......... .......... .......... .......... 50%  126M 0s
+ 27200K .......... .......... .......... .......... .......... 51% 47.1M 0s
+ 27250K .......... .......... .......... .......... .......... 51% 83.5M 0s
+ 27300K .......... .......... .......... .......... .......... 51% 73.9M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  242M 0s
+ 27400K .......... .......... .......... .......... .......... 51% 98.0M 0s
+ 27450K .......... .......... .......... .......... .......... 51% 51.6M 0s
+ 27500K .......... .......... .......... .......... .......... 51% 77.6M 0s
+ 27550K .......... .......... .......... .......... .......... 51% 73.2M 0s
+ 27600K .......... .......... .......... .......... .......... 51%  205M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  253M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  211M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  256M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  261M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  248M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  106M 0s
+ 27950K .......... .......... .......... .......... .......... 52% 65.3M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  146M 0s
+ 28050K .......... .......... .......... .......... .......... 52% 68.0M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  213M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  250M 0s
+ 28200K .......... .......... .......... .......... .......... 52% 49.5M 0s
+ 28250K .......... .......... .......... .......... .......... 52% 50.7M 0s
+ 28300K .......... .......... .......... .......... .......... 53% 56.7M 0s
+ 28350K .......... .......... .......... .......... .......... 53% 81.4M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  139M 0s
+ 28450K .......... .......... .......... .......... .......... 53% 64.0M 0s
+ 28500K .......... .......... .......... .......... .......... 53% 69.7M 0s
+ 28550K .......... .......... .......... .......... .......... 53% 78.0M 0s
+ 28600K .......... .......... .......... .......... .......... 53% 86.4M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  140M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  216M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  258M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  253M 0s
+ 28850K .......... .......... .......... .......... .......... 54% 73.3M 0s
+ 28900K .......... .......... .......... .......... .......... 54% 70.7M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  247M 0s
+ 29000K .......... .......... .......... .......... .......... 54% 80.8M 0s
  29050K .......... .......... .......... .......... .......... 54%  111M 0s
- 29100K .......... .......... .......... .......... .......... 54%  167M 0s
- 29150K .......... .......... .......... .......... .......... 54%  147M 0s
- 29200K .......... .......... .......... .......... .......... 54%  166M 0s
- 29250K .......... .......... .......... .......... .......... 54%  173M 0s
- 29300K .......... .......... .......... .......... .......... 54%  113M 0s
- 29350K .......... .......... .......... .......... .......... 55%  151M 0s
- 29400K .......... .......... .......... .......... .......... 55%  176M 0s
- 29450K .......... .......... .......... .......... .......... 55%  187M 0s
- 29500K .......... .......... .......... .......... .......... 55%  187M 0s
- 29550K .......... .......... .......... .......... .......... 55%  145M 0s
- 29600K .......... .......... .......... .......... .......... 55%  171M 0s
- 29650K .......... .......... .......... .......... .......... 55%  136M 0s
- 29700K .......... .......... .......... .......... .......... 55%  155M 0s
- 29750K .......... .......... .......... .......... .......... 55%  157M 0s
- 29800K .......... .......... .......... .......... .......... 55%  172M 0s
- 29850K .......... .......... .......... .......... .......... 55%  167M 0s
- 29900K .......... .......... .......... .......... .......... 56%  167M 0s
- 29950K .......... .......... .......... .......... .......... 56%  146M 0s
- 30000K .......... .......... .......... .......... .......... 56%  114M 0s
- 30050K .......... .......... .......... .......... .......... 56%  111M 0s
- 30100K .......... .......... .......... .......... .......... 56%  147M 0s
- 30150K .......... .......... .......... .......... .......... 56%  139M 0s
- 30200K .......... .......... .......... .......... .......... 56%  172M 0s
- 30250K .......... .......... .......... .......... .......... 56%  177M 0s
- 30300K .......... .......... .......... .......... .......... 56%  156M 0s
- 30350K .......... .......... .......... .......... .......... 56%  150M 0s
- 30400K .......... .......... .......... .......... .......... 57%  185M 0s
- 30450K .......... .......... .......... .......... .......... 57%  163M 0s
- 30500K .......... .......... .......... .......... .......... 57%  169M 0s
- 30550K .......... .......... .......... .......... .......... 57%  151M 0s
- 30600K .......... .......... .......... .......... .......... 57%  175M 0s
- 30650K .......... .......... .......... .......... .......... 57%  183M 0s
- 30700K .......... .......... .......... .......... .......... 57%  237M 0s
- 30750K .......... .......... .......... .......... .......... 57%  153M 0s
- 30800K .......... .......... .......... .......... .......... 57%  106M 0s
- 30850K .......... .......... .......... .......... .......... 57%  252M 0s
- 30900K .......... .......... .......... .......... .......... 57%  243M 0s
- 30950K .......... .......... .......... .......... .......... 58%  264M 0s
- 31000K .......... .......... .......... .......... .......... 58%  210M 0s
- 31050K .......... .......... .......... .......... .......... 58%  154M 0s
- 31100K .......... .......... .......... .......... .......... 58%  129M 0s
- 31150K .......... .......... .......... .......... .......... 58%  144M 0s
- 31200K .......... .......... .......... .......... .......... 58%  115M 0s
- 31250K .......... .......... .......... .......... .......... 58%  167M 0s
- 31300K .......... .......... .......... .......... .......... 58%  158M 0s
- 31350K .......... .......... .......... .......... .......... 58%  149M 0s
- 31400K .......... .......... .......... .......... .......... 58%  127M 0s
- 31450K .......... .......... .......... .......... .......... 58%  103M 0s
- 31500K .......... .......... .......... .......... .......... 59%  161M 0s
- 31550K .......... .......... .......... .......... .......... 59%  192M 0s
- 31600K .......... .......... .......... .......... .......... 59%  145M 0s
- 31650K .......... .......... .......... .......... .......... 59%  144M 0s
- 31700K .......... .......... .......... .......... .......... 59%  177M 0s
- 31750K .......... .......... .......... .......... .......... 59%  148M 0s
- 31800K .......... .......... .......... .......... .......... 59%  123M 0s
- 31850K .......... .......... .......... .......... .......... 59%  107M 0s
- 31900K .......... .......... .......... .......... .......... 59%  157M 0s
- 31950K .......... .......... .......... .......... .......... 59%  149M 0s
- 32000K .......... .......... .......... .......... .......... 60%  179M 0s
- 32050K .......... .......... .......... .......... .......... 60%  115M 0s
- 32100K .......... .......... .......... .......... .......... 60%  109M 0s
- 32150K .......... .......... .......... .......... .......... 60%  138M 0s
- 32200K .......... .......... .......... .......... .......... 60%  177M 0s
- 32250K .......... .......... .......... .......... .......... 60%  186M 0s
- 32300K .......... .......... .......... .......... .......... 60%  166M 0s
- 32350K .......... .......... .......... .......... .......... 60% 90.7M 0s
- 32400K .......... .......... .......... .......... .......... 60%  168M 0s
- 32450K .......... .......... .......... .......... .......... 60%  209M 0s
- 32500K .......... .......... .......... .......... .......... 60%  211M 0s
- 32550K .......... .......... .......... .......... .......... 61%  227M 0s
- 32600K .......... .......... .......... .......... .......... 61%  183M 0s
- 32650K .......... .......... .......... .......... .......... 61%  165M 0s
- 32700K .......... .......... .......... .......... .......... 61%  166M 0s
- 32750K .......... .......... .......... .......... .......... 61%  151M 0s
- 32800K .......... .......... .......... .......... .......... 61%  193M 0s
- 32850K .......... .......... .......... .......... .......... 61% 67.7M 0s
- 32900K .......... .......... .......... .......... .......... 61%  177M 0s
- 32950K .......... .......... .......... .......... .......... 61%  154M 0s
- 33000K .......... .......... .......... .......... .......... 61%  131M 0s
- 33050K .......... .......... .......... .......... .......... 61%  105M 0s
- 33100K .......... .......... .......... .......... .......... 62%  128M 0s
- 33150K .......... .......... .......... .......... .......... 62% 98.0M 0s
- 33200K .......... .......... .......... .......... .......... 62%  122M 0s
- 33250K .......... .......... .......... .......... .......... 62%  163M 0s
- 33300K .......... .......... .......... .......... .......... 62%  193M 0s
- 33350K .......... .......... .......... .......... .......... 62%  154M 0s
- 33400K .......... .......... .......... .......... .......... 62%  153M 0s
- 33450K .......... .......... .......... .......... .......... 62%  126M 0s
- 33500K .......... .......... .......... .......... .......... 62%  178M 0s
- 33550K .......... .......... .......... .......... .......... 62%  154M 0s
- 33600K .......... .......... .......... .......... .......... 63%  183M 0s
- 33650K .......... .......... .......... .......... .......... 63%  166M 0s
- 33700K .......... .......... .......... .......... .......... 63%  169M 0s
- 33750K .......... .......... .......... .......... .......... 63%  137M 0s
- 33800K .......... .......... .......... .......... .......... 63% 93.0M 0s
- 33850K .......... .......... .......... .......... .......... 63%  138M 0s
- 33900K .......... .......... .......... .......... .......... 63%  143M 0s
- 33950K .......... .......... .......... .......... .......... 63%  102M 0s
- 34000K .......... .......... .......... .......... .......... 63%  109M 0s
- 34050K .......... .......... .......... .......... .......... 63%  150M 0s
- 34100K .......... .......... .......... .......... .......... 63%  152M 0s
- 34150K .......... .......... .......... .......... .......... 64%  137M 0s
- 34200K .......... .......... .......... .......... .......... 64%  204M 0s
- 34250K .......... .......... .......... .......... .......... 64%  236M 0s
- 34300K .......... .......... .......... .......... .......... 64%  238M 0s
- 34350K .......... .......... .......... .......... .......... 64%  149M 0s
- 34400K .......... .......... .......... .......... .......... 64%  236M 0s
- 34450K .......... .......... .......... .......... .......... 64%  220M 0s
- 34500K .......... .......... .......... .......... .......... 64%  255M 0s
- 34550K .......... .......... .......... .......... .......... 64%  235M 0s
- 34600K .......... .......... .......... .......... .......... 64%  162M 0s
- 34650K .......... .......... .......... .......... .......... 64%  251M 0s
- 34700K .......... .......... .......... .......... .......... 65%  178M 0s
- 34750K .......... .......... .......... .......... .......... 65%  154M 0s
- 34800K .......... .......... .......... .......... .......... 65%  189M 0s
- 34850K .......... .......... .......... .......... .......... 65%  176M 0s
- 34900K .......... .......... .......... .......... .......... 65%  180M 0s
- 34950K .......... .......... .......... .......... .......... 65%  112M 0s
- 35000K .......... .......... .......... .......... .......... 65%  135M 0s
- 35050K .......... .......... .......... .......... .......... 65%  139M 0s
- 35100K .......... .......... .......... .......... .......... 65%  144M 0s
- 35150K .......... .......... .......... .......... .......... 65%  176M 0s
- 35200K .......... .......... .......... .......... .......... 66%  191M 0s
- 35250K .......... .......... .......... .......... .......... 66%  151M 0s
- 35300K .......... .......... .......... .......... .......... 66%  147M 0s
- 35350K .......... .......... .......... .......... .......... 66%  105M 0s
- 35400K .......... .......... .......... .......... .......... 66%  160M 0s
- 35450K .......... .......... .......... .......... .......... 66%  165M 0s
- 35500K .......... .......... .......... .......... .......... 66%  176M 0s
- 35550K .......... .......... .......... .......... .......... 66%  140M 0s
- 35600K .......... .......... .......... .......... .......... 66%  110M 0s
- 35650K .......... .......... .......... .......... .......... 66%  184M 0s
- 35700K .......... .......... .......... .......... .......... 66%  199M 0s
- 35750K .......... .......... .......... .......... .......... 67%  153M 0s
- 35800K .......... .......... .......... .......... .......... 67%  171M 0s
- 35850K .......... .......... .......... .......... .......... 67%  182M 0s
- 35900K .......... .......... .......... .......... .......... 67%  185M 0s
- 35950K .......... .......... .......... .......... .......... 67% 98.2M 0s
- 36000K .......... .......... .......... .......... .......... 67%  166M 0s
- 36050K .......... .......... .......... .......... .......... 67%  152M 0s
- 36100K .......... .......... .......... .......... .......... 67%  176M 0s
- 36150K .......... .......... .......... .......... .......... 67%  105M 0s
- 36200K .......... .......... .......... .......... .......... 67%  169M 0s
- 36250K .......... .......... .......... .......... .......... 67%  177M 0s
- 36300K .......... .......... .......... .......... .......... 68%  183M 0s
- 36350K .......... .......... .......... .......... .......... 68%  154M 0s
- 36400K .......... .......... .......... .......... .......... 68%  162M 0s
- 36450K .......... .......... .......... .......... .......... 68%  182M 0s
- 36500K .......... .......... .......... .......... .......... 68%  198M 0s
- 36550K .......... .......... .......... .......... .......... 68%  135M 0s
- 36600K .......... .......... .......... .......... .......... 68%  184M 0s
- 36650K .......... .......... .......... .......... .......... 68%  191M 0s
- 36700K .......... .......... .......... .......... .......... 68%  186M 0s
- 36750K .......... .......... .......... .......... .......... 68% 97.5M 0s
- 36800K .......... .......... .......... .......... .......... 69%  177M 0s
- 36850K .......... .......... .......... .......... .......... 69%  163M 0s
- 36900K .......... .......... .......... .......... .......... 69%  163M 0s
- 36950K .......... .......... .......... .......... .......... 69%  151M 0s
- 37000K .......... .......... .......... .......... .......... 69%  135M 0s
- 37050K .......... .......... .......... .......... .......... 69%  138M 0s
- 37100K .......... .......... .......... .......... .......... 69%  172M 0s
- 37150K .......... .......... .......... .......... .......... 69%  127M 0s
- 37200K .......... .......... .......... .......... .......... 69%  123M 0s
- 37250K .......... .......... .......... .......... .......... 69%  205M 0s
- 37300K .......... .......... .......... .......... .......... 69%  215M 0s
- 37350K .......... .......... .......... .......... .......... 70%  145M 0s
- 37400K .......... .......... .......... .......... .......... 70%  186M 0s
- 37450K .......... .......... .......... .......... .......... 70%  126M 0s
- 37500K .......... .......... .......... .......... .......... 70%  172M 0s
- 37550K .......... .......... .......... .......... .......... 70%  146M 0s
- 37600K .......... .......... .......... .......... .......... 70%  172M 0s
- 37650K .......... .......... .......... .......... .......... 70%  163M 0s
- 37700K .......... .......... .......... .......... .......... 70%  162M 0s
- 37750K .......... .......... .......... .......... .......... 70%  118M 0s
- 37800K .......... .......... .......... .......... .......... 70%  261M 0s
- 37850K .......... .......... .......... .......... .......... 70%  218M 0s
- 37900K .......... .......... .......... .......... .......... 71%  257M 0s
- 37950K .......... .......... .......... .......... .......... 71%  206M 0s
- 38000K .......... .......... .......... .......... .......... 71%  265M 0s
- 38050K .......... .......... .......... .......... .......... 71%  260M 0s
- 38100K .......... .......... .......... .......... .......... 71%  192M 0s
- 38150K .......... .......... .......... .......... .......... 71%  123M 0s
- 38200K .......... .......... .......... .......... .......... 71%  139M 0s
- 38250K .......... .......... .......... .......... .......... 71%  178M 0s
- 38300K .......... .......... .......... .......... .......... 71%  187M 0s
- 38350K .......... .......... .......... .......... .......... 71% 99.2M 0s
- 38400K .......... .......... .......... .......... .......... 71%  223M 0s
- 38450K .......... .......... .......... .......... .......... 72%  250M 0s
- 38500K .......... .......... .......... .......... .......... 72%  201M 0s
- 38550K .......... .......... .......... .......... .......... 72%  175M 0s
- 38600K .......... .......... .......... .......... .......... 72%  129M 0s
- 38650K .......... .......... .......... .......... .......... 72%  142M 0s
- 38700K .......... .......... .......... .......... .......... 72%  177M 0s
- 38750K .......... .......... .......... .......... .......... 72%  148M 0s
- 38800K .......... .......... .......... .......... .......... 72%  137M 0s
- 38850K .......... .......... .......... .......... .......... 72%  157M 0s
- 38900K .......... .......... .......... .......... .......... 72%  160M 0s
- 38950K .......... .......... .......... .......... .......... 73%  136M 0s
- 39000K .......... .......... .......... .......... .......... 73%  118M 0s
- 39050K .......... .......... .......... .......... .......... 73%  175M 0s
- 39100K .......... .......... .......... .......... .......... 73%  169M 0s
- 39150K .......... .......... .......... .......... .......... 73%  156M 0s
- 39200K .......... .......... .......... .......... .......... 73%  211M 0s
- 39250K .......... .......... .......... .......... .......... 73%  106M 0s
- 39300K .......... .......... .......... .......... .......... 73%  186M 0s
- 39350K .......... .......... .......... .......... .......... 73%  142M 0s
- 39400K .......... .......... .......... .......... .......... 73%  134M 0s
- 39450K .......... .......... .......... .......... .......... 73%  147M 0s
- 39500K .......... .......... .......... .......... .......... 74%  174M 0s
- 39550K .......... .......... .......... .......... .......... 74%  163M 0s
- 39600K .......... .......... .......... .......... .......... 74%  181M 0s
- 39650K .......... .......... .......... .......... .......... 74%  154M 0s
- 39700K .......... .......... .......... .......... .......... 74%  108M 0s
- 39750K .......... .......... .......... .......... .......... 74%  155M 0s
- 39800K .......... .......... .......... .......... .......... 74%  162M 0s
- 39850K .......... .......... .......... .......... .......... 74%  190M 0s
- 39900K .......... .......... .......... .......... .......... 74%  191M 0s
- 39950K .......... .......... .......... .......... .......... 74% 90.3M 0s
- 40000K .......... .......... .......... .......... .......... 74%  178M 0s
- 40050K .......... .......... .......... .......... .......... 75%  183M 0s
- 40100K .......... .......... .......... .......... .......... 75%  103M 0s
- 40150K .......... .......... .......... .......... .......... 75%  163M 0s
- 40200K .......... .......... .......... .......... .......... 75%  198M 0s
- 40250K .......... .......... .......... .......... .......... 75%  124M 0s
- 40300K .......... .......... .......... .......... .......... 75%  141M 0s
- 40350K .......... .......... .......... .......... .......... 75%  137M 0s
- 40400K .......... .......... .......... .......... .......... 75%  147M 0s
- 40450K .......... .......... .......... .......... .......... 75%  155M 0s
- 40500K .......... .......... .......... .......... .......... 75%  208M 0s
- 40550K .......... .......... .......... .......... .......... 76%  199M 0s
- 40600K .......... .......... .......... .......... .......... 76%  170M 0s
- 40650K .......... .......... .......... .......... .......... 76%  169M 0s
- 40700K .......... .......... .......... .......... .......... 76%  137M 0s
- 40750K .......... .......... .......... .......... .......... 76%  147M 0s
- 40800K .......... .......... .......... .......... .......... 76%  218M 0s
- 40850K .......... .......... .......... .......... .......... 76%  215M 0s
- 40900K .......... .......... .......... .......... .......... 76%  215M 0s
- 40950K .......... .......... .......... .......... .......... 76%  221M 0s
- 41000K .......... .......... .......... .......... .......... 76%  231M 0s
- 41050K .......... .......... .......... .......... .......... 76%  256M 0s
- 41100K .......... .......... .......... .......... .......... 77%  245M 0s
- 41150K .......... .......... .......... .......... .......... 77%  163M 0s
- 41200K .......... .......... .......... .......... .......... 77%  157M 0s
- 41250K .......... .......... .......... .......... .......... 77%  176M 0s
- 41300K .......... .......... .......... .......... .......... 77%  176M 0s
- 41350K .......... .......... .......... .......... .......... 77% 99.1M 0s
- 41400K .......... .......... .......... .......... .......... 77%  170M 0s
- 41450K .......... .......... .......... .......... .......... 77%  141M 0s
- 41500K .......... .......... .......... .......... .......... 77%  149M 0s
- 41550K .......... .......... .......... .......... .......... 77%  150M 0s
- 41600K .......... .......... .......... .......... .......... 77%  114M 0s
- 41650K .......... .......... .......... .......... .......... 78%  163M 0s
- 41700K .......... .......... .......... .......... .......... 78%  187M 0s
- 41750K .......... .......... .......... .......... .......... 78%  154M 0s
- 41800K .......... .......... .......... .......... .......... 78%  151M 0s
- 41850K .......... .......... .......... .......... .......... 78%  106M 0s
- 41900K .......... .......... .......... .......... .......... 78%  157M 0s
- 41950K .......... .......... .......... .......... .......... 78%  135M 0s
- 42000K .......... .......... .......... .......... .......... 78%  172M 0s
- 42050K .......... .......... .......... .......... .......... 78%  167M 0s
- 42100K .......... .......... .......... .......... .......... 78%  105M 0s
- 42150K .......... .......... .......... .......... .......... 79%  129M 0s
- 42200K .......... .......... .......... .......... .......... 79%  239M 0s
- 42250K .......... .......... .......... .......... .......... 79%  236M 0s
- 42300K .......... .......... .......... .......... .......... 79%  234M 0s
- 42350K .......... .......... .......... .......... .......... 79%  147M 0s
- 42400K .......... .......... .......... .......... .......... 79%  181M 0s
- 42450K .......... .......... .......... .......... .......... 79%  108M 0s
- 42500K .......... .......... .......... .......... .......... 79%  187M 0s
- 42550K .......... .......... .......... .......... .......... 79%  154M 0s
- 42600K .......... .......... .......... .......... .......... 79%  167M 0s
- 42650K .......... .......... .......... .......... .......... 79% 92.3M 0s
- 42700K .......... .......... .......... .......... .......... 80%  166M 0s
- 42750K .......... .......... .......... .......... .......... 80%  181M 0s
- 42800K .......... .......... .......... .......... .......... 80%  179M 0s
- 42850K .......... .......... .......... .......... .......... 80% 81.8M 0s
- 42900K .......... .......... .......... .......... .......... 80%  164M 0s
- 42950K .......... .......... .......... .......... .......... 80%  155M 0s
- 43000K .......... .......... .......... .......... .......... 80%  109M 0s
- 43050K .......... .......... .......... .......... .......... 80%  157M 0s
- 43100K .......... .......... .......... .......... .......... 80%  163M 0s
- 43150K .......... .......... .......... .......... .......... 80%  210M 0s
- 43200K .......... .......... .......... .......... .......... 80%  123M 0s
- 43250K .......... .......... .......... .......... .......... 81%  157M 0s
- 43300K .......... .......... .......... .......... .......... 81%  168M 0s
- 43350K .......... .......... .......... .......... .......... 81%  125M 0s
- 43400K .......... .......... .......... .......... .......... 81%  156M 0s
- 43450K .......... .......... .......... .......... .......... 81%  160M 0s
- 43500K .......... .......... .......... .......... .......... 81%  115M 0s
- 43550K .......... .......... .......... .......... .......... 81%  139M 0s
- 43600K .......... .......... .......... .......... .......... 81%  166M 0s
- 43650K .......... .......... .......... .......... .......... 81%  112M 0s
- 43700K .......... .......... .......... .......... .......... 81%  171M 0s
- 43750K .......... .......... .......... .......... .......... 82%  165M 0s
- 43800K .......... .......... .......... .......... .......... 82%  162M 0s
- 43850K .......... .......... .......... .......... .......... 82%  176M 0s
- 43900K .......... .......... .......... .......... .......... 82%  204M 0s
- 43950K .......... .......... .......... .......... .......... 82%  217M 0s
- 44000K .......... .......... .......... .......... .......... 82%  245M 0s
- 44050K .......... .......... .......... .......... .......... 82%  264M 0s
- 44100K .......... .......... .......... .......... .......... 82%  241M 0s
- 44150K .......... .......... .......... .......... .......... 82%  170M 0s
- 44200K .......... .......... .......... .......... .......... 82%  181M 0s
- 44250K .......... .......... .......... .......... .......... 82%  148M 0s
- 44300K .......... .......... .......... .......... .......... 83%  128M 0s
- 44350K .......... .......... .......... .......... .......... 83%  165M 0s
- 44400K .......... .......... .......... .......... .......... 83%  166M 0s
- 44450K .......... .......... .......... .......... .......... 83%  165M 0s
- 44500K .......... .......... .......... .......... .......... 83%  159M 0s
- 44550K .......... .......... .......... .......... .......... 83%  113M 0s
- 44600K .......... .......... .......... .......... .......... 83%  119M 0s
- 44650K .......... .......... .......... .......... .......... 83%  166M 0s
- 44700K .......... .......... .......... .......... .......... 83%  191M 0s
- 44750K .......... .......... .......... .......... .......... 83%  130M 0s
- 44800K .......... .......... .......... .......... .......... 83%  185M 0s
- 44850K .......... .......... .......... .......... .......... 84%  193M 0s
- 44900K .......... .......... .......... .......... .......... 84% 66.4M 0s
- 44950K .......... .......... .......... .......... .......... 84%  113M 0s
- 45000K .......... .......... .......... .......... .......... 84%  187M 0s
- 45050K .......... .......... .......... .......... .......... 84%  150M 0s
- 45100K .......... .......... .......... .......... .......... 84%  184M 0s
- 45150K .......... .......... .......... .......... .......... 84%  139M 0s
- 45200K .......... .......... .......... .......... .......... 84%  151M 0s
- 45250K .......... .......... .......... .......... .......... 84%  169M 0s
- 45300K .......... .......... .......... .......... .......... 84% 95.6M 0s
- 45350K .......... .......... .......... .......... .......... 85%  148M 0s
- 45400K .......... .......... .......... .......... .......... 85%  145M 0s
- 45450K .......... .......... .......... .......... .......... 85%  147M 0s
- 45500K .......... .......... .......... .......... .......... 85%  251M 0s
- 45550K .......... .......... .......... .......... .......... 85%  235M 0s
- 45600K .......... .......... .......... .......... .......... 85%  237M 0s
- 45650K .......... .......... .......... .......... .......... 85%  148M 0s
- 45700K .......... .......... .......... .......... .......... 85%  269M 0s
- 45750K .......... .......... .......... .......... .......... 85%  221M 0s
- 45800K .......... .......... .......... .......... .......... 85%  252M 0s
- 45850K .......... .......... .......... .......... .......... 85%  156M 0s
- 45900K .......... .......... .......... .......... .......... 86%  184M 0s
- 45950K .......... .......... .......... .......... .......... 86%  152M 0s
- 46000K .......... .......... .......... .......... .......... 86%  158M 0s
- 46050K .......... .......... .......... .......... .......... 86%  135M 0s
- 46100K .......... .......... .......... .......... .......... 86%  162M 0s
- 46150K .......... .......... .......... .......... .......... 86%  126M 0s
- 46200K .......... .......... .......... .......... .......... 86%  137M 0s
- 46250K .......... .......... .......... .......... .......... 86%  178M 0s
- 46300K .......... .......... .......... .......... .......... 86%  180M 0s
- 46350K .......... .......... .......... .......... .......... 86% 71.7M 0s
- 46400K .......... .......... .......... .......... .......... 86%  168M 0s
- 46450K .......... .......... .......... .......... .......... 87%  154M 0s
- 46500K .......... .......... .......... .......... .......... 87%  165M 0s
- 46550K .......... .......... .......... .......... .......... 87%  153M 0s
- 46600K .......... .......... .......... .......... .......... 87%  118M 0s
- 46650K .......... .......... .......... .......... .......... 87%  152M 0s
- 46700K .......... .......... .......... .......... .......... 87%  194M 0s
- 46750K .......... .......... .......... .......... .......... 87%  141M 0s
- 46800K .......... .......... .......... .......... .......... 87%  180M 0s
- 46850K .......... .......... .......... .......... .......... 87% 97.9M 0s
- 46900K .......... .......... .......... .......... .......... 87%  171M 0s
- 46950K .......... .......... .......... .......... .......... 88%  153M 0s
- 47000K .......... .......... .......... .......... .......... 88%  121M 0s
- 47050K .......... .......... .......... .......... .......... 88%  140M 0s
- 47100K .......... .......... .......... .......... .......... 88%  154M 0s
- 47150K .......... .......... .......... .......... .......... 88%  134M 0s
- 47200K .......... .......... .......... .......... .......... 88%  147M 0s
- 47250K .......... .......... .......... .......... .......... 88%  161M 0s
- 47300K .......... .......... .......... .......... .......... 88%  175M 0s
- 47350K .......... .......... .......... .......... .......... 88% 99.3M 0s
- 47400K .......... .......... .......... .......... .......... 88%  167M 0s
- 47450K .......... .......... .......... .......... .......... 88%  190M 0s
- 47500K .......... .......... .......... .......... .......... 89%  162M 0s
- 47550K .......... .......... .......... .......... .......... 89% 99.4M 0s
- 47600K .......... .......... .......... .......... .......... 89%  159M 0s
- 47650K .......... .......... .......... .......... .......... 89%  165M 0s
- 47700K .......... .......... .......... .......... .......... 89%  177M 0s
- 47750K .......... .......... .......... .......... .......... 89%  152M 0s
- 47800K .......... .......... .......... .......... .......... 89%  132M 0s
- 47850K .......... .......... .......... .......... .......... 89%  130M 0s
- 47900K .......... .......... .......... .......... .......... 89%  163M 0s
- 47950K .......... .......... .......... .......... .......... 89%  188M 0s
- 48000K .......... .......... .......... .......... .......... 89%  239M 0s
- 48050K .......... .......... .......... .......... .......... 90%  107M 0s
- 48100K .......... .......... .......... .......... .......... 90%  131M 0s
- 48150K .......... .......... .......... .......... .......... 90%  152M 0s
- 48200K .......... .......... .......... .......... .......... 90%  145M 0s
- 48250K .......... .......... .......... .......... .......... 90%  138M 0s
- 48300K .......... .......... .......... .......... .......... 90% 95.1M 0s
- 48350K .......... .......... .......... .......... .......... 90%  110M 0s
- 48400K .......... .......... .......... .......... .......... 90%  153M 0s
- 48450K .......... .......... .......... .......... .......... 90%  192M 0s
- 48500K .......... .......... .......... .......... .......... 90%  172M 0s
- 48550K .......... .......... .......... .......... .......... 91%  156M 0s
- 48600K .......... .......... .......... .......... .......... 91%  112M 0s
- 48650K .......... .......... .......... .......... .......... 91%  111M 0s
- 48700K .......... .......... .......... .......... .......... 91%  182M 0s
- 48750K .......... .......... .......... .......... .......... 91%  148M 0s
- 48800K .......... .......... .......... .......... .......... 91%  107M 0s
- 48850K .......... .......... .......... .......... .......... 91%  173M 0s
- 48900K .......... .......... .......... .......... .......... 91%  167M 0s
- 48950K .......... .......... .......... .......... .......... 91%  105M 0s
- 49000K .......... .......... .......... .......... .......... 91%  167M 0s
- 49050K .......... .......... .......... .......... .......... 91%  181M 0s
- 49100K .......... .......... .......... .......... .......... 92%  170M 0s
- 49150K .......... .......... .......... .......... .......... 92%  165M 0s
- 49200K .......... .......... .......... .......... .......... 92%  183M 0s
- 49250K .......... .......... .......... .......... .......... 92%  139M 0s
- 49300K .......... .......... .......... .......... .......... 92%  180M 0s
- 49350K .......... .......... .......... .......... .......... 92%  123M 0s
- 49400K .......... .......... .......... .......... .......... 92% 99.8M 0s
- 49450K .......... .......... .......... .......... .......... 92%  187M 0s
- 49500K .......... .......... .......... .......... .......... 92%  253M 0s
- 49550K .......... .......... .......... .......... .......... 92%  177M 0s
- 49600K .......... .......... .......... .......... .......... 92%  240M 0s
- 49650K .......... .......... .......... .......... .......... 93%  242M 0s
- 49700K .......... .......... .......... .......... .......... 93%  267M 0s
- 49750K .......... .......... .......... .......... .......... 93%  236M 0s
- 49800K .......... .......... .......... .......... .......... 93%  254M 0s
- 49850K .......... .......... .......... .......... .......... 93%  220M 0s
- 49900K .......... .......... .......... .......... .......... 93%  197M 0s
- 49950K .......... .......... .......... .......... .......... 93%  103M 0s
- 50000K .......... .......... .......... .......... .......... 93%  168M 0s
- 50050K .......... .......... .......... .......... .......... 93%  191M 0s
- 50100K .......... .......... .......... .......... .......... 93%  193M 0s
- 50150K .......... .......... .......... .......... .......... 94%  139M 0s
- 50200K .......... .......... .......... .......... .......... 94%  119M 0s
- 50250K .......... .......... .......... .......... .......... 94%  179M 0s
- 50300K .......... .......... .......... .......... .......... 94%  177M 0s
- 50350K .......... .......... .......... .......... .......... 94%  148M 0s
- 50400K .......... .......... .......... .......... .......... 94%  154M 0s
- 50450K .......... .......... .......... .......... .......... 94%  164M 0s
- 50500K .......... .......... .......... .......... .......... 94%  106M 0s
- 50550K .......... .......... .......... .......... .......... 94%  196M 0s
- 50600K .......... .......... .......... .......... .......... 94%  192M 0s
- 50650K .......... .......... .......... .......... .......... 94%  157M 0s
- 50700K .......... .......... .......... .......... .......... 95%  183M 0s
- 50750K .......... .......... .......... .......... .......... 95%  164M 0s
- 50800K .......... .......... .......... .......... .......... 95%  113M 0s
- 50850K .......... .......... .......... .......... .......... 95%  184M 0s
- 50900K .......... .......... .......... .......... .......... 95%  178M 0s
- 50950K .......... .......... .......... .......... .......... 95%  134M 0s
- 51000K .......... .......... .......... .......... .......... 95%  175M 0s
- 51050K .......... .......... .......... .......... .......... 95%  172M 0s
- 51100K .......... .......... .......... .......... .......... 95%  162M 0s
- 51150K .......... .......... .......... .......... .......... 95%  150M 0s
- 51200K .......... .......... .......... .......... .......... 95%  159M 0s
- 51250K .......... .......... .......... .......... .......... 96%  184M 0s
- 51300K .......... .......... .......... .......... .......... 96%  170M 0s
- 51350K .......... .......... .......... .......... .......... 96%  162M 0s
- 51400K .......... .......... .......... .......... .......... 96%  167M 0s
- 51450K .......... .......... .......... .......... .......... 96%  156M 0s
- 51500K .......... .......... .......... .......... .......... 96%  160M 0s
- 51550K .......... .......... .......... .......... .......... 96%  145M 0s
- 51600K .......... .......... .......... .......... .......... 96%  171M 0s
- 51650K .......... .......... .......... .......... .......... 96%  178M 0s
- 51700K .......... .......... .......... .......... .......... 96%  175M 0s
- 51750K .......... .......... .......... .......... .......... 96%  156M 0s
- 51800K .......... .......... .......... .......... .......... 97%  181M 0s
- 51850K .......... .......... .......... .......... .......... 97%  183M 0s
- 51900K .......... .......... .......... .......... .......... 97%  199M 0s
- 51950K .......... .......... .......... .......... .......... 97%  154M 0s
- 52000K .......... .......... .......... .......... .......... 97%  168M 0s
- 52050K .......... .......... .......... .......... .......... 97%  190M 0s
- 52100K .......... .......... .......... .......... .......... 97%  190M 0s
- 52150K .......... .......... .......... .......... .......... 97%  165M 0s
- 52200K .......... .......... .......... .......... .......... 97%  254M 0s
- 52250K .......... .......... .......... .......... .......... 97%  229M 0s
- 52300K .......... .......... .......... .......... .......... 98%  209M 0s
- 52350K .......... .......... .......... .......... .......... 98%  151M 0s
- 52400K .......... .......... .......... .......... .......... 98%  141M 0s
- 52450K .......... .......... .......... .......... .......... 98%  175M 0s
- 52500K .......... .......... .......... .......... .......... 98%  160M 0s
- 52550K .......... .......... .......... .......... .......... 98%  158M 0s
- 52600K .......... .......... .......... .......... .......... 98%  165M 0s
- 52650K .......... .......... .......... .......... .......... 98%  180M 0s
- 52700K .......... .......... .......... .......... .......... 98%  168M 0s
- 52750K .......... .......... .......... .......... .......... 98%  138M 0s
- 52800K .......... .......... .......... .......... .......... 98%  180M 0s
- 52850K .......... .......... .......... .......... .......... 99%  179M 0s
- 52900K .......... .......... .......... .......... .......... 99%  169M 0s
- 52950K .......... .......... .......... .......... .......... 99%  146M 0s
- 53000K .......... .......... .......... .......... .......... 99%  181M 0s
- 53050K .......... .......... .......... .......... .......... 99%  216M 0s
- 53100K .......... .......... .......... .......... .......... 99%  167M 0s
- 53150K .......... .......... .......... .......... .......... 99%  188M 0s
+ 29100K .......... .......... .......... .......... .......... 54% 79.8M 0s
+ 29150K .......... .......... .......... .......... .......... 54% 77.7M 0s
+ 29200K .......... .......... .......... .......... .......... 54% 68.7M 0s
+ 29250K .......... .......... .......... .......... .......... 54% 84.9M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  141M 0s
+ 29350K .......... .......... .......... .......... .......... 55% 58.7M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  187M 0s
+ 29450K .......... .......... .......... .......... .......... 55%  243M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  217M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  123M 0s
+ 29600K .......... .......... .......... .......... .......... 55% 34.5M 0s
+ 29650K .......... .......... .......... .......... .......... 55% 76.1M 0s
+ 29700K .......... .......... .......... .......... .......... 55% 72.4M 0s
+ 29750K .......... .......... .......... .......... .......... 55% 73.1M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  173M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  233M 0s
+ 29900K .......... .......... .......... .......... .......... 56%  158M 0s
+ 29950K .......... .......... .......... .......... .......... 56% 90.6M 0s
+ 30000K .......... .......... .......... .......... .......... 56% 68.8M 0s
+ 30050K .......... .......... .......... .......... .......... 56%  215M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  191M 0s
+ 30150K .......... .......... .......... .......... .......... 56%  215M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  210M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  212M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  111M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  142M 0s
+ 30400K .......... .......... .......... .......... .......... 57% 90.5M 0s
+ 30450K .......... .......... .......... .......... .......... 57% 74.7M 0s
+ 30500K .......... .......... .......... .......... .......... 57% 93.5M 0s
+ 30550K .......... .......... .......... .......... .......... 57% 68.6M 0s
+ 30600K .......... .......... .......... .......... .......... 57% 79.7M 0s
+ 30650K .......... .......... .......... .......... .......... 57% 79.7M 0s
+ 30700K .......... .......... .......... .......... .......... 57% 67.6M 0s
+ 30750K .......... .......... .......... .......... .......... 57% 73.3M 0s
+ 30800K .......... .......... .......... .......... .......... 57% 82.0M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  260M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  250M 0s
+ 30950K .......... .......... .......... .......... .......... 58% 56.7M 0s
+ 31000K .......... .......... .......... .......... .......... 58% 78.9M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  250M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  265M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  209M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  240M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  106M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  121M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  120M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  159M 0s
+ 31450K .......... .......... .......... .......... .......... 58% 75.5M 0s
+ 31500K .......... .......... .......... .......... .......... 59% 84.7M 0s
+ 31550K .......... .......... .......... .......... .......... 59% 61.4M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  107M 0s
+ 31650K .......... .......... .......... .......... .......... 59% 83.3M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  116M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  187M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  250M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  254M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  259M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  117M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  259M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  251M 0s
+ 32100K .......... .......... .......... .......... .......... 60% 55.5M 0s
+ 32150K .......... .......... .......... .......... .......... 60% 33.0M 0s
+ 32200K .......... .......... .......... .......... .......... 60% 78.2M 0s
+ 32250K .......... .......... .......... .......... .......... 60% 92.5M 0s
+ 32300K .......... .......... .......... .......... .......... 60% 69.6M 0s
+ 32350K .......... .......... .......... .......... .......... 60% 71.4M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  111M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  157M 0s
+ 32500K .......... .......... .......... .......... .......... 60% 62.8M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  217M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  260M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  259M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  246M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  193M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  250M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  257M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  259M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  192M 0s
+ 33000K .......... .......... .......... .......... .......... 61% 81.9M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  244M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  237M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  102M 0s
+ 33200K .......... .......... .......... .......... .......... 62% 72.3M 0s
+ 33250K .......... .......... .......... .......... .......... 62% 76.8M 0s
+ 33300K .......... .......... .......... .......... .......... 62% 72.0M 0s
+ 33350K .......... .......... .......... .......... .......... 62% 68.7M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  235M 0s
+ 33450K .......... .......... .......... .......... .......... 62% 82.7M 0s
+ 33500K .......... .......... .......... .......... .......... 62% 76.8M 0s
+ 33550K .......... .......... .......... .......... .......... 62% 64.3M 0s
+ 33600K .......... .......... .......... .......... .......... 63% 73.9M 0s
+ 33650K .......... .......... .......... .......... .......... 63% 88.2M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  125M 0s
+ 33750K .......... .......... .......... .......... .......... 63% 88.2M 0s
+ 33800K .......... .......... .......... .......... .......... 63% 81.4M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  192M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  169M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  129M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  188M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  176M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  199M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  173M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  261M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  237M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  197M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  164M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  173M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  154M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  159M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  151M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  255M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  258M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  265M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  188M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  255M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  262M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  260M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  204M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  207M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  187M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  192M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  154M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  179M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  188M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  190M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  172M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  171M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  189M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  183M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  151M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  198M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  197M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  171M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  160M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  182M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  175M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  154M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  139M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  168M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  159M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  190M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  178M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  179M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  173M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  182M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  165M 0s
+ 36400K .......... .......... .......... .......... .......... 68%  188M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  170M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  193M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  167M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  156M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  173M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  169M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  235M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  219M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  212M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  184M 0s
+ 36950K .......... .......... .......... .......... .......... 69%  164M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  176M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  199M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  195M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  151M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  168M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  183M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  153M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  140M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  175M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  151M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  174M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  166M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  187M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  190M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  192M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  152M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  186M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  166M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  185M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  165M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  199M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  185M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  222M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  149M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  172M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  152M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  182M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  175M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  164M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  194M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  188M 0s
+ 38550K .......... .......... .......... .......... .......... 72%  158M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  177M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  194M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  187M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  149M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  192M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  218M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  259M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  221M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  238M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  257M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  258M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  217M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  249M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  195M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  190M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  166M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  178M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  183M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  189M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  165M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  174M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  193M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  204M 0s
+ 39750K .......... .......... .......... .......... .......... 74%  181M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  188M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  258M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  255M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  150M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  166M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  194M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  193M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  147M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  195M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  191M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  185M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  140M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  198M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  175M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  158M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  144M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  174M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  170M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  167M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  153M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  200M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  183M 0s
+ 40900K .......... .......... .......... .......... .......... 76%  183M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  190M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  216M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  166M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  158M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  187M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  185M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  163M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  169M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  192M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  172M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  170M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  138M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  177M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  112M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  210M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  185M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  162M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  173M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  175M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  146M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  151M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  170M 0s
+ 42050K .......... .......... .......... .......... .......... 78%  176M 0s
+ 42100K .......... .......... .......... .......... .......... 78%  141M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  180M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  170M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  158M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  146M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  190M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  168M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  154M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  155M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  165M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  172M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  187M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  143M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  168M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  215M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  243M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  223M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  194M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  165M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  178M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  135M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  168M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  177M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  185M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  146M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  184M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  189M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  177M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  148M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  200M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  187M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  163M 0s
+ 43700K .......... .......... .......... .......... .......... 81%  162M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  180M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  209M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  232M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  194M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  233M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  255M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  259M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  204M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  237M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  260M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  253M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  211M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  183M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  180M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  172M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  148M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  179M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  182M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  173M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  139M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  163M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  170M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  156M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  156M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  159M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  182M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  262M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  210M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  197M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  187M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  181M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  168M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  194M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  163M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  202M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  160M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  172M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  177M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  213M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  185M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  171M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  173M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  187M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  149M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  148M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  170M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  165M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  144M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  180M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  177M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  170M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  156M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  201M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  149M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  174M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  185M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  180M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  209M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  164M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  168M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  188M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  182M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  178M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  146M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  171M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  140M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  154M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  146M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  174M 0s
+ 47200K .......... .......... .......... .......... .......... 88%  190M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  184M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  156M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  173M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  201M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  180M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  128M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  167M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  156M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  166M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  193M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  193M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  169M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  175M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  159M 0s
+ 47950K .......... .......... .......... .......... .......... 89%  164M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  159M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  170M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  186M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  260M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  243M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  180M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  240M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  205M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  151M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  188M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  185M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  187M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  157M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  184M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  194M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  184M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  157M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  189M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  148M 0s
+ 48950K .......... .......... .......... .......... .......... 91%  150M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  171M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  164M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  148M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  163M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  198M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  194M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  179M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  215M 0s
+ 49400K .......... .......... .......... .......... .......... 92%  188M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  200M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  155M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  183M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  194M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  249M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  207M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  258M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  263M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  257M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  210M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  195M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  236M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  256M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  232M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  239M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  176M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  183M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  182M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  156M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  165M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  209M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  158M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  161M 0s
+ 50600K .......... .......... .......... .......... .......... 94%  163M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  171M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  144M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  269M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  244M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  258M 0s
+ 50900K .......... .......... .......... .......... .......... 95%  152M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  195M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  190M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  195M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  152M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  189M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  175M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  201M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  185M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  165M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  188M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  194M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  185M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  144M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  172M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  163M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  190M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  184M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  186M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  162M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  197M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  146M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  157M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  212M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  157M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  145M 0s
+ 52200K .......... .......... .......... .......... .......... 97% 70.5M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  158M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  176M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  147M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  172M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  172M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  182M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  154M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  142M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  166M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  176M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  133M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  175M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  178M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  173M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  150M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  180M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  169M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  160M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  146M 0s
  53200K .......... .......... .......... .......... .......... 99%  183M 0s
- 53250K .......... .......... .......... .......... .......... 99%  135M 0s
- 53300K .......... .......... .......... .......... .......... 99%  194M 0s
- 53350K .......... .......... .......... .......... .......... 99%  147M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  167M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  185M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  167M 0s
  53400K ...                                                   100% 6.31T=0.5s
 
-2024-11-06 09:40:47 (113 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb’ saved [54685068/54685068]
+2024-11-11 09:50:54 (109 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 Selecting previously unselected package trivy.
@@ -13460,8 +13462,8 @@ Setting up trivy (0.44.1) ...
 NAME               INSTALLED  FIXED-IN  TYPE       VULNERABILITY        SEVERITY 
 k8s.io/kubernetes  v1.29.0    1.29.7    go-module  GHSA-82m2-cv7p-4m75  Medium    
 k8s.io/kubernetes  v1.29.0    1.29.4    go-module  GHSA-pxhw-596r-rwq5  Low
-+docker sbom quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
 +tee /tmp/sbom.txt
++docker sbom quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
 NAME                                                                         VERSION                                   TYPE      
 ./pkg/ipam                                                                   (devel)                                   go-module  
 dario.cat/mergo                                                              v0.3.16                                   go-module  
@@ -13594,9 +13596,9 @@ sigs.k8s.io/structured-merge-diff/v4                                         v4.
 sigs.k8s.io/yaml                                                             v1.4.0                                    go-module  
 six                                                                          1.15.0                                    python     
 systemd-python                                                               234                                       python     
++/tmp/grype
 +docker sbom --format spdx-json registry.access.redhat.com/ubi9/ubi:9.3
 +tee /tmp/cve-base.txt
-+/tmp/grype
 NAME        INSTALLED  FIXED-IN  TYPE    VULNERABILITY        SEVERITY 
 idna        2.10       3.7       python  GHSA-jjg7-2v4v-x38h  Medium    
 requests    2.25.1     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium    
@@ -13615,194 +13617,194 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-61c957cf6e41: Pushed
-2da78aeecadc: Pushed
-a9d0958592a7: Pushed
-c6ce05a09977: Pushed
-3d6d0b739952: Pushed
-3a304f8979ba: Pushed
-d702866f0fc1: Pushed
-42b7273578ef: Pushed
-f290238eb703: Pushed
-0476db1990d3: Pushed
-5b0ef3e8fab7: Pushed
+1a6b532927e3: Pushed
+59b2cab698bb: Pushed
+289c21f58abf: Pushed
+4b4f6b00eb0e: Pushed
+9dd8f0f32b87: Pushed
+b0ced1c33e7b: Pushed
+d6162b934532: Pushed
+3232e4fd59c7: Pushed
+c3602053dd39: Pushed
+311869c18c4f: Pushed
+1a0de2e1b810: Pushed
+05ef093b07db: Pushed
 c0c2749c4e74: Layer already exists
-fa3cb8602155: Pushed
-522295eb93f1: Pushed
-d17c027642cf: Pushed
-b2d97c107ae0: Pushed
-6.0.4.4.81c2369: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+ff4052768446: Pushed
+f194fe716c17: Pushed
+4cc6ad87c468: Pushed
+6.0.4.4.81c2369: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-42b7273578ef: Layer already exists
-c6ce05a09977: Layer already exists
-a9d0958592a7: Layer already exists
-f290238eb703: Layer already exists
-3d6d0b739952: Layer already exists
-3a304f8979ba: Layer already exists
-0476db1990d3: Layer already exists
-522295eb93f1: Layer already exists
-2da78aeecadc: Layer already exists
-fa3cb8602155: Layer already exists
-5b0ef3e8fab7: Layer already exists
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+59b2cab698bb: Layer already exists
+1a6b532927e3: Layer already exists
+4b4f6b00eb0e: Layer already exists
+d6162b934532: Layer already exists
+b0ced1c33e7b: Layer already exists
+9dd8f0f32b87: Layer already exists
+c3602053dd39: Layer already exists
+f194fe716c17: Layer already exists
+1a0de2e1b810: Layer already exists
+311869c18c4f: Layer already exists
+289c21f58abf: Layer already exists
+4cc6ad87c468: Layer already exists
 c0c2749c4e74: Layer already exists
-b2d97c107ae0: Layer already exists
-61c957cf6e41: Layer already exists
-d702866f0fc1: Layer already exists
-d17c027642cf: Layer already exists
-6.0.4.4.81c2369: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+ff4052768446: Layer already exists
+05ef093b07db: Layer already exists
+3232e4fd59c7: Layer already exists
+6.0.4.4.81c2369: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-61c957cf6e41: Layer already exists
-2da78aeecadc: Layer already exists
-a9d0958592a7: Layer already exists
-c6ce05a09977: Layer already exists
-3d6d0b739952: Layer already exists
-3a304f8979ba: Layer already exists
-f290238eb703: Layer already exists
-d702866f0fc1: Layer already exists
-d17c027642cf: Layer already exists
-fa3cb8602155: Layer already exists
-522295eb93f1: Layer already exists
+1a6b532927e3: Layer already exists
+289c21f58abf: Layer already exists
+1a0de2e1b810: Layer already exists
+59b2cab698bb: Layer already exists
+d6162b934532: Layer already exists
+4b4f6b00eb0e: Layer already exists
+b0ced1c33e7b: Layer already exists
+c3602053dd39: Layer already exists
+f194fe716c17: Layer already exists
+ff4052768446: Layer already exists
+311869c18c4f: Layer already exists
+05ef093b07db: Layer already exists
+4cc6ad87c468: Layer already exists
 c0c2749c4e74: Layer already exists
-5b0ef3e8fab7: Layer already exists
-b2d97c107ae0: Layer already exists
-42b7273578ef: Layer already exists
-0476db1990d3: Layer already exists
-6.0.4.4.81c2369.110624.10022: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+9dd8f0f32b87: Layer already exists
+3232e4fd59c7: Layer already exists
+6.0.4.4.81c2369.111124.10031: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-61c957cf6e41: Layer already exists
-c6ce05a09977: Layer already exists
-2da78aeecadc: Layer already exists
-f290238eb703: Layer already exists
-a9d0958592a7: Layer already exists
-3a304f8979ba: Layer already exists
-d702866f0fc1: Layer already exists
-d17c027642cf: Layer already exists
-3d6d0b739952: Layer already exists
-522295eb93f1: Layer already exists
-0476db1990d3: Layer already exists
-fa3cb8602155: Layer already exists
+d6162b934532: Waiting
+1a0de2e1b810: Layer already exists
+1a6b532927e3: Layer already exists
+289c21f58abf: Layer already exists
+b0ced1c33e7b: Layer already exists
+d6162b934532: Layer already exists
+4b4f6b00eb0e: Layer already exists
+3232e4fd59c7: Layer already exists
+c3602053dd39: Layer already exists
+05ef093b07db: Layer already exists
+f194fe716c17: Layer already exists
+311869c18c4f: Layer already exists
+4cc6ad87c468: Layer already exists
+59b2cab698bb: Layer already exists
 c0c2749c4e74: Layer already exists
-42b7273578ef: Layer already exists
-5b0ef3e8fab7: Layer already exists
-b2d97c107ae0: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+9dd8f0f32b87: Layer already exists
+ff4052768446: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +docker login -u=[secure] -p=[secure] quay.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -13810,100 +13812,100 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-c6ce05a09977: Mounted from noirolabs/aci-containers-host
-61c957cf6e41: Mounted from noirolabs/aci-containers-host
-2da78aeecadc: Mounted from noirolabs/aci-containers-host
-42b7273578ef: Mounted from noirolabs/aci-containers-host
-a9d0958592a7: Mounted from noirolabs/aci-containers-host
-3d6d0b739952: Mounted from noirolabs/aci-containers-host
-f290238eb703: Mounted from noirolabs/aci-containers-host
-d702866f0fc1: Mounted from noirolabs/aci-containers-host
-3a304f8979ba: Mounted from noirolabs/aci-containers-host
-0476db1990d3: Mounted from noirolabs/aci-containers-host
-522295eb93f1: Mounted from noirolabs/aci-containers-host
+289c21f58abf: Mounted from noirolabs/aci-containers-host
+1a0de2e1b810: Mounted from noirolabs/aci-containers-host
+4b4f6b00eb0e: Mounted from noirolabs/aci-containers-host
+1a6b532927e3: Mounted from noirolabs/aci-containers-host
+59b2cab698bb: Mounted from noirolabs/aci-containers-host
+3232e4fd59c7: Mounted from noirolabs/aci-containers-host
+9dd8f0f32b87: Mounted from noirolabs/aci-containers-host
+b0ced1c33e7b: Mounted from noirolabs/aci-containers-host
+d6162b934532: Mounted from noirolabs/aci-containers-host
+c3602053dd39: Mounted from noirolabs/aci-containers-host
+f194fe716c17: Mounted from noirolabs/aci-containers-host
+05ef093b07db: Mounted from noirolabs/aci-containers-host
+311869c18c4f: Mounted from noirolabs/aci-containers-host
 c0c2749c4e74: Layer already exists
-fa3cb8602155: Mounted from noirolabs/aci-containers-host
-d17c027642cf: Mounted from noirolabs/aci-containers-host
-b2d97c107ae0: Mounted from noirolabs/aci-containers-host
-5b0ef3e8fab7: Mounted from noirolabs/aci-containers-host
-6.0.4.4.81c2369.110624.10022: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+4cc6ad87c468: Mounted from noirolabs/aci-containers-host
+ff4052768446: Mounted from noirolabs/aci-containers-host
+6.0.4.4.81c2369.111124.10031: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-3d6d0b739952: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
-f290238eb703: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-2da78aeecadc: Layer already exists
-c6ce05a09977: Layer already exists
-42b7273578ef: Layer already exists
-a9d0958592a7: Layer already exists
-61c957cf6e41: Layer already exists
-d702866f0fc1: Layer already exists
-3d6d0b739952: Layer already exists
-3a304f8979ba: Layer already exists
-f290238eb703: Layer already exists
-522295eb93f1: Layer already exists
-0476db1990d3: Layer already exists
+1a0de2e1b810: Layer already exists
+59b2cab698bb: Layer already exists
+289c21f58abf: Layer already exists
+b0ced1c33e7b: Layer already exists
+d6162b934532: Layer already exists
+3232e4fd59c7: Layer already exists
+9dd8f0f32b87: Layer already exists
+c3602053dd39: Layer already exists
+f194fe716c17: Layer already exists
+ff4052768446: Layer already exists
+311869c18c4f: Layer already exists
+4cc6ad87c468: Layer already exists
 c0c2749c4e74: Layer already exists
-fa3cb8602155: Layer already exists
-d17c027642cf: Layer already exists
-5b0ef3e8fab7: Layer already exists
-b2d97c107ae0: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+1a6b532927e3: Layer already exists
+05ef093b07db: Layer already exists
+4b4f6b00eb0e: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -13911,103 +13913,103 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-c6ce05a09977: Pushed
-a9d0958592a7: Pushed
-2da78aeecadc: Pushed
-61c957cf6e41: Pushed
-3d6d0b739952: Pushed
-f290238eb703: Pushed
-3a304f8979ba: Pushed
-d702866f0fc1: Pushed
-0476db1990d3: Pushed
-42b7273578ef: Pushed
-5b0ef3e8fab7: Pushed
-fa3cb8602155: Pushed
+289c21f58abf: Pushed
+4b4f6b00eb0e: Pushed
+1a6b532927e3: Pushed
+59b2cab698bb: Pushed
+d6162b934532: Pushed
+9dd8f0f32b87: Pushed
+3232e4fd59c7: Pushed
+b0ced1c33e7b: Pushed
+c3602053dd39: Pushed
+1a0de2e1b810: Pushed
+311869c18c4f: Pushed
+05ef093b07db: Pushed
 c0c2749c4e74: Layer already exists
-522295eb93f1: Pushed
-d17c027642cf: Pushed
-b2d97c107ae0: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+ff4052768446: Pushed
+f194fe716c17: Pushed
+4cc6ad87c468: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 +docker tag quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369 docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/aci-containers-host]
-42b7273578ef: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+1a0de2e1b810: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+b0ced1c33e7b: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-a9d0958592a7: Layer already exists
-2da78aeecadc: Layer already exists
-61c957cf6e41: Layer already exists
-42b7273578ef: Layer already exists
-c6ce05a09977: Layer already exists
-3d6d0b739952: Layer already exists
-3a304f8979ba: Layer already exists
-f290238eb703: Layer already exists
-d702866f0fc1: Layer already exists
-0476db1990d3: Layer already exists
-d17c027642cf: Layer already exists
-fa3cb8602155: Layer already exists
-5b0ef3e8fab7: Layer already exists
-b2d97c107ae0: Layer already exists
-522295eb93f1: Layer already exists
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+1a0de2e1b810: Layer already exists
+289c21f58abf: Layer already exists
+1a6b532927e3: Layer already exists
+4b4f6b00eb0e: Layer already exists
+59b2cab698bb: Layer already exists
+d6162b934532: Layer already exists
+b0ced1c33e7b: Layer already exists
+3232e4fd59c7: Layer already exists
+9dd8f0f32b87: Layer already exists
+c3602053dd39: Layer already exists
+f194fe716c17: Layer already exists
+05ef093b07db: Layer already exists
+311869c18c4f: Layer already exists
+ff4052768446: Layer already exists
+4cc6ad87c468: Layer already exists
 c0c2749c4e74: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290 size: 3672
+6.0.4.4.81c2369.z: digest: sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582 size: 3672
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-host 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a registry.access.redhat.com/ubi9/ubi:9.3
++IMAGE_SHA=sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-host 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -14015,9 +14017,9 @@ c0c2749c4e74: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -14035,8 +14037,8 @@ c0c2749c4e74: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=aci-containers-host
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -14059,40 +14061,80 @@ From https://github.com/noironetworks/cicd-status
  * branch              main       -> FETCH_HEAD
 Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-host
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100  766k  100  766k    0     0  3875k      0 --:--:-- --:--:-- --:--:-- 3892k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  0  766k    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100  766k  100  766k    0     0  3614k      0 --:--:-- --:--:-- --:--:-- 3600k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
-Untagged: noiro/aci-containers-host:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac
+Untagged: noiro/aci-containers-host:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/aci-containers-host:6.0.4.4.81c2369.z
-Untagged: noiro/aci-containers-host@sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290
-Untagged: quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/aci-containers-host@sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582
+Untagged: quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/aci-containers-host@sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290
+Untagged: quay.io/noiro/aci-containers-host@sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582
 Untagged: quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/aci-containers-host:6.0.4.4.81c2369.z
-Untagged: quay.io/noirolabs/aci-containers-host@sha256:a79436ddc691ccd8c67793e44296cf079446c1e9be0611e26a2ff4adc963d290
-Deleted: sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
-+python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-host 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
+Untagged: quay.io/noirolabs/aci-containers-host@sha256:1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582
+Deleted: sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac
++python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-host 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
-2024-11-06T09:43:25.629Z	[34mINFO[0m	Need to update DB
-2024-11-06T09:43:25.629Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
-2024-11-06T09:43:25.629Z	[34mINFO[0m	Downloading DB...
-2024-11-06T09:43:25.766Z	[31mFATAL[0m	init error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:
-	* GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 731.796µs, allowed: 44000/minute
+2024-11-11T09:53:28.120Z	[34mINFO[0m	Need to update DB
+2024-11-11T09:53:28.120Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
+2024-11-11T09:53:28.120Z	[34mINFO[0m	Downloading DB...
+24.74 MiB / 55.36 MiB [------------------>______________________] 44.69% ? p/s ?55.36 MiB / 55.36 MiB [--------------------------------------->] 100.00% ? p/s ?55.36 MiB / 55.36 MiB [--------------------------------------->] 100.00% ? p/s ?55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 51.00 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 51.00 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 51.00 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 47.71 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 47.71 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 47.71 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-------------------------->] 100.00% 44.63 MiB p/s ETA 0s55.36 MiB / 55.36 MiB [-----------------------------] 100.00% 27.92 MiB p/s 2.2s2024-11-11T09:53:30.540Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T09:53:30.540Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T09:53:30.540Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T09:53:30.540Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T09:53:52.863Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T09:53:52.863Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T09:53:53.172Z	[34mINFO[0m	Number of language-specific files: 3
+2024-11-11T09:53:53.172Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
++git_add_commit_push
++cd /tmp/cicd-status
++git config --local user.email test@cisco.com
++git config --local user.name travis-tagger
++git stash
+Saved working directory and index state WIP on main: c2492f08 6.1.2.1.z-aci-containers-host-ovscni-10028-2024-11-08_11:39:01
++git pull --rebase origin main
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
++git stash pop
+On branch main
+Your branch is up to date with 'origin/main'.
 
+Changes not staged for commit:
+  (use "git add <file>..." to update what will be committed)
+  (use "git restore <file>..." to discard changes in working directory)
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-cve.txt
+	modified:   docs/release_artifacts/releases.yaml
 
+no changes added to commit (use "git add" and/or "git commit -a")
+Dropped refs/stash@{0} (8becf8996e68750de34c61a3cd926950fced841b)
++git add .
++[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
+++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
++DOCKER_REPO_DIGEST_SHA=1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582
+++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/aci-containers-host:6.0.4.4.81c2369.z
++QUAY_REPO_DIGEST_SHA=1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582
+++date +%F_%H:%M:%S
++git commit -a -m 6.0.4.4.z-aci-containers-host-10031-2024-11-11_09:53:53 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:cd7e95c488fe2954b582d11ee3183c55e7fce76ca93d122b0df71d07d31f3eac' -m 'DockerSha: 1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582' -m 'QuaySha: 1caeda29299e552cabd8d35f7e26017079d5fe356125c48e7734a16f3a6d8582'
+[main fa885546] 6.0.4.4.z-aci-containers-host-10031-2024-11-11_09:53:53
+ 3 files changed, 6276 insertions(+), 5942 deletions(-)
++git push origin main
+To https://github.com/noironetworks/cicd-status.git
+   c2492f08..fa885546  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ aci-containers-controller != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-controller 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-controller 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -14100,9 +14142,9 @@ Deleted: sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -14117,12 +14159,12 @@ Deleted: sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=aci-containers-controller
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
-+curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 +sh -s -- -b /tmp
++curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 [info] checking github for the current release tag 
 [info] fetching release script for tag='v0.84.0' 
 [info] checking github for the current release tag 
@@ -14134,1087 +14176,1087 @@ Deleted: sha256:86a33d83c0fb2a80118606cce14cf13f1d9b67efa665968f032083bc7de8f01a
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:43:31--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+--2024-11-11 09:53:59--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
 Resolving github.com (github.com)... 140.82.112.4
 Connecting to github.com (github.com)|140.82.112.4|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.110.133, ...
-Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
+Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.1’
 
-     0K .......... .......... .......... .......... ..........  0% 3.69M 14s
-    50K .......... .......... .......... .......... ..........  0% 3.73M 14s
-   100K .......... .......... .......... .......... ..........  0% 13.6M 11s
-   150K .......... .......... .......... .......... ..........  0% 16.6M 9s
-   200K .......... .......... .......... .......... ..........  0% 6.91M 8s
-   250K .......... .......... .......... .......... ..........  0% 37.9M 7s
-   300K .......... .......... .......... .......... ..........  0% 21.3M 7s
-   350K .......... .......... .......... .......... ..........  0% 26.9M 6s
-   400K .......... .......... .......... .......... ..........  0% 50.5M 5s
-   450K .......... .......... .......... .......... ..........  0% 7.02M 6s
-   500K .......... .......... .......... .......... ..........  1% 71.2M 5s
-   550K .......... .......... .......... .......... ..........  1% 51.0M 5s
-   600K .......... .......... .......... .......... ..........  1% 47.8M 5s
-   650K .......... .......... .......... .......... ..........  1% 42.9M 4s
-   700K .......... .......... .......... .......... ..........  1% 77.7M 4s
-   750K .......... .......... .......... .......... ..........  1% 42.1M 4s
-   800K .......... .......... .......... .......... ..........  1%  177M 4s
-   850K .......... .......... .......... .......... ..........  1% 71.5M 3s
-   900K .......... .......... .......... .......... ..........  1% 7.74M 4s
-   950K .......... .......... .......... .......... ..........  1%  102M 3s
-  1000K .......... .......... .......... .......... ..........  1%  212M 3s
-  1050K .......... .......... .......... .......... ..........  2% 43.8M 3s
-  1100K .......... .......... .......... .......... ..........  2%  216M 3s
-  1150K .......... .......... .......... .......... ..........  2% 71.0M 3s
-  1200K .......... .......... .......... .......... ..........  2%  185M 3s
-  1250K .......... .......... .......... .......... ..........  2% 37.5M 3s
-  1300K .......... .......... .......... .......... ..........  2% 95.3M 3s
-  1350K .......... .......... .......... .......... ..........  2%  252M 3s
-  1400K .......... .......... .......... .......... ..........  2% 18.4M 3s
-  1450K .......... .......... .......... .......... ..........  2% 50.8M 3s
-  1500K .......... .......... .......... .......... ..........  2%  118M 3s
-  1550K .......... .......... .......... .......... ..........  2%  263M 2s
-  1600K .......... .......... .......... .......... ..........  3%  251M 2s
-  1650K .......... .......... .......... .......... ..........  3% 22.1M 2s
-  1700K .......... .......... .......... .......... ..........  3% 38.3M 2s
-  1750K .......... .......... .......... .......... ..........  3% 41.2M 2s
-  1800K .......... .......... .......... .......... ..........  3% 99.2M 2s
-  1850K .......... .......... .......... .......... ..........  3% 54.9M 2s
-  1900K .......... .......... .......... .......... ..........  3% 21.3M 2s
-  1950K .......... .......... .......... .......... ..........  3% 22.8M 2s
-  2000K .......... .......... .......... .......... ..........  3% 41.7M 2s
-  2050K .......... .......... .......... .......... ..........  3% 61.6M 2s
-  2100K .......... .......... .......... .......... ..........  4%  195M 2s
-  2150K .......... .......... .......... .......... ..........  4%  122M 2s
-  2200K .......... .......... .......... .......... ..........  4%  162M 2s
-  2250K .......... .......... .......... .......... ..........  4%  199M 2s
-  2300K .......... .......... .......... .......... ..........  4%  212M 2s
-  2350K .......... .......... .......... .......... ..........  4%  252M 2s
-  2400K .......... .......... .......... .......... ..........  4% 48.3M 2s
-  2450K .......... .......... .......... .......... ..........  4% 40.8M 2s
-  2500K .......... .......... .......... .......... ..........  4% 36.5M 2s
-  2550K .......... .......... .......... .......... ..........  4% 52.8M 2s
-  2600K .......... .......... .......... .......... ..........  4%  228M 2s
-  2650K .......... .......... .......... .......... ..........  5%  207M 2s
-  2700K .......... .......... .......... .......... ..........  5% 21.0M 2s
-  2750K .......... .......... .......... .......... ..........  5% 63.4M 2s
-  2800K .......... .......... .......... .......... ..........  5% 47.8M 2s
-  2850K .......... .......... .......... .......... ..........  5%  106M 2s
-  2900K .......... .......... .......... .......... ..........  5%  171M 2s
-  2950K .......... .......... .......... .......... ..........  5%  176M 2s
-  3000K .......... .......... .......... .......... ..........  5% 49.3M 2s
-  3050K .......... .......... .......... .......... ..........  5%  129M 2s
-  3100K .......... .......... .......... .......... ..........  5%  173M 2s
-  3150K .......... .......... .......... .......... ..........  5% 25.4M 2s
-  3200K .......... .......... .......... .......... ..........  6% 63.3M 2s
-  3250K .......... .......... .......... .......... ..........  6% 40.1M 2s
-  3300K .......... .......... .......... .......... ..........  6% 42.2M 2s
-  3350K .......... .......... .......... .......... ..........  6%  234M 2s
-  3400K .......... .......... .......... .......... ..........  6% 45.0M 2s
-  3450K .......... .......... .......... .......... ..........  6%  220M 2s
-  3500K .......... .......... .......... .......... ..........  6% 50.1M 2s
-  3550K .......... .......... .......... .......... ..........  6%  124M 2s
-  3600K .......... .......... .......... .......... ..........  6%  250M 1s
-  3650K .......... .......... .......... .......... ..........  6%  243M 1s
-  3700K .......... .......... .......... .......... ..........  7%  182M 1s
-  3750K .......... .......... .......... .......... ..........  7%  219M 1s
-  3800K .......... .......... .......... .......... ..........  7%  260M 1s
-  3850K .......... .......... .......... .......... ..........  7%  261M 1s
-  3900K .......... .......... .......... .......... ..........  7% 13.4M 1s
-  3950K .......... .......... .......... .......... ..........  7%  248M 1s
-  4000K .......... .......... .......... .......... ..........  7% 63.7M 1s
-  4050K .......... .......... .......... .......... ..........  7%  242M 1s
-  4100K .......... .......... .......... .......... ..........  7%  230M 1s
-  4150K .......... .......... .......... .......... ..........  7% 34.6M 1s
-  4200K .......... .......... .......... .......... ..........  7% 53.2M 1s
-  4250K .......... .......... .......... .......... ..........  8% 55.0M 1s
-  4300K .......... .......... .......... .......... ..........  8% 57.2M 1s
-  4350K .......... .......... .......... .......... ..........  8%  171M 1s
-  4400K .......... .......... .......... .......... ..........  8%  251M 1s
-  4450K .......... .......... .......... .......... ..........  8%  245M 1s
-  4500K .......... .......... .......... .......... ..........  8%  201M 1s
-  4550K .......... .......... .......... .......... ..........  8%  163M 1s
-  4600K .......... .......... .......... .......... ..........  8%  224M 1s
-  4650K .......... .......... .......... .......... ..........  8% 16.1M 1s
-  4700K .......... .......... .......... .......... ..........  8% 39.3M 1s
-  4750K .......... .......... .......... .......... ..........  8% 50.6M 1s
-  4800K .......... .......... .......... .......... ..........  9% 59.0M 1s
-  4850K .......... .......... .......... .......... ..........  9%  178M 1s
-  4900K .......... .......... .......... .......... ..........  9%  228M 1s
-  4950K .......... .......... .......... .......... ..........  9% 29.1M 1s
-  5000K .......... .......... .......... .......... ..........  9% 53.3M 1s
-  5050K .......... .......... .......... .......... ..........  9% 59.8M 1s
-  5100K .......... .......... .......... .......... ..........  9% 61.4M 1s
-  5150K .......... .......... .......... .......... ..........  9%  249M 1s
-  5200K .......... .......... .......... .......... ..........  9%  246M 1s
-  5250K .......... .......... .......... .......... ..........  9%  233M 1s
-  5300K .......... .......... .......... .......... .......... 10%  194M 1s
-  5350K .......... .......... .......... .......... .......... 10% 29.8M 1s
-  5400K .......... .......... .......... .......... .......... 10% 39.6M 1s
-  5450K .......... .......... .......... .......... .......... 10% 46.8M 1s
-  5500K .......... .......... .......... .......... .......... 10% 50.2M 1s
-  5550K .......... .......... .......... .......... .......... 10% 52.2M 1s
-  5600K .......... .......... .......... .......... .......... 10%  132M 1s
-  5650K .......... .......... .......... .......... .......... 10%  253M 1s
-  5700K .......... .......... .......... .......... .......... 10%  226M 1s
-  5750K .......... .......... .......... .......... .......... 10%  255M 1s
-  5800K .......... .......... .......... .......... .......... 10%  238M 1s
-  5850K .......... .......... .......... .......... .......... 11% 40.3M 1s
-  5900K .......... .......... .......... .......... .......... 11% 26.9M 1s
-  5950K .......... .......... .......... .......... .......... 11% 74.8M 1s
-  6000K .......... .......... .......... .......... .......... 11% 37.2M 1s
-  6050K .......... .......... .......... .......... .......... 11% 45.1M 1s
-  6100K .......... .......... .......... .......... .......... 11% 53.1M 1s
-  6150K .......... .......... .......... .......... .......... 11% 89.2M 1s
-  6200K .......... .......... .......... .......... .......... 11%  185M 1s
-  6250K .......... .......... .......... .......... .......... 11%  127M 1s
-  6300K .......... .......... .......... .......... .......... 11% 31.7M 1s
-  6350K .......... .......... .......... .......... .......... 11%  169M 1s
-  6400K .......... .......... .......... .......... .......... 12%  233M 1s
-  6450K .......... .......... .......... .......... .......... 12%  233M 1s
-  6500K .......... .......... .......... .......... .......... 12%  231M 1s
-  6550K .......... .......... .......... .......... .......... 12%  249M 1s
-  6600K .......... .......... .......... .......... .......... 12% 19.8M 1s
-  6650K .......... .......... .......... .......... .......... 12% 58.3M 1s
-  6700K .......... .......... .......... .......... .......... 12%  149M 1s
-  6750K .......... .......... .......... .......... .......... 12% 49.8M 1s
-  6800K .......... .......... .......... .......... .......... 12%  226M 1s
-  6850K .......... .......... .......... .......... .......... 12%  249M 1s
-  6900K .......... .......... .......... .......... .......... 13% 32.7M 1s
-  6950K .......... .......... .......... .......... .......... 13% 48.3M 1s
-  7000K .......... .......... .......... .......... .......... 13% 60.9M 1s
-  7050K .......... .......... .......... .......... .......... 13%  218M 1s
-  7100K .......... .......... .......... .......... .......... 13%  215M 1s
-  7150K .......... .......... .......... .......... .......... 13%  230M 1s
-  7200K .......... .......... .......... .......... .......... 13% 69.6M 1s
-  7250K .......... .......... .......... .......... .......... 13%  222M 1s
-  7300K .......... .......... .......... .......... .......... 13% 31.5M 1s
-  7350K .......... .......... .......... .......... .......... 13% 50.2M 1s
-  7400K .......... .......... .......... .......... .......... 13% 72.6M 1s
-  7450K .......... .......... .......... .......... .......... 14% 50.4M 1s
-  7500K .......... .......... .......... .......... .......... 14% 77.7M 1s
-  7550K .......... .......... .......... .......... .......... 14%  253M 1s
-  7600K .......... .......... .......... .......... .......... 14%  229M 1s
-  7650K .......... .......... .......... .......... .......... 14%  238M 1s
-  7700K .......... .......... .......... .......... .......... 14%  230M 1s
-  7750K .......... .......... .......... .......... .......... 14%  226M 1s
-  7800K .......... .......... .......... .......... .......... 14%  257M 1s
-  7850K .......... .......... .......... .......... .......... 14%  251M 1s
-  7900K .......... .......... .......... .......... .......... 14%  158M 1s
-  7950K .......... .......... .......... .......... .......... 14% 20.1M 1s
-  8000K .......... .......... .......... .......... .......... 15% 27.9M 1s
-  8050K .......... .......... .......... .......... .......... 15% 45.2M 1s
-  8100K .......... .......... .......... .......... .......... 15% 42.8M 1s
-  8150K .......... .......... .......... .......... .......... 15%  229M 1s
-  8200K .......... .......... .......... .......... .......... 15% 31.9M 1s
-  8250K .......... .......... .......... .......... .......... 15% 51.2M 1s
-  8300K .......... .......... .......... .......... .......... 15% 64.0M 1s
-  8350K .......... .......... .......... .......... .......... 15%  250M 1s
-  8400K .......... .......... .......... .......... .......... 15%  256M 1s
-  8450K .......... .......... .......... .......... .......... 15%  251M 1s
-  8500K .......... .......... .......... .......... .......... 16%  206M 1s
-  8550K .......... .......... .......... .......... .......... 16% 21.6M 1s
-  8600K .......... .......... .......... .......... .......... 16%  247M 1s
-  8650K .......... .......... .......... .......... .......... 16%  254M 1s
-  8700K .......... .......... .......... .......... .......... 16% 27.5M 1s
-  8750K .......... .......... .......... .......... .......... 16% 50.2M 1s
-  8800K .......... .......... .......... .......... .......... 16% 42.0M 1s
-  8850K .......... .......... .......... .......... .......... 16%  167M 1s
-  8900K .......... .......... .......... .......... .......... 16%  206M 1s
-  8950K .......... .......... .......... .......... .......... 16%  247M 1s
-  9000K .......... .......... .......... .......... .......... 16%  251M 1s
-  9050K .......... .......... .......... .......... .......... 17%  258M 1s
-  9100K .......... .......... .......... .......... .......... 17%  213M 1s
-  9150K .......... .......... .......... .......... .......... 17% 59.2M 1s
-  9200K .......... .......... .......... .......... .......... 17%  221M 1s
-  9250K .......... .......... .......... .......... .......... 17% 20.4M 1s
-  9300K .......... .......... .......... .......... .......... 17% 55.6M 1s
-  9350K .......... .......... .......... .......... .......... 17% 53.2M 1s
-  9400K .......... .......... .......... .......... .......... 17% 67.7M 1s
-  9450K .......... .......... .......... .......... .......... 17% 63.3M 1s
-  9500K .......... .......... .......... .......... .......... 17% 54.8M 1s
-  9550K .......... .......... .......... .......... .......... 17%  230M 1s
-  9600K .......... .......... .......... .......... .......... 18%  224M 1s
-  9650K .......... .......... .......... .......... .......... 18% 46.1M 1s
-  9700K .......... .......... .......... .......... .......... 18%  118M 1s
-  9750K .......... .......... .......... .......... .......... 18%  249M 1s
-  9800K .......... .......... .......... .......... .......... 18%  259M 1s
-  9850K .......... .......... .......... .......... .......... 18%  244M 1s
-  9900K .......... .......... .......... .......... .......... 18% 19.1M 1s
-  9950K .......... .......... .......... .......... .......... 18% 44.8M 1s
- 10000K .......... .......... .......... .......... .......... 18% 84.6M 1s
- 10050K .......... .......... .......... .......... .......... 18%  253M 1s
- 10100K .......... .......... .......... .......... .......... 19% 48.9M 1s
- 10150K .......... .......... .......... .......... .......... 19%  111M 1s
- 10200K .......... .......... .......... .......... .......... 19%  206M 1s
- 10250K .......... .......... .......... .......... .......... 19%  185M 1s
- 10300K .......... .......... .......... .......... .......... 19%  216M 1s
- 10350K .......... .......... .......... .......... .......... 19%  232M 1s
- 10400K .......... .......... .......... .......... .......... 19%  249M 1s
- 10450K .......... .......... .......... .......... .......... 19% 16.6M 1s
- 10500K .......... .......... .......... .......... .......... 19% 56.8M 1s
- 10550K .......... .......... .......... .......... .......... 19%  232M 1s
- 10600K .......... .......... .......... .......... .......... 19% 73.7M 1s
- 10650K .......... .......... .......... .......... .......... 20%  132M 1s
- 10700K .......... .......... .......... .......... .......... 20% 22.6M 1s
- 10750K .......... .......... .......... .......... .......... 20% 48.9M 1s
- 10800K .......... .......... .......... .......... .......... 20% 93.5M 1s
- 10850K .......... .......... .......... .......... .......... 20%  220M 1s
- 10900K .......... .......... .......... .......... .......... 20%  206M 1s
- 10950K .......... .......... .......... .......... .......... 20%  243M 1s
- 11000K .......... .......... .......... .......... .......... 20%  253M 1s
- 11050K .......... .......... .......... .......... .......... 20%  230M 1s
- 11100K .......... .......... .......... .......... .......... 20%  197M 1s
- 11150K .......... .......... .......... .......... .......... 20%  152M 1s
- 11200K .......... .......... .......... .......... .......... 21%  209M 1s
- 11250K .......... .......... .......... .......... .......... 21% 15.5M 1s
- 11300K .......... .......... .......... .......... .......... 21% 29.7M 1s
- 11350K .......... .......... .......... .......... .......... 21% 52.0M 1s
- 11400K .......... .......... .......... .......... .......... 21% 71.7M 1s
- 11450K .......... .......... .......... .......... .......... 21%  222M 1s
- 11500K .......... .......... .......... .......... .......... 21% 41.0M 1s
- 11550K .......... .......... .......... .......... .......... 21%  201M 1s
- 11600K .......... .......... .......... .......... .......... 21%  226M 1s
- 11650K .......... .......... .......... .......... .......... 21%  232M 1s
- 11700K .......... .......... .......... .......... .......... 22%  222M 1s
- 11750K .......... .......... .......... .......... .......... 22%  246M 1s
- 11800K .......... .......... .......... .......... .......... 22%  250M 1s
- 11850K .......... .......... .......... .......... .......... 22%  240M 1s
- 11900K .......... .......... .......... .......... .......... 22% 77.3M 1s
- 11950K .......... .......... .......... .......... .......... 22% 48.4M 1s
- 12000K .......... .......... .......... .......... .......... 22% 44.2M 1s
- 12050K .......... .......... .......... .......... .......... 22% 50.3M 1s
- 12100K .......... .......... .......... .......... .......... 22%  189M 1s
- 12150K .......... .......... .......... .......... .......... 22% 27.0M 1s
- 12200K .......... .......... .......... .......... .......... 22% 65.0M 1s
- 12250K .......... .......... .......... .......... .......... 23% 57.4M 1s
- 12300K .......... .......... .......... .......... .......... 23%  192M 1s
- 12350K .......... .......... .......... .......... .......... 23%  219M 1s
- 12400K .......... .......... .......... .......... .......... 23%  254M 1s
- 12450K .......... .......... .......... .......... .......... 23% 22.0M 1s
- 12500K .......... .......... .......... .......... .......... 23%  119M 1s
- 12550K .......... .......... .......... .......... .......... 23% 42.6M 1s
- 12600K .......... .......... .......... .......... .......... 23% 51.9M 1s
- 12650K .......... .......... .......... .......... .......... 23%  234M 1s
- 12700K .......... .......... .......... .......... .......... 23%  124M 1s
- 12750K .......... .......... .......... .......... .......... 23% 49.4M 1s
- 12800K .......... .......... .......... .......... .......... 24% 88.3M 1s
- 12850K .......... .......... .......... .......... .......... 24%  187M 1s
- 12900K .......... .......... .......... .......... .......... 24%  220M 1s
- 12950K .......... .......... .......... .......... .......... 24%  256M 1s
- 13000K .......... .......... .......... .......... .......... 24%  251M 1s
- 13050K .......... .......... .......... .......... .......... 24%  252M 1s
- 13100K .......... .......... .......... .......... .......... 24%  167M 1s
- 13150K .......... .......... .......... .......... .......... 24%  251M 1s
- 13200K .......... .......... .......... .......... .......... 24%  258M 1s
- 13250K .......... .......... .......... .......... .......... 24%  242M 1s
- 13300K .......... .......... .......... .......... .......... 24%  189M 1s
- 13350K .......... .......... .......... .......... .......... 25%  203M 1s
- 13400K .......... .......... .......... .......... .......... 25%  252M 1s
- 13450K .......... .......... .......... .......... .......... 25%  260M 1s
- 13500K .......... .......... .......... .......... .......... 25%  218M 1s
- 13550K .......... .......... .......... .......... .......... 25%  245M 1s
- 13600K .......... .......... .......... .......... .......... 25% 19.6M 1s
- 13650K .......... .......... .......... .......... .......... 25%  157M 1s
- 13700K .......... .......... .......... .......... .......... 25%  205M 1s
- 13750K .......... .......... .......... .......... .......... 25%  253M 1s
- 13800K .......... .......... .......... .......... .......... 25%  257M 1s
- 13850K .......... .......... .......... .......... .......... 26%  258M 1s
- 13900K .......... .......... .......... .......... .......... 26%  188M 1s
- 13950K .......... .......... .......... .......... .......... 26% 40.8M 1s
- 14000K .......... .......... .......... .......... .......... 26%  215M 1s
- 14050K .......... .......... .......... .......... .......... 26%  254M 1s
- 14100K .......... .......... .......... .......... .......... 26%  230M 1s
- 14150K .......... .......... .......... .......... .......... 26%  261M 1s
- 14200K .......... .......... .......... .......... .......... 26%  222M 1s
- 14250K .......... .......... .......... .......... .......... 26%  212M 1s
- 14300K .......... .......... .......... .......... .......... 26%  142M 1s
- 14350K .......... .......... .......... .......... .......... 26%  253M 1s
- 14400K .......... .......... .......... .......... .......... 27% 43.8M 1s
- 14450K .......... .......... .......... .......... .......... 27%  192M 1s
- 14500K .......... .......... .......... .......... .......... 27%  195M 1s
- 14550K .......... .......... .......... .......... .......... 27%  255M 1s
- 14600K .......... .......... .......... .......... .......... 27%  257M 1s
- 14650K .......... .......... .......... .......... .......... 27%  122M 1s
- 14700K .......... .......... .......... .......... .......... 27%  209M 1s
- 14750K .......... .......... .......... .......... .......... 27%  232M 1s
- 14800K .......... .......... .......... .......... .......... 27%  247M 1s
- 14850K .......... .......... .......... .......... .......... 27% 37.4M 1s
- 14900K .......... .......... .......... .......... .......... 27% 33.5M 1s
- 14950K .......... .......... .......... .......... .......... 28%  242M 1s
- 15000K .......... .......... .......... .......... .......... 28%  219M 1s
- 15050K .......... .......... .......... .......... .......... 28%  226M 1s
- 15100K .......... .......... .......... .......... .......... 28%  215M 1s
- 15150K .......... .......... .......... .......... .......... 28%  263M 1s
- 15200K .......... .......... .......... .......... .......... 28%  243M 1s
- 15250K .......... .......... .......... .......... .......... 28% 35.4M 1s
- 15300K .......... .......... .......... .......... .......... 28%  178M 1s
- 15350K .......... .......... .......... .......... .......... 28%  253M 1s
- 15400K .......... .......... .......... .......... .......... 28% 41.5M 1s
- 15450K .......... .......... .......... .......... .......... 29%  234M 1s
- 15500K .......... .......... .......... .......... .......... 29%  217M 1s
- 15550K .......... .......... .......... .......... .......... 29%  214M 1s
- 15600K .......... .......... .......... .......... .......... 29%  261M 1s
- 15650K .......... .......... .......... .......... .......... 29%  155M 1s
- 15700K .......... .......... .......... .......... .......... 29% 25.1M 1s
- 15750K .......... .......... .......... .......... .......... 29%  133M 1s
- 15800K .......... .......... .......... .......... .......... 29%  161M 1s
- 15850K .......... .......... .......... .......... .......... 29%  245M 1s
- 15900K .......... .......... .......... .......... .......... 29% 24.1M 1s
- 15950K .......... .......... .......... .......... .......... 29%  230M 1s
- 16000K .......... .......... .......... .......... .......... 30%  256M 1s
- 16050K .......... .......... .......... .......... .......... 30%  227M 1s
- 16100K .......... .......... .......... .......... .......... 30%  206M 1s
- 16150K .......... .......... .......... .......... .......... 30%  195M 1s
- 16200K .......... .......... .......... .......... .......... 30%  229M 1s
- 16250K .......... .......... .......... .......... .......... 30% 29.5M 1s
- 16300K .......... .......... .......... .......... .......... 30%  189M 1s
- 16350K .......... .......... .......... .......... .......... 30%  232M 1s
- 16400K .......... .......... .......... .......... .......... 30%  254M 1s
- 16450K .......... .......... .......... .......... .......... 30%  262M 1s
- 16500K .......... .......... .......... .......... .......... 30%  178M 1s
- 16550K .......... .......... .......... .......... .......... 31% 32.4M 1s
- 16600K .......... .......... .......... .......... .......... 31% 83.9M 1s
- 16650K .......... .......... .......... .......... .......... 31%  226M 1s
- 16700K .......... .......... .......... .......... .......... 31%  133M 1s
- 16750K .......... .......... .......... .......... .......... 31%  244M 1s
- 16800K .......... .......... .......... .......... .......... 31% 31.1M 1s
- 16850K .......... .......... .......... .......... .......... 31%  179M 1s
- 16900K .......... .......... .......... .......... .......... 31%  213M 1s
- 16950K .......... .......... .......... .......... .......... 31%  160M 1s
- 17000K .......... .......... .......... .......... .......... 31%  257M 1s
- 17050K .......... .......... .......... .......... .......... 32%  266M 1s
- 17100K .......... .......... .......... .......... .......... 32%  203M 1s
- 17150K .......... .......... .......... .......... .......... 32% 68.4M 1s
- 17200K .......... .......... .......... .......... .......... 32%  174M 1s
- 17250K .......... .......... .......... .......... .......... 32% 28.4M 1s
- 17300K .......... .......... .......... .......... .......... 32%  205M 1s
- 17350K .......... .......... .......... .......... .......... 32%  228M 1s
- 17400K .......... .......... .......... .......... .......... 32%  225M 1s
- 17450K .......... .......... .......... .......... .......... 32%  230M 1s
- 17500K .......... .......... .......... .......... .......... 32%  220M 1s
- 17550K .......... .......... .......... .......... .......... 32% 69.2M 1s
- 17600K .......... .......... .......... .......... .......... 33% 29.4M 1s
- 17650K .......... .......... .......... .......... .......... 33%  249M 1s
- 17700K .......... .......... .......... .......... .......... 33%  200M 1s
- 17750K .......... .......... .......... .......... .......... 33%  258M 1s
- 17800K .......... .......... .......... .......... .......... 33%  250M 1s
- 17850K .......... .......... .......... .......... .......... 33%  189M 1s
- 17900K .......... .......... .......... .......... .......... 33%  214M 1s
- 17950K .......... .......... .......... .......... .......... 33%  248M 1s
- 18000K .......... .......... .......... .......... .......... 33%  242M 1s
- 18050K .......... .......... .......... .......... .......... 33%  197M 1s
- 18100K .......... .......... .......... .......... .......... 33%  202M 1s
- 18150K .......... .......... .......... .......... .......... 34% 52.1M 1s
- 18200K .......... .......... .......... .......... .......... 34%  234M 1s
- 18250K .......... .......... .......... .......... .......... 34%  250M 1s
- 18300K .......... .......... .......... .......... .......... 34%  116M 1s
- 18350K .......... .......... .......... .......... .......... 34%  254M 1s
- 18400K .......... .......... .......... .......... .......... 34% 20.9M 1s
- 18450K .......... .......... .......... .......... .......... 34%  228M 1s
- 18500K .......... .......... .......... .......... .......... 34%  207M 1s
- 18550K .......... .......... .......... .......... .......... 34%  248M 1s
- 18600K .......... .......... .......... .......... .......... 34%  146M 1s
- 18650K .......... .......... .......... .......... .......... 35%  252M 1s
- 18700K .......... .......... .......... .......... .......... 35% 74.7M 1s
- 18750K .......... .......... .......... .......... .......... 35% 28.3M 1s
- 18800K .......... .......... .......... .......... .......... 35%  251M 1s
- 18850K .......... .......... .......... .......... .......... 35%  242M 1s
- 18900K .......... .......... .......... .......... .......... 35%  231M 1s
- 18950K .......... .......... .......... .......... .......... 35%  239M 1s
- 19000K .......... .......... .......... .......... .......... 35%  208M 1s
- 19050K .......... .......... .......... .......... .......... 35%  187M 1s
- 19100K .......... .......... .......... .......... .......... 35%  189M 1s
- 19150K .......... .......... .......... .......... .......... 35%  235M 1s
- 19200K .......... .......... .......... .......... .......... 36% 27.6M 1s
- 19250K .......... .......... .......... .......... .......... 36% 38.2M 1s
- 19300K .......... .......... .......... .......... .......... 36%  207M 1s
- 19350K .......... .......... .......... .......... .......... 36%  226M 1s
- 19400K .......... .......... .......... .......... .......... 36%  258M 1s
- 19450K .......... .......... .......... .......... .......... 36%  265M 1s
- 19500K .......... .......... .......... .......... .......... 36% 22.2M 1s
- 19550K .......... .......... .......... .......... .......... 36%  193M 1s
- 19600K .......... .......... .......... .......... .......... 36%  222M 1s
- 19650K .......... .......... .......... .......... .......... 36%  255M 1s
- 19700K .......... .......... .......... .......... .......... 36%  231M 1s
- 19750K .......... .......... .......... .......... .......... 37%  209M 1s
- 19800K .......... .......... .......... .......... .......... 37%  250M 1s
- 19850K .......... .......... .......... .......... .......... 37%  254M 1s
- 19900K .......... .......... .......... .......... .......... 37%  203M 1s
- 19950K .......... .......... .......... .......... .......... 37%  226M 1s
- 20000K .......... .......... .......... .......... .......... 37%  195M 0s
- 20050K .......... .......... .......... .......... .......... 37%  240M 0s
- 20100K .......... .......... .......... .......... .......... 37%  232M 0s
- 20150K .......... .......... .......... .......... .......... 37%  136M 0s
- 20200K .......... .......... .......... .......... .......... 37% 40.8M 0s
- 20250K .......... .......... .......... .......... .......... 38% 28.8M 0s
- 20300K .......... .......... .......... .......... .......... 38% 63.5M 0s
- 20350K .......... .......... .......... .......... .......... 38%  156M 0s
- 20400K .......... .......... .......... .......... .......... 38%  230M 0s
- 20450K .......... .......... .......... .......... .......... 38%  247M 0s
- 20500K .......... .......... .......... .......... .......... 38%  230M 0s
- 20550K .......... .......... .......... .......... .......... 38%  259M 0s
- 20600K .......... .......... .......... .......... .......... 38%  223M 0s
- 20650K .......... .......... .......... .......... .......... 38% 43.2M 0s
- 20700K .......... .......... .......... .......... .......... 38%  195M 0s
- 20750K .......... .......... .......... .......... .......... 38% 40.1M 0s
- 20800K .......... .......... .......... .......... .......... 39%  202M 0s
- 20850K .......... .......... .......... .......... .......... 39%  229M 0s
- 20900K .......... .......... .......... .......... .......... 39%  175M 0s
- 20950K .......... .......... .......... .......... .......... 39%  148M 0s
- 21000K .......... .......... .......... .......... .......... 39%  248M 0s
- 21050K .......... .......... .......... .......... .......... 39% 57.7M 0s
- 21100K .......... .......... .......... .......... .......... 39% 28.5M 0s
- 21150K .......... .......... .......... .......... .......... 39%  237M 0s
- 21200K .......... .......... .......... .......... .......... 39%  209M 0s
- 21250K .......... .......... .......... .......... .......... 39%  237M 0s
- 21300K .......... .......... .......... .......... .......... 39%  216M 0s
- 21350K .......... .......... .......... .......... .......... 40%  255M 0s
- 21400K .......... .......... .......... .......... .......... 40%  252M 0s
- 21450K .......... .......... .......... .......... .......... 40%  214M 0s
- 21500K .......... .......... .......... .......... .......... 40% 21.0M 0s
- 21550K .......... .......... .......... .......... .......... 40%  153M 0s
- 21600K .......... .......... .......... .......... .......... 40% 74.2M 0s
- 21650K .......... .......... .......... .......... .......... 40%  253M 0s
- 21700K .......... .......... .......... .......... .......... 40%  234M 0s
- 21750K .......... .......... .......... .......... .......... 40%  230M 0s
- 21800K .......... .......... .......... .......... .......... 40% 37.0M 0s
- 21850K .......... .......... .......... .......... .......... 41%  113M 0s
- 21900K .......... .......... .......... .......... .......... 41%  240M 0s
- 21950K .......... .......... .......... .......... .......... 41%  194M 0s
- 22000K .......... .......... .......... .......... .......... 41%  121M 0s
- 22050K .......... .......... .......... .......... .......... 41%  246M 0s
- 22100K .......... .......... .......... .......... .......... 41%  257M 0s
- 22150K .......... .......... .......... .......... .......... 41%  209M 0s
- 22200K .......... .......... .......... .......... .......... 41%  112M 0s
- 22250K .......... .......... .......... .......... .......... 41%  219M 0s
- 22300K .......... .......... .......... .......... .......... 41%  253M 0s
- 22350K .......... .......... .......... .......... .......... 41%  198M 0s
- 22400K .......... .......... .......... .......... .......... 42%  233M 0s
- 22450K .......... .......... .......... .......... .......... 42%  253M 0s
- 22500K .......... .......... .......... .......... .......... 42%  189M 0s
- 22550K .......... .......... .......... .......... .......... 42% 31.7M 0s
- 22600K .......... .......... .......... .......... .......... 42%  233M 0s
- 22650K .......... .......... .......... .......... .......... 42%  254M 0s
- 22700K .......... .......... .......... .......... .......... 42% 39.9M 0s
- 22750K .......... .......... .......... .......... .......... 42%  176M 0s
- 22800K .......... .......... .......... .......... .......... 42%  261M 0s
- 22850K .......... .......... .......... .......... .......... 42%  263M 0s
- 22900K .......... .......... .......... .......... .......... 42%  259M 0s
- 22950K .......... .......... .......... .......... .......... 43%  234M 0s
- 23000K .......... .......... .......... .......... .......... 43% 28.7M 0s
- 23050K .......... .......... .......... .......... .......... 43%  226M 0s
- 23100K .......... .......... .......... .......... .......... 43%  239M 0s
- 23150K .......... .......... .......... .......... .......... 43%  212M 0s
- 23200K .......... .......... .......... .......... .......... 43%  259M 0s
- 23250K .......... .......... .......... .......... .......... 43%  233M 0s
- 23300K .......... .......... .......... .......... .......... 43%  195M 0s
- 23350K .......... .......... .......... .......... .......... 43% 24.4M 0s
- 23400K .......... .......... .......... .......... .......... 43%  230M 0s
- 23450K .......... .......... .......... .......... .......... 44%  254M 0s
- 23500K .......... .......... .......... .......... .......... 44%  259M 0s
- 23550K .......... .......... .......... .......... .......... 44%  199M 0s
- 23600K .......... .......... .......... .......... .......... 44%  243M 0s
- 23650K .......... .......... .......... .......... .......... 44%  252M 0s
- 23700K .......... .......... .......... .......... .......... 44%  163M 0s
- 23750K .......... .......... .......... .......... .......... 44%  175M 0s
- 23800K .......... .......... .......... .......... .......... 44% 70.7M 0s
- 23850K .......... .......... .......... .......... .......... 44% 20.2M 0s
- 23900K .......... .......... .......... .......... .......... 44%  201M 0s
- 23950K .......... .......... .......... .......... .......... 44%  215M 0s
- 24000K .......... .......... .......... .......... .......... 45%  251M 0s
- 24050K .......... .......... .......... .......... .......... 45%  243M 0s
- 24100K .......... .......... .......... .......... .......... 45%  260M 0s
- 24150K .......... .......... .......... .......... .......... 45% 27.3M 0s
- 24200K .......... .......... .......... .......... .......... 45%  243M 0s
- 24250K .......... .......... .......... .......... .......... 45%  236M 0s
- 24300K .......... .......... .......... .......... .......... 45%  235M 0s
- 24350K .......... .......... .......... .......... .......... 45%  153M 0s
- 24400K .......... .......... .......... .......... .......... 45%  260M 0s
- 24450K .......... .......... .......... .......... .......... 45% 44.9M 0s
- 24500K .......... .......... .......... .......... .......... 45%  174M 0s
- 24550K .......... .......... .......... .......... .......... 46% 98.4M 0s
- 24600K .......... .......... .......... .......... .......... 46% 52.0M 0s
- 24650K .......... .......... .......... .......... .......... 46%  250M 0s
- 24700K .......... .......... .......... .......... .......... 46%  233M 0s
- 24750K .......... .......... .......... .......... .......... 46%  205M 0s
- 24800K .......... .......... .......... .......... .......... 46%  223M 0s
- 24850K .......... .......... .......... .......... .......... 46%  265M 0s
- 24900K .......... .......... .......... .......... .......... 46%  263M 0s
- 24950K .......... .......... .......... .......... .......... 46% 82.6M 0s
- 25000K .......... .......... .......... .......... .......... 46%  245M 0s
- 25050K .......... .......... .......... .......... .......... 47%  222M 0s
- 25100K .......... .......... .......... .......... .......... 47%  240M 0s
- 25150K .......... .......... .......... .......... .......... 47%  214M 0s
- 25200K .......... .......... .......... .......... .......... 47%  263M 0s
- 25250K .......... .......... .......... .......... .......... 47%  149M 0s
- 25300K .......... .......... .......... .......... .......... 47% 28.4M 0s
- 25350K .......... .......... .......... .......... .......... 47%  202M 0s
- 25400K .......... .......... .......... .......... .......... 47%  241M 0s
- 25450K .......... .......... .......... .......... .......... 47%  221M 0s
- 25500K .......... .......... .......... .......... .......... 47%  245M 0s
- 25550K .......... .......... .......... .......... .......... 47%  179M 0s
- 25600K .......... .......... .......... .......... .......... 48%  180M 0s
- 25650K .......... .......... .......... .......... .......... 48%  175M 0s
- 25700K .......... .......... .......... .......... .......... 48%  147M 0s
- 25750K .......... .......... .......... .......... .......... 48% 25.7M 0s
- 25800K .......... .......... .......... .......... .......... 48%  210M 0s
- 25850K .......... .......... .......... .......... .......... 48%  257M 0s
- 25900K .......... .......... .......... .......... .......... 48%  241M 0s
- 25950K .......... .......... .......... .......... .......... 48%  210M 0s
- 26000K .......... .......... .......... .......... .......... 48%  245M 0s
- 26050K .......... .......... .......... .......... .......... 48%  245M 0s
- 26100K .......... .......... .......... .......... .......... 48%  260M 0s
- 26150K .......... .......... .......... .......... .......... 49% 19.3M 0s
- 26200K .......... .......... .......... .......... .......... 49%  188M 0s
- 26250K .......... .......... .......... .......... .......... 49%  254M 0s
- 26300K .......... .......... .......... .......... .......... 49%  209M 0s
- 26350K .......... .......... .......... .......... .......... 49%  219M 0s
- 26400K .......... .......... .......... .......... .......... 49%  262M 0s
- 26450K .......... .......... .......... .......... .......... 49%  236M 0s
- 26500K .......... .......... .......... .......... .......... 49%  258M 0s
- 26550K .......... .......... .......... .......... .......... 49% 51.5M 0s
- 26600K .......... .......... .......... .......... .......... 49%  225M 0s
- 26650K .......... .......... .......... .......... .......... 49% 29.0M 0s
- 26700K .......... .......... .......... .......... .......... 50%  226M 0s
- 26750K .......... .......... .......... .......... .......... 50%  210M 0s
- 26800K .......... .......... .......... .......... .......... 50%  257M 0s
- 26850K .......... .......... .......... .......... .......... 50%  236M 0s
- 26900K .......... .......... .......... .......... .......... 50%  224M 0s
- 26950K .......... .......... .......... .......... .......... 50%  122M 0s
- 27000K .......... .......... .......... .......... .......... 50% 25.9M 0s
- 27050K .......... .......... .......... .......... .......... 50%  254M 0s
- 27100K .......... .......... .......... .......... .......... 50%  254M 0s
- 27150K .......... .......... .......... .......... .......... 50%  203M 0s
- 27200K .......... .......... .......... .......... .......... 51%  260M 0s
- 27250K .......... .......... .......... .......... .......... 51%  235M 0s
- 27300K .......... .......... .......... .......... .......... 51%  260M 0s
- 27350K .......... .......... .......... .......... .......... 51%  190M 0s
- 27400K .......... .......... .......... .......... .......... 51%  231M 0s
- 27450K .......... .......... .......... .......... .......... 51% 35.1M 0s
- 27500K .......... .......... .......... .......... .......... 51% 79.2M 0s
- 27550K .......... .......... .......... .......... .......... 51% 43.9M 0s
- 27600K .......... .......... .......... .......... .......... 51%  190M 0s
- 27650K .......... .......... .......... .......... .......... 51%  251M 0s
- 27700K .......... .......... .......... .......... .......... 51%  257M 0s
- 27750K .......... .......... .......... .......... .......... 52%  183M 0s
- 27800K .......... .......... .......... .......... .......... 52% 52.1M 0s
- 27850K .......... .......... .......... .......... .......... 52% 41.9M 0s
- 27900K .......... .......... .......... .......... .......... 52%  203M 0s
- 27950K .......... .......... .......... .......... .......... 52%  222M 0s
- 28000K .......... .......... .......... .......... .......... 52%  256M 0s
- 28050K .......... .......... .......... .......... .......... 52%  237M 0s
- 28100K .......... .......... .......... .......... .......... 52% 37.7M 0s
- 28150K .......... .......... .......... .......... .......... 52%  169M 0s
- 28200K .......... .......... .......... .......... .......... 52%  263M 0s
- 28250K .......... .......... .......... .......... .......... 52%  261M 0s
- 28300K .......... .......... .......... .......... .......... 53%  260M 0s
- 28350K .......... .......... .......... .......... .......... 53%  145M 0s
- 28400K .......... .......... .......... .......... .......... 53%  196M 0s
- 28450K .......... .......... .......... .......... .......... 53%  242M 0s
- 28500K .......... .......... .......... .......... .......... 53%  247M 0s
- 28550K .......... .......... .......... .......... .......... 53% 77.4M 0s
- 28600K .......... .......... .......... .......... .......... 53%  256M 0s
- 28650K .......... .......... .......... .......... .......... 53%  257M 0s
- 28700K .......... .......... .......... .......... .......... 53%  201M 0s
- 28750K .......... .......... .......... .......... .......... 53%  181M 0s
- 28800K .......... .......... .......... .......... .......... 54%  259M 0s
- 28850K .......... .......... .......... .......... .......... 54%  264M 0s
- 28900K .......... .......... .......... .......... .......... 54% 59.9M 0s
- 28950K .......... .......... .......... .......... .......... 54% 34.1M 0s
- 29000K .......... .......... .......... .......... .......... 54%  234M 0s
- 29050K .......... .......... .......... .......... .......... 54%  266M 0s
- 29100K .......... .......... .......... .......... .......... 54%  261M 0s
- 29150K .......... .......... .......... .......... .......... 54%  130M 0s
- 29200K .......... .......... .......... .......... .......... 54%  210M 0s
- 29250K .......... .......... .......... .......... .......... 54%  261M 0s
- 29300K .......... .......... .......... .......... .......... 54%  263M 0s
- 29350K .......... .......... .......... .......... .......... 55%  237M 0s
- 29400K .......... .......... .......... .......... .......... 55% 24.9M 0s
- 29450K .......... .......... .......... .......... .......... 55%  190M 0s
- 29500K .......... .......... .......... .......... .......... 55% 58.4M 0s
- 29550K .......... .......... .......... .......... .......... 55%  164M 0s
- 29600K .......... .......... .......... .......... .......... 55%  260M 0s
- 29650K .......... .......... .......... .......... .......... 55%  242M 0s
- 29700K .......... .......... .......... .......... .......... 55%  102M 0s
- 29750K .......... .......... .......... .......... .......... 55% 40.1M 0s
- 29800K .......... .......... .......... .......... .......... 55%  256M 0s
- 29850K .......... .......... .......... .......... .......... 55%  261M 0s
- 29900K .......... .......... .......... .......... .......... 56%  262M 0s
- 29950K .......... .......... .......... .......... .......... 56%  192M 0s
- 30000K .......... .......... .......... .......... .......... 56%  253M 0s
- 30050K .......... .......... .......... .......... .......... 56%  264M 0s
- 30100K .......... .......... .......... .......... .......... 56%  148M 0s
- 30150K .......... .......... .......... .......... .......... 56% 20.8M 0s
- 30200K .......... .......... .......... .......... .......... 56% 71.0M 0s
- 30250K .......... .......... .......... .......... .......... 56%  222M 0s
- 30300K .......... .......... .......... .......... .......... 56%  239M 0s
- 30350K .......... .......... .......... .......... .......... 56%  227M 0s
- 30400K .......... .......... .......... .......... .......... 57%  258M 0s
- 30450K .......... .......... .......... .......... .......... 57%  220M 0s
- 30500K .......... .......... .......... .......... .......... 57% 27.7M 0s
- 30550K .......... .......... .......... .......... .......... 57%  207M 0s
- 30600K .......... .......... .......... .......... .......... 57%  230M 0s
- 30650K .......... .......... .......... .......... .......... 57%  228M 0s
- 30700K .......... .......... .......... .......... .......... 57%  153M 0s
- 30750K .......... .......... .......... .......... .......... 57%  201M 0s
- 30800K .......... .......... .......... .......... .......... 57% 25.2M 0s
- 30850K .......... .......... .......... .......... .......... 57%  134M 0s
- 30900K .......... .......... .......... .......... .......... 57%  249M 0s
- 30950K .......... .......... .......... .......... .......... 58%  234M 0s
- 31000K .......... .......... .......... .......... .......... 58%  235M 0s
- 31050K .......... .......... .......... .......... .......... 58%  235M 0s
- 31100K .......... .......... .......... .......... .......... 58%  248M 0s
- 31150K .......... .......... .......... .......... .......... 58%  165M 0s
- 31200K .......... .......... .......... .......... .......... 58%  237M 0s
- 31250K .......... .......... .......... .......... .......... 58%  249M 0s
- 31300K .......... .......... .......... .......... .......... 58% 37.1M 0s
- 31350K .......... .......... .......... .......... .......... 58%  223M 0s
- 31400K .......... .......... .......... .......... .......... 58%  127M 0s
- 31450K .......... .......... .......... .......... .......... 58%  220M 0s
- 31500K .......... .......... .......... .......... .......... 59%  249M 0s
- 31550K .......... .......... .......... .......... .......... 59%  205M 0s
- 31600K .......... .......... .......... .......... .......... 59%  264M 0s
- 31650K .......... .......... .......... .......... .......... 59% 65.0M 0s
- 31700K .......... .......... .......... .......... .......... 59% 42.5M 0s
- 31750K .......... .......... .......... .......... .......... 59%  216M 0s
- 31800K .......... .......... .......... .......... .......... 59%  158M 0s
- 31850K .......... .......... .......... .......... .......... 59%  247M 0s
- 31900K .......... .......... .......... .......... .......... 59%  263M 0s
- 31950K .......... .......... .......... .......... .......... 59%  217M 0s
- 32000K .......... .......... .......... .......... .......... 60%  215M 0s
- 32050K .......... .......... .......... .......... .......... 60% 18.8M 0s
- 32100K .......... .......... .......... .......... .......... 60%  250M 0s
- 32150K .......... .......... .......... .......... .......... 60%  234M 0s
- 32200K .......... .......... .......... .......... .......... 60%  207M 0s
- 32250K .......... .......... .......... .......... .......... 60%  256M 0s
- 32300K .......... .......... .......... .......... .......... 60%  242M 0s
- 32350K .......... .......... .......... .......... .......... 60%  221M 0s
- 32400K .......... .......... .......... .......... .......... 60%  266M 0s
- 32450K .......... .......... .......... .......... .......... 60% 21.9M 0s
- 32500K .......... .......... .......... .......... .......... 60%  246M 0s
- 32550K .......... .......... .......... .......... .......... 61%  189M 0s
- 32600K .......... .......... .......... .......... .......... 61%  148M 0s
- 32650K .......... .......... .......... .......... .......... 61%  240M 0s
- 32700K .......... .......... .......... .......... .......... 61%  261M 0s
- 32750K .......... .......... .......... .......... .......... 61%  159M 0s
- 32800K .......... .......... .......... .......... .......... 61%  252M 0s
- 32850K .......... .......... .......... .......... .......... 61% 19.2M 0s
- 32900K .......... .......... .......... .......... .......... 61% 81.0M 0s
- 32950K .......... .......... .......... .......... .......... 61%  218M 0s
- 33000K .......... .......... .......... .......... .......... 61%  259M 0s
- 33050K .......... .......... .......... .......... .......... 61%  257M 0s
- 33100K .......... .......... .......... .......... .......... 62%  259M 0s
- 33150K .......... .......... .......... .......... .......... 62%  154M 0s
- 33200K .......... .......... .......... .......... .......... 62% 40.6M 0s
- 33250K .......... .......... .......... .......... .......... 62%  238M 0s
- 33300K .......... .......... .......... .......... .......... 62%  242M 0s
- 33350K .......... .......... .......... .......... .......... 62%  221M 0s
- 33400K .......... .......... .......... .......... .......... 62%  162M 0s
- 33450K .......... .......... .......... .......... .......... 62%  257M 0s
- 33500K .......... .......... .......... .......... .......... 62%  252M 0s
- 33550K .......... .......... .......... .......... .......... 62%  222M 0s
- 33600K .......... .......... .......... .......... .......... 63% 77.3M 0s
- 33650K .......... .......... .......... .......... .......... 63%  202M 0s
- 33700K .......... .......... .......... .......... .......... 63%  259M 0s
- 33750K .......... .......... .......... .......... .......... 63%  161M 0s
- 33800K .......... .......... .......... .......... .......... 63%  190M 0s
- 33850K .......... .......... .......... .......... .......... 63%  263M 0s
- 33900K .......... .......... .......... .......... .......... 63%  231M 0s
- 33950K .......... .......... .......... .......... .......... 63% 24.3M 0s
- 34000K .......... .......... .......... .......... .......... 63%  190M 0s
- 34050K .......... .......... .......... .......... .......... 63%  239M 0s
- 34100K .......... .......... .......... .......... .......... 63%  263M 0s
- 34150K .......... .......... .......... .......... .......... 64%  212M 0s
- 34200K .......... .......... .......... .......... .......... 64%  207M 0s
- 34250K .......... .......... .......... .......... .......... 64%  139M 0s
- 34300K .......... .......... .......... .......... .......... 64%  194M 0s
- 34350K .......... .......... .......... .......... .......... 64%  198M 0s
- 34400K .......... .......... .......... .......... .......... 64% 20.0M 0s
- 34450K .......... .......... .......... .......... .......... 64% 53.8M 0s
- 34500K .......... .......... .......... .......... .......... 64%  237M 0s
- 34550K .......... .......... .......... .......... .......... 64%  224M 0s
- 34600K .......... .......... .......... .......... .......... 64%  265M 0s
- 34650K .......... .......... .......... .......... .......... 64% 46.1M 0s
- 34700K .......... .......... .......... .......... .......... 65% 87.1M 0s
- 34750K .......... .......... .......... .......... .......... 65%  214M 0s
- 34800K .......... .......... .......... .......... .......... 65%  259M 0s
- 34850K .......... .......... .......... .......... .......... 65%  237M 0s
- 34900K .......... .......... .......... .......... .......... 65%  222M 0s
- 34950K .......... .......... .......... .......... .......... 65%  235M 0s
- 35000K .......... .......... .......... .......... .......... 65%  153M 0s
- 35050K .......... .......... .......... .......... .......... 65% 94.5M 0s
- 35100K .......... .......... .......... .......... .......... 65%  105M 0s
- 35150K .......... .......... .......... .......... .......... 65% 24.7M 0s
- 35200K .......... .......... .......... .......... .......... 66%  120M 0s
- 35250K .......... .......... .......... .......... .......... 66%  250M 0s
- 35300K .......... .......... .......... .......... .......... 66%  261M 0s
- 35350K .......... .......... .......... .......... .......... 66%  224M 0s
- 35400K .......... .......... .......... .......... .......... 66%  186M 0s
- 35450K .......... .......... .......... .......... .......... 66% 27.7M 0s
- 35500K .......... .......... .......... .......... .......... 66% 63.0M 0s
- 35550K .......... .......... .......... .......... .......... 66% 41.2M 0s
- 35600K .......... .......... .......... .......... .......... 66% 62.1M 0s
- 35650K .......... .......... .......... .......... .......... 66%  244M 0s
- 35700K .......... .......... .......... .......... .......... 66% 47.7M 0s
- 35750K .......... .......... .......... .......... .......... 67%  172M 0s
- 35800K .......... .......... .......... .......... .......... 67%  246M 0s
- 35850K .......... .......... .......... .......... .......... 67%  261M 0s
- 35900K .......... .......... .......... .......... .......... 67%  261M 0s
- 35950K .......... .......... .......... .......... .......... 67%  202M 0s
- 36000K .......... .......... .......... .......... .......... 67%  135M 0s
- 36050K .......... .......... .......... .......... .......... 67%  261M 0s
- 36100K .......... .......... .......... .......... .......... 67%  259M 0s
- 36150K .......... .......... .......... .......... .......... 67%  232M 0s
- 36200K .......... .......... .......... .......... .......... 67% 54.1M 0s
- 36250K .......... .......... .......... .......... .......... 67% 41.6M 0s
- 36300K .......... .......... .......... .......... .......... 68%  234M 0s
- 36350K .......... .......... .......... .......... .......... 68%  169M 0s
- 36400K .......... .......... .......... .......... .......... 68%  258M 0s
- 36450K .......... .......... .......... .......... .......... 68%  241M 0s
- 36500K .......... .......... .......... .......... .......... 68%  261M 0s
- 36550K .......... .......... .......... .......... .......... 68% 31.4M 0s
- 36600K .......... .......... .......... .......... .......... 68%  180M 0s
- 36650K .......... .......... .......... .......... .......... 68%  108M 0s
- 36700K .......... .......... .......... .......... .......... 68%  256M 0s
- 36750K .......... .......... .......... .......... .......... 68%  203M 0s
- 36800K .......... .......... .......... .......... .......... 69%  261M 0s
- 36850K .......... .......... .......... .......... .......... 69% 65.6M 0s
- 36900K .......... .......... .......... .......... .......... 69% 48.1M 0s
- 36950K .......... .......... .......... .......... .......... 69%  205M 0s
- 37000K .......... .......... .......... .......... .......... 69%  220M 0s
- 37050K .......... .......... .......... .......... .......... 69%  246M 0s
- 37100K .......... .......... .......... .......... .......... 69%  250M 0s
- 37150K .......... .......... .......... .......... .......... 69%  227M 0s
- 37200K .......... .......... .......... .......... .......... 69%  268M 0s
- 37250K .......... .......... .......... .......... .......... 69% 22.3M 0s
- 37300K .......... .......... .......... .......... .......... 69%  182M 0s
- 37350K .......... .......... .......... .......... .......... 70%  220M 0s
- 37400K .......... .......... .......... .......... .......... 70%  246M 0s
- 37450K .......... .......... .......... .......... .......... 70%  260M 0s
- 37500K .......... .......... .......... .......... .......... 70%  207M 0s
- 37550K .......... .......... .......... .......... .......... 70%  154M 0s
- 37600K .......... .......... .......... .......... .......... 70%  220M 0s
- 37650K .......... .......... .......... .......... .......... 70%  261M 0s
- 37700K .......... .......... .......... .......... .......... 70%  116M 0s
- 37750K .......... .......... .......... .......... .......... 70%  198M 0s
- 37800K .......... .......... .......... .......... .......... 70% 21.9M 0s
- 37850K .......... .......... .......... .......... .......... 70%  171M 0s
- 37900K .......... .......... .......... .......... .......... 71%  248M 0s
- 37950K .......... .......... .......... .......... .......... 71%  234M 0s
- 38000K .......... .......... .......... .......... .......... 71%  238M 0s
- 38050K .......... .......... .......... .......... .......... 71%  264M 0s
- 38100K .......... .......... .......... .......... .......... 71% 31.5M 0s
- 38150K .......... .......... .......... .......... .......... 71%  187M 0s
- 38200K .......... .......... .......... .......... .......... 71%  234M 0s
- 38250K .......... .......... .......... .......... .......... 71%  235M 0s
- 38300K .......... .......... .......... .......... .......... 71%  208M 0s
- 38350K .......... .......... .......... .......... .......... 71%  235M 0s
- 38400K .......... .......... .......... .......... .......... 71%  265M 0s
- 38450K .......... .......... .......... .......... .......... 72%  240M 0s
- 38500K .......... .......... .......... .......... .......... 72%  132M 0s
- 38550K .......... .......... .......... .......... .......... 72%  131M 0s
- 38600K .......... .......... .......... .......... .......... 72%  165M 0s
- 38650K .......... .......... .......... .......... .......... 72%  230M 0s
- 38700K .......... .......... .......... .......... .......... 72%  263M 0s
- 38750K .......... .......... .......... .......... .......... 72%  227M 0s
- 38800K .......... .......... .......... .......... .......... 72%  226M 0s
- 38850K .......... .......... .......... .......... .......... 72%  244M 0s
- 38900K .......... .......... .......... .......... .......... 72% 21.2M 0s
- 38950K .......... .......... .......... .......... .......... 73%  217M 0s
- 39000K .......... .......... .......... .......... .......... 73%  263M 0s
- 39050K .......... .......... .......... .......... .......... 73%  238M 0s
- 39100K .......... .......... .......... .......... .......... 73%  233M 0s
- 39150K .......... .......... .......... .......... .......... 73%  231M 0s
- 39200K .......... .......... .......... .......... .......... 73%  263M 0s
- 39250K .......... .......... .......... .......... .......... 73%  153M 0s
- 39300K .......... .......... .......... .......... .......... 73% 32.2M 0s
- 39350K .......... .......... .......... .......... .......... 73% 34.1M 0s
- 39400K .......... .......... .......... .......... .......... 73%  242M 0s
- 39450K .......... .......... .......... .......... .......... 73%  242M 0s
- 39500K .......... .......... .......... .......... .......... 74%  259M 0s
- 39550K .......... .......... .......... .......... .......... 74%  207M 0s
- 39600K .......... .......... .......... .......... .......... 74%  262M 0s
- 39650K .......... .......... .......... .......... .......... 74%  199M 0s
- 39700K .......... .......... .......... .......... .......... 74% 93.6M 0s
- 39750K .......... .......... .......... .......... .......... 74% 27.0M 0s
- 39800K .......... .......... .......... .......... .......... 74%  223M 0s
- 39850K .......... .......... .......... .......... .......... 74%  257M 0s
- 39900K .......... .......... .......... .......... .......... 74%  258M 0s
- 39950K .......... .......... .......... .......... .......... 74%  183M 0s
- 40000K .......... .......... .......... .......... .......... 74%  259M 0s
- 40050K .......... .......... .......... .......... .......... 75%  256M 0s
- 40100K .......... .......... .......... .......... .......... 75% 78.5M 0s
- 40150K .......... .......... .......... .......... .......... 75% 22.3M 0s
- 40200K .......... .......... .......... .......... .......... 75%  250M 0s
- 40250K .......... .......... .......... .......... .......... 75%  262M 0s
- 40300K .......... .......... .......... .......... .......... 75%  229M 0s
- 40350K .......... .......... .......... .......... .......... 75%  146M 0s
- 40400K .......... .......... .......... .......... .......... 75%  180M 0s
- 40450K .......... .......... .......... .......... .......... 75%  259M 0s
- 40500K .......... .......... .......... .......... .......... 75% 74.7M 0s
- 40550K .......... .......... .......... .......... .......... 76%  154M 0s
- 40600K .......... .......... .......... .......... .......... 76% 32.4M 0s
- 40650K .......... .......... .......... .......... .......... 76% 85.2M 0s
- 40700K .......... .......... .......... .......... .......... 76%  230M 0s
- 40750K .......... .......... .......... .......... .......... 76%  252M 0s
- 40800K .......... .......... .......... .......... .......... 76%  145M 0s
- 40850K .......... .......... .......... .......... .......... 76%  195M 0s
- 40900K .......... .......... .......... .......... .......... 76% 31.5M 0s
- 40950K .......... .......... .......... .......... .......... 76% 62.0M 0s
- 41000K .......... .......... .......... .......... .......... 76%  232M 0s
- 41050K .......... .......... .......... .......... .......... 76%  178M 0s
- 41100K .......... .......... .......... .......... .......... 77%  234M 0s
- 41150K .......... .......... .......... .......... .......... 77%  176M 0s
- 41200K .......... .......... .......... .......... .......... 77%  245M 0s
- 41250K .......... .......... .......... .......... .......... 77%  245M 0s
- 41300K .......... .......... .......... .......... .......... 77%  260M 0s
- 41350K .......... .......... .......... .......... .......... 77%  267M 0s
- 41400K .......... .......... .......... .......... .......... 77% 39.7M 0s
- 41450K .......... .......... .......... .......... .......... 77%  127M 0s
- 41500K .......... .......... .......... .......... .......... 77%  251M 0s
- 41550K .......... .......... .......... .......... .......... 77%  259M 0s
- 41600K .......... .......... .......... .......... .......... 77%  222M 0s
- 41650K .......... .......... .......... .......... .......... 78%  212M 0s
- 41700K .......... .......... .......... .......... .......... 78%  215M 0s
- 41750K .......... .......... .......... .......... .......... 78%  263M 0s
- 41800K .......... .......... .......... .......... .......... 78%  240M 0s
- 41850K .......... .......... .......... .......... .......... 78% 25.4M 0s
- 41900K .......... .......... .......... .......... .......... 78%  156M 0s
- 41950K .......... .......... .......... .......... .......... 78%  264M 0s
- 42000K .......... .......... .......... .......... .......... 78%  260M 0s
- 42050K .......... .......... .......... .......... .......... 78%  233M 0s
- 42100K .......... .......... .......... .......... .......... 78% 32.0M 0s
- 42150K .......... .......... .......... .......... .......... 79%  118M 0s
- 42200K .......... .......... .......... .......... .......... 79%  255M 0s
- 42250K .......... .......... .......... .......... .......... 79%  198M 0s
- 42300K .......... .......... .......... .......... .......... 79%  260M 0s
- 42350K .......... .......... .......... .......... .......... 79%  235M 0s
- 42400K .......... .......... .......... .......... .......... 79%  230M 0s
- 42450K .......... .......... .......... .......... .......... 79%  128M 0s
- 42500K .......... .......... .......... .......... .......... 79%  236M 0s
- 42550K .......... .......... .......... .......... .......... 79%  257M 0s
- 42600K .......... .......... .......... .......... .......... 79% 27.3M 0s
- 42650K .......... .......... .......... .......... .......... 79%  184M 0s
- 42700K .......... .......... .......... .......... .......... 80%  260M 0s
- 42750K .......... .......... .......... .......... .......... 80%  237M 0s
- 42800K .......... .......... .......... .......... .......... 80%  253M 0s
- 42850K .......... .......... .......... .......... .......... 80%  230M 0s
- 42900K .......... .......... .......... .......... .......... 80%  234M 0s
- 42950K .......... .......... .......... .......... .......... 80%  258M 0s
- 43000K .......... .......... .......... .......... .......... 80% 58.0M 0s
- 43050K .......... .......... .......... .......... .......... 80% 30.2M 0s
- 43100K .......... .......... .......... .......... .......... 80%  237M 0s
- 43150K .......... .......... .......... .......... .......... 80%  153M 0s
- 43200K .......... .......... .......... .......... .......... 80%  217M 0s
- 43250K .......... .......... .......... .......... .......... 81%  225M 0s
- 43300K .......... .......... .......... .......... .......... 81%  262M 0s
- 43350K .......... .......... .......... .......... .......... 81%  264M 0s
- 43400K .......... .......... .......... .......... .......... 81%  264M 0s
- 43450K .......... .......... .......... .......... .......... 81% 40.7M 0s
- 43500K .......... .......... .......... .......... .......... 81%  170M 0s
- 43550K .......... .......... .......... .......... .......... 81% 28.3M 0s
- 43600K .......... .......... .......... .......... .......... 81%  212M 0s
- 43650K .......... .......... .......... .......... .......... 81%  230M 0s
- 43700K .......... .......... .......... .......... .......... 81%  247M 0s
- 43750K .......... .......... .......... .......... .......... 82%  186M 0s
- 43800K .......... .......... .......... .......... .......... 82% 62.7M 0s
- 43850K .......... .......... .......... .......... .......... 82% 48.7M 0s
- 43900K .......... .......... .......... .......... .......... 82%  259M 0s
- 43950K .......... .......... .......... .......... .......... 82%  228M 0s
- 44000K .......... .......... .......... .......... .......... 82%  228M 0s
- 44050K .......... .......... .......... .......... .......... 82%  237M 0s
- 44100K .......... .......... .......... .......... .......... 82%  258M 0s
- 44150K .......... .......... .......... .......... .......... 82%  267M 0s
- 44200K .......... .......... .......... .......... .......... 82% 23.0M 0s
- 44250K .......... .......... .......... .......... .......... 82%  188M 0s
- 44300K .......... .......... .......... .......... .......... 83%  239M 0s
- 44350K .......... .......... .......... .......... .......... 83%  269M 0s
- 44400K .......... .......... .......... .......... .......... 83%  241M 0s
- 44450K .......... .......... .......... .......... .......... 83%  235M 0s
- 44500K .......... .......... .......... .......... .......... 83%  242M 0s
- 44550K .......... .......... .......... .......... .......... 83%  207M 0s
- 44600K .......... .......... .......... .......... .......... 83%  235M 0s
- 44650K .......... .......... .......... .......... .......... 83% 52.9M 0s
- 44700K .......... .......... .......... .......... .......... 83% 23.4M 0s
- 44750K .......... .......... .......... .......... .......... 83%  164M 0s
- 44800K .......... .......... .......... .......... .......... 83%  229M 0s
- 44850K .......... .......... .......... .......... .......... 84%  261M 0s
- 44900K .......... .......... .......... .......... .......... 84%  110M 0s
- 44950K .......... .......... .......... .......... .......... 84% 28.7M 0s
- 45000K .......... .......... .......... .......... .......... 84%  220M 0s
- 45050K .......... .......... .......... .......... .......... 84%  188M 0s
- 45100K .......... .......... .......... .......... .......... 84%  189M 0s
- 45150K .......... .......... .......... .......... .......... 84%  181M 0s
- 45200K .......... .......... .......... .......... .......... 84%  255M 0s
- 45250K .......... .......... .......... .......... .......... 84%  193M 0s
- 45300K .......... .......... .......... .......... .......... 84%  221M 0s
- 45350K .......... .......... .......... .......... .......... 85%  129M 0s
- 45400K .......... .......... .......... .......... .......... 85% 27.5M 0s
- 45450K .......... .......... .......... .......... .......... 85%  167M 0s
- 45500K .......... .......... .......... .......... .......... 85%  231M 0s
- 45550K .......... .......... .......... .......... .......... 85%  199M 0s
- 45600K .......... .......... .......... .......... .......... 85%  197M 0s
- 45650K .......... .......... .......... .......... .......... 85%  257M 0s
- 45700K .......... .......... .......... .......... .......... 85% 33.8M 0s
- 45750K .......... .......... .......... .......... .......... 85% 55.3M 0s
- 45800K .......... .......... .......... .......... .......... 85%  142M 0s
- 45850K .......... .......... .......... .......... .......... 85%  144M 0s
- 45900K .......... .......... .......... .......... .......... 86%  233M 0s
- 45950K .......... .......... .......... .......... .......... 86% 84.5M 0s
- 46000K .......... .......... .......... .......... .......... 86%  218M 0s
- 46050K .......... .......... .......... .......... .......... 86%  253M 0s
- 46100K .......... .......... .......... .......... .......... 86%  211M 0s
- 46150K .......... .......... .......... .......... .......... 86%  179M 0s
- 46200K .......... .......... .......... .......... .......... 86%  262M 0s
- 46250K .......... .......... .......... .......... .......... 86%  215M 0s
- 46300K .......... .......... .......... .......... .......... 86%  253M 0s
- 46350K .......... .......... .......... .......... .......... 86% 33.8M 0s
- 46400K .......... .......... .......... .......... .......... 86%  254M 0s
- 46450K .......... .......... .......... .......... .......... 87%  251M 0s
- 46500K .......... .......... .......... .......... .......... 87%  237M 0s
- 46550K .......... .......... .......... .......... .......... 87%  202M 0s
- 46600K .......... .......... .......... .......... .......... 87%  260M 0s
- 46650K .......... .......... .......... .......... .......... 87%  256M 0s
- 46700K .......... .......... .......... .......... .......... 87%  263M 0s
- 46750K .......... .......... .......... .......... .......... 87% 29.7M 0s
- 46800K .......... .......... .......... .......... .......... 87% 51.5M 0s
- 46850K .......... .......... .......... .......... .......... 87%  256M 0s
- 46900K .......... .......... .......... .......... .......... 87%  263M 0s
- 46950K .......... .......... .......... .......... .......... 88%  234M 0s
- 47000K .......... .......... .......... .......... .......... 88%  213M 0s
- 47050K .......... .......... .......... .......... .......... 88%  265M 0s
- 47100K .......... .......... .......... .......... .......... 88%  262M 0s
- 47150K .......... .......... .......... .......... .......... 88%  190M 0s
- 47200K .......... .......... .......... .......... .......... 88% 56.9M 0s
- 47250K .......... .......... .......... .......... .......... 88% 70.7M 0s
- 47300K .......... .......... .......... .......... .......... 88%  238M 0s
- 47350K .......... .......... .......... .......... .......... 88% 26.5M 0s
- 47400K .......... .......... .......... .......... .......... 88%  185M 0s
- 47450K .......... .......... .......... .......... .......... 88%  188M 0s
- 47500K .......... .......... .......... .......... .......... 89% 42.8M 0s
- 47550K .......... .......... .......... .......... .......... 89% 93.2M 0s
- 47600K .......... .......... .......... .......... .......... 89%  254M 0s
- 47650K .......... .......... .......... .......... .......... 89%  266M 0s
- 47700K .......... .......... .......... .......... .......... 89%  230M 0s
- 47750K .......... .......... .......... .......... .......... 89%  234M 0s
- 47800K .......... .......... .......... .......... .......... 89%  256M 0s
- 47850K .......... .......... .......... .......... .......... 89%  231M 0s
- 47900K .......... .......... .......... .......... .......... 89% 74.9M 0s
- 47950K .......... .......... .......... .......... .......... 89% 23.8M 0s
- 48000K .......... .......... .......... .......... .......... 89%  257M 0s
- 48050K .......... .......... .......... .......... .......... 90%  256M 0s
- 48100K .......... .......... .......... .......... .......... 90%  210M 0s
- 48150K .......... .......... .......... .......... .......... 90%  168M 0s
- 48200K .......... .......... .......... .......... .......... 90%  259M 0s
- 48250K .......... .......... .......... .......... .......... 90%  265M 0s
- 48300K .......... .......... .......... .......... .......... 90%  253M 0s
- 48350K .......... .......... .......... .......... .......... 90%  141M 0s
- 48400K .......... .......... .......... .......... .......... 90%  178M 0s
- 48450K .......... .......... .......... .......... .......... 90%  206M 0s
- 48500K .......... .......... .......... .......... .......... 90% 84.9M 0s
- 48550K .......... .......... .......... .......... .......... 91% 27.4M 0s
- 48600K .......... .......... .......... .......... .......... 91%  174M 0s
- 48650K .......... .......... .......... .......... .......... 91%  239M 0s
- 48700K .......... .......... .......... .......... .......... 91% 35.1M 0s
- 48750K .......... .......... .......... .......... .......... 91%  181M 0s
- 48800K .......... .......... .......... .......... .......... 91%  226M 0s
- 48850K .......... .......... .......... .......... .......... 91%  149M 0s
- 48900K .......... .......... .......... .......... .......... 91%  155M 0s
- 48950K .......... .......... .......... .......... .......... 91%  228M 0s
- 49000K .......... .......... .......... .......... .......... 91%  262M 0s
- 49050K .......... .......... .......... .......... .......... 91%  262M 0s
- 49100K .......... .......... .......... .......... .......... 92%  132M 0s
- 49150K .......... .......... .......... .......... .......... 92%  182M 0s
- 49200K .......... .......... .......... .......... .......... 92%  262M 0s
- 49250K .......... .......... .......... .......... .......... 92% 20.4M 0s
- 49300K .......... .......... .......... .......... .......... 92%  232M 0s
- 49350K .......... .......... .......... .......... .......... 92%  213M 0s
- 49400K .......... .......... .......... .......... .......... 92%  216M 0s
- 49450K .......... .......... .......... .......... .......... 92%  263M 0s
- 49500K .......... .......... .......... .......... .......... 92% 57.5M 0s
- 49550K .......... .......... .......... .......... .......... 92% 52.7M 0s
- 49600K .......... .......... .......... .......... .......... 92%  172M 0s
- 49650K .......... .......... .......... .......... .......... 93%  154M 0s
- 49700K .......... .......... .......... .......... .......... 93%  260M 0s
- 49750K .......... .......... .......... .......... .......... 93%  218M 0s
- 49800K .......... .......... .......... .......... .......... 93%  201M 0s
- 49850K .......... .......... .......... .......... .......... 93% 22.8M 0s
- 49900K .......... .......... .......... .......... .......... 93%  196M 0s
- 49950K .......... .......... .......... .......... .......... 93%  200M 0s
- 50000K .......... .......... .......... .......... .......... 93%  246M 0s
- 50050K .......... .......... .......... .......... .......... 93%  248M 0s
- 50100K .......... .......... .......... .......... .......... 93%  234M 0s
- 50150K .......... .......... .......... .......... .......... 94%  231M 0s
- 50200K .......... .......... .......... .......... .......... 94%  232M 0s
- 50250K .......... .......... .......... .......... .......... 94%  257M 0s
- 50300K .......... .......... .......... .......... .......... 94%  265M 0s
- 50350K .......... .......... .......... .......... .......... 94% 21.8M 0s
- 50400K .......... .......... .......... .......... .......... 94% 61.5M 0s
- 50450K .......... .......... .......... .......... .......... 94%  200M 0s
- 50500K .......... .......... .......... .......... .......... 94%  257M 0s
- 50550K .......... .......... .......... .......... .......... 94%  236M 0s
- 50600K .......... .......... .......... .......... .......... 94%  263M 0s
- 50650K .......... .......... .......... .......... .......... 94%  264M 0s
- 50700K .......... .......... .......... .......... .......... 95%  175M 0s
- 50750K .......... .......... .......... .......... .......... 95%  214M 0s
- 50800K .......... .......... .......... .......... .......... 95% 29.3M 0s
+     0K .......... .......... .......... .......... ..........  0% 4.09M 13s
+    50K .......... .......... .......... .......... ..........  0% 5.18M 11s
+   100K .......... .......... .......... .......... ..........  0% 27.9M 8s
+   150K .......... .......... .......... .......... ..........  0% 22.0M 7s
+   200K .......... .......... .......... .......... ..........  0% 7.67M 7s
+   250K .......... .......... .......... .......... ..........  0% 29.4M 6s
+   300K .......... .......... .......... .......... ..........  0% 76.5M 5s
+   350K .......... .......... .......... .......... ..........  0% 31.2M 5s
+   400K .......... .......... .......... .......... ..........  0% 27.9M 4s
+   450K .......... .......... .......... .......... ..........  0% 9.24M 5s
+   500K .......... .......... .......... .......... ..........  1%  198M 4s
+   550K .......... .......... .......... .......... ..........  1% 36.9M 4s
+   600K .......... .......... .......... .......... ..........  1% 76.5M 4s
+   650K .......... .......... .......... .......... ..........  1% 65.4M 3s
+   700K .......... .......... .......... .......... ..........  1%  228M 3s
+   750K .......... .......... .......... .......... ..........  1% 89.0M 3s
+   800K .......... .......... .......... .......... ..........  1% 54.0M 3s
+   850K .......... .......... .......... .......... ..........  1% 58.5M 3s
+   900K .......... .......... .......... .......... ..........  1%  123M 3s
+   950K .......... .......... .......... .......... ..........  1% 61.0M 3s
+  1000K .......... .......... .......... .......... ..........  1% 11.4M 3s
+  1050K .......... .......... .......... .......... ..........  2%  216M 3s
+  1100K .......... .......... .......... .......... ..........  2% 37.2M 3s
+  1150K .......... .......... .......... .......... ..........  2%  189M 2s
+  1200K .......... .......... .......... .......... ..........  2%  226M 2s
+  1250K .......... .......... .......... .......... ..........  2% 57.9M 2s
+  1300K .......... .......... .......... .......... ..........  2% 66.8M 2s
+  1350K .......... .......... .......... .......... ..........  2% 78.5M 2s
+  1400K .......... .......... .......... .......... ..........  2% 95.8M 2s
+  1450K .......... .......... .......... .......... ..........  2%  235M 2s
+  1500K .......... .......... .......... .......... ..........  2%  217M 2s
+  1550K .......... .......... .......... .......... ..........  2%  223M 2s
+  1600K .......... .......... .......... .......... ..........  3%  270M 2s
+  1650K .......... .......... .......... .......... ..........  3%  275M 2s
+  1700K .......... .......... .......... .......... ..........  3%  268M 2s
+  1750K .......... .......... .......... .......... ..........  3% 61.1M 2s
+  1800K .......... .......... .......... .......... ..........  3% 22.5M 2s
+  1850K .......... .......... .......... .......... ..........  3% 71.0M 2s
+  1900K .......... .......... .......... .......... ..........  3% 70.8M 2s
+  1950K .......... .......... .......... .......... ..........  3% 92.2M 2s
+  2000K .......... .......... .......... .......... ..........  3%  219M 2s
+  2050K .......... .......... .......... .......... ..........  3%  214M 2s
+  2100K .......... .......... .......... .......... ..........  4%  252M 2s
+  2150K .......... .......... .......... .......... ..........  4%  222M 2s
+  2200K .......... .......... .......... .......... ..........  4%  246M 1s
+  2250K .......... .......... .......... .......... ..........  4% 88.6M 1s
+  2300K .......... .......... .......... .......... ..........  4% 84.7M 1s
+  2350K .......... .......... .......... .......... ..........  4% 67.8M 1s
+  2400K .......... .......... .......... .......... ..........  4%  100M 1s
+  2450K .......... .......... .......... .......... ..........  4%  103M 1s
+  2500K .......... .......... .......... .......... ..........  4% 84.9M 1s
+  2550K .......... .......... .......... .......... ..........  4% 85.8M 1s
+  2600K .......... .......... .......... .......... ..........  4%  128M 1s
+  2650K .......... .......... .......... .......... ..........  5%  106M 1s
+  2700K .......... .......... .......... .......... ..........  5%  102M 1s
+  2750K .......... .......... .......... .......... ..........  5% 64.8M 1s
+  2800K .......... .......... .......... .......... ..........  5% 89.1M 1s
+  2850K .......... .......... .......... .......... ..........  5% 88.4M 1s
+  2900K .......... .......... .......... .......... ..........  5%  236M 1s
+  2950K .......... .......... .......... .......... ..........  5%  226M 1s
+  3000K .......... .......... .......... .......... ..........  5%  248M 1s
+  3050K .......... .......... .......... .......... ..........  5%  256M 1s
+  3100K .......... .......... .......... .......... ..........  5%  235M 1s
+  3150K .......... .......... .......... .......... ..........  5%  195M 1s
+  3200K .......... .......... .......... .......... ..........  6%  253M 1s
+  3250K .......... .......... .......... .......... ..........  6%  251M 1s
+  3300K .......... .......... .......... .......... ..........  6%  255M 1s
+  3350K .......... .......... .......... .......... ..........  6%  168M 1s
+  3400K .......... .......... .......... .......... ..........  6%  236M 1s
+  3450K .......... .......... .......... .......... ..........  6%  223M 1s
+  3500K .......... .......... .......... .......... ..........  6% 63.1M 1s
+  3550K .......... .......... .......... .......... ..........  6% 44.8M 1s
+  3600K .......... .......... .......... .......... ..........  6% 89.9M 1s
+  3650K .......... .......... .......... .......... ..........  6% 63.0M 1s
+  3700K .......... .......... .......... .......... ..........  7% 36.8M 1s
+  3750K .......... .......... .......... .......... ..........  7%  123M 1s
+  3800K .......... .......... .......... .......... ..........  7%  227M 1s
+  3850K .......... .......... .......... .......... ..........  7% 73.3M 1s
+  3900K .......... .......... .......... .......... ..........  7% 95.2M 1s
+  3950K .......... .......... .......... .......... ..........  7% 87.3M 1s
+  4000K .......... .......... .......... .......... ..........  7% 76.4M 1s
+  4050K .......... .......... .......... .......... ..........  7% 90.5M 1s
+  4100K .......... .......... .......... .......... ..........  7% 58.9M 1s
+  4150K .......... .......... .......... .......... ..........  7% 77.5M 1s
+  4200K .......... .......... .......... .......... ..........  7% 91.5M 1s
+  4250K .......... .......... .......... .......... ..........  8% 91.6M 1s
+  4300K .......... .......... .......... .......... ..........  8%  110M 1s
+  4350K .......... .......... .......... .......... ..........  8% 77.7M 1s
+  4400K .......... .......... .......... .......... ..........  8%  213M 1s
+  4450K .......... .......... .......... .......... ..........  8%  249M 1s
+  4500K .......... .......... .......... .......... ..........  8%  256M 1s
+  4550K .......... .......... .......... .......... ..........  8%  206M 1s
+  4600K .......... .......... .......... .......... ..........  8%  221M 1s
+  4650K .......... .......... .......... .......... ..........  8%  255M 1s
+  4700K .......... .......... .......... .......... ..........  8%  249M 1s
+  4750K .......... .......... .......... .......... ..........  8%  212M 1s
+  4800K .......... .......... .......... .......... ..........  9% 98.3M 1s
+  4850K .......... .......... .......... .......... ..........  9% 96.4M 1s
+  4900K .......... .......... .......... .......... ..........  9% 77.2M 1s
+  4950K .......... .......... .......... .......... ..........  9% 89.2M 1s
+  5000K .......... .......... .......... .......... ..........  9% 95.7M 1s
+  5050K .......... .......... .......... .......... ..........  9%  130M 1s
+  5100K .......... .......... .......... .......... ..........  9% 82.0M 1s
+  5150K .......... .......... .......... .......... ..........  9% 63.7M 1s
+  5200K .......... .......... .......... .......... ..........  9% 82.0M 1s
+  5250K .......... .......... .......... .......... ..........  9% 79.1M 1s
+  5300K .......... .......... .......... .......... .......... 10% 68.1M 1s
+  5350K .......... .......... .......... .......... .......... 10% 73.0M 1s
+  5400K .......... .......... .......... .......... .......... 10% 77.9M 1s
+  5450K .......... .......... .......... .......... .......... 10% 84.4M 1s
+  5500K .......... .......... .......... .......... .......... 10%  229M 1s
+  5550K .......... .......... .......... .......... .......... 10%  213M 1s
+  5600K .......... .......... .......... .......... .......... 10% 82.9M 1s
+  5650K .......... .......... .......... .......... .......... 10% 83.6M 1s
+  5700K .......... .......... .......... .......... .......... 10%  251M 1s
+  5750K .......... .......... .......... .......... .......... 10%  191M 1s
+  5800K .......... .......... .......... .......... .......... 10%  242M 1s
+  5850K .......... .......... .......... .......... .......... 11%  229M 1s
+  5900K .......... .......... .......... .......... .......... 11%  255M 1s
+  5950K .......... .......... .......... .......... .......... 11% 65.8M 1s
+  6000K .......... .......... .......... .......... .......... 11% 91.3M 1s
+  6050K .......... .......... .......... .......... .......... 11%  100M 1s
+  6100K .......... .......... .......... .......... .......... 11% 71.1M 1s
+  6150K .......... .......... .......... .......... .......... 11% 63.0M 1s
+  6200K .......... .......... .......... .......... .......... 11% 75.8M 1s
+  6250K .......... .......... .......... .......... .......... 11% 70.6M 1s
+  6300K .......... .......... .......... .......... .......... 11% 75.5M 1s
+  6350K .......... .......... .......... .......... .......... 11% 74.5M 1s
+  6400K .......... .......... .......... .......... .......... 12% 73.6M 1s
+  6450K .......... .......... .......... .......... .......... 12%  125M 1s
+  6500K .......... .......... .......... .......... .......... 12%  251M 1s
+  6550K .......... .......... .......... .......... .......... 12%  210M 1s
+  6600K .......... .......... .......... .......... .......... 12% 76.9M 1s
+  6650K .......... .......... .......... .......... .......... 12%  234M 1s
+  6700K .......... .......... .......... .......... .......... 12%  218M 1s
+  6750K .......... .......... .......... .......... .......... 12%  207M 1s
+  6800K .......... .......... .......... .......... .......... 12%  247M 1s
+  6850K .......... .......... .......... .......... .......... 12%  258M 1s
+  6900K .......... .......... .......... .......... .......... 13% 38.1M 1s
+  6950K .......... .......... .......... .......... .......... 13% 41.9M 1s
+  7000K .......... .......... .......... .......... .......... 13% 77.6M 1s
+  7050K .......... .......... .......... .......... .......... 13% 80.1M 1s
+  7100K .......... .......... .......... .......... .......... 13% 77.2M 1s
+  7150K .......... .......... .......... .......... .......... 13% 67.2M 1s
+  7200K .......... .......... .......... .......... .......... 13%  185M 1s
+  7250K .......... .......... .......... .......... .......... 13% 48.5M 1s
+  7300K .......... .......... .......... .......... .......... 13%  176M 1s
+  7350K .......... .......... .......... .......... .......... 13%  214M 1s
+  7400K .......... .......... .......... .......... .......... 13%  258M 1s
+  7450K .......... .......... .......... .......... .......... 14%  239M 1s
+  7500K .......... .......... .......... .......... .......... 14%  241M 1s
+  7550K .......... .......... .......... .......... .......... 14%  228M 1s
+  7600K .......... .......... .......... .......... .......... 14%  259M 1s
+  7650K .......... .......... .......... .......... .......... 14%  251M 1s
+  7700K .......... .......... .......... .......... .......... 14% 54.2M 1s
+  7750K .......... .......... .......... .......... .......... 14% 78.5M 1s
+  7800K .......... .......... .......... .......... .......... 14%  122M 1s
+  7850K .......... .......... .......... .......... .......... 14%  249M 1s
+  7900K .......... .......... .......... .......... .......... 14%  206M 1s
+  7950K .......... .......... .......... .......... .......... 14%  234M 1s
+  8000K .......... .......... .......... .......... .......... 15%  247M 1s
+  8050K .......... .......... .......... .......... .......... 15%  263M 1s
+  8100K .......... .......... .......... .......... .......... 15%  232M 1s
+  8150K .......... .......... .......... .......... .......... 15%  215M 1s
+  8200K .......... .......... .......... .......... .......... 15%  246M 1s
+  8250K .......... .......... .......... .......... .......... 15%  251M 1s
+  8300K .......... .......... .......... .......... .......... 15%  252M 1s
+  8350K .......... .......... .......... .......... .......... 15% 40.8M 1s
+  8400K .......... .......... .......... .......... .......... 15%  193M 1s
+  8450K .......... .......... .......... .......... .......... 15%  260M 1s
+  8500K .......... .......... .......... .......... .......... 16%  229M 1s
+  8550K .......... .......... .......... .......... .......... 16%  227M 1s
+  8600K .......... .......... .......... .......... .......... 16%  241M 1s
+  8650K .......... .......... .......... .......... .......... 16%  260M 1s
+  8700K .......... .......... .......... .......... .......... 16%  271M 1s
+  8750K .......... .......... .......... .......... .......... 16%  229M 1s
+  8800K .......... .......... .......... .......... .......... 16%  274M 1s
+  8850K .......... .......... .......... .......... .......... 16%  244M 1s
+  8900K .......... .......... .......... .......... .......... 16%  260M 1s
+  8950K .......... .......... .......... .......... .......... 16%  243M 1s
+  9000K .......... .......... .......... .......... .......... 16%  239M 1s
+  9050K .......... .......... .......... .......... .......... 17%  252M 1s
+  9100K .......... .......... .......... .......... .......... 17%  160M 1s
+  9150K .......... .......... .......... .......... .......... 17% 55.9M 1s
+  9200K .......... .......... .......... .......... .......... 17% 78.3M 1s
+  9250K .......... .......... .......... .......... .......... 17%  131M 1s
+  9300K .......... .......... .......... .......... .......... 17% 62.4M 1s
+  9350K .......... .......... .......... .......... .......... 17% 66.9M 1s
+  9400K .......... .......... .......... .......... .......... 17%  110M 1s
+  9450K .......... .......... .......... .......... .......... 17% 75.9M 1s
+  9500K .......... .......... .......... .......... .......... 17% 73.6M 1s
+  9550K .......... .......... .......... .......... .......... 17% 65.9M 1s
+  9600K .......... .......... .......... .......... .......... 18%  138M 1s
+  9650K .......... .......... .......... .......... .......... 18%  254M 1s
+  9700K .......... .......... .......... .......... .......... 18%  227M 1s
+  9750K .......... .......... .......... .......... .......... 18%  169M 1s
+  9800K .......... .......... .......... .......... .......... 18% 73.9M 1s
+  9850K .......... .......... .......... .......... .......... 18% 68.6M 1s
+  9900K .......... .......... .......... .......... .......... 18%  104M 1s
+  9950K .......... .......... .......... .......... .......... 18% 62.4M 1s
+ 10000K .......... .......... .......... .......... .......... 18% 78.2M 1s
+ 10050K .......... .......... .......... .......... .......... 18%  106M 1s
+ 10100K .......... .......... .......... .......... .......... 19%  152M 1s
+ 10150K .......... .......... .......... .......... .......... 19% 97.9M 1s
+ 10200K .......... .......... .......... .......... .......... 19%  239M 1s
+ 10250K .......... .......... .......... .......... .......... 19%  268M 1s
+ 10300K .......... .......... .......... .......... .......... 19%  229M 1s
+ 10350K .......... .......... .......... .......... .......... 19%  214M 1s
+ 10400K .......... .......... .......... .......... .......... 19%  254M 1s
+ 10450K .......... .......... .......... .......... .......... 19%  238M 1s
+ 10500K .......... .......... .......... .......... .......... 19%  158M 1s
+ 10550K .......... .......... .......... .......... .......... 19% 73.3M 1s
+ 10600K .......... .......... .......... .......... .......... 19% 78.3M 1s
+ 10650K .......... .......... .......... .......... .......... 20% 83.1M 1s
+ 10700K .......... .......... .......... .......... .......... 20% 75.9M 1s
+ 10750K .......... .......... .......... .......... .......... 20%  210M 1s
+ 10800K .......... .......... .......... .......... .......... 20%  230M 1s
+ 10850K .......... .......... .......... .......... .......... 20%  105M 1s
+ 10900K .......... .......... .......... .......... .......... 20% 91.6M 1s
+ 10950K .......... .......... .......... .......... .......... 20% 70.3M 1s
+ 11000K .......... .......... .......... .......... .......... 20%  153M 1s
+ 11050K .......... .......... .......... .......... .......... 20% 67.4M 1s
+ 11100K .......... .......... .......... .......... .......... 20% 69.9M 1s
+ 11150K .......... .......... .......... .......... .......... 20%  147M 1s
+ 11200K .......... .......... .......... .......... .......... 21% 54.1M 1s
+ 11250K .......... .......... .......... .......... .......... 21%  116M 1s
+ 11300K .......... .......... .......... .......... .......... 21% 78.5M 1s
+ 11350K .......... .......... .......... .......... .......... 21%  204M 1s
+ 11400K .......... .......... .......... .......... .......... 21%  240M 1s
+ 11450K .......... .......... .......... .......... .......... 21%  260M 1s
+ 11500K .......... .......... .......... .......... .......... 21%  253M 1s
+ 11550K .......... .......... .......... .......... .......... 21%  215M 1s
+ 11600K .......... .......... .......... .......... .......... 21%  131M 1s
+ 11650K .......... .......... .......... .......... .......... 21% 31.2M 1s
+ 11700K .......... .......... .......... .......... .......... 22%  121M 1s
+ 11750K .......... .......... .......... .......... .......... 22%  198M 1s
+ 11800K .......... .......... .......... .......... .......... 22%  257M 1s
+ 11850K .......... .......... .......... .......... .......... 22% 45.9M 1s
+ 11900K .......... .......... .......... .......... .......... 22% 71.2M 1s
+ 11950K .......... .......... .......... .......... .......... 22% 64.3M 1s
+ 12000K .......... .......... .......... .......... .......... 22%  104M 1s
+ 12050K .......... .......... .......... .......... .......... 22%  182M 1s
+ 12100K .......... .......... .......... .......... .......... 22% 70.9M 1s
+ 12150K .......... .......... .......... .......... .......... 22% 89.5M 1s
+ 12200K .......... .......... .......... .......... .......... 22%  131M 1s
+ 12250K .......... .......... .......... .......... .......... 23%  253M 1s
+ 12300K .......... .......... .......... .......... .......... 23%  252M 1s
+ 12350K .......... .......... .......... .......... .......... 23% 94.7M 1s
+ 12400K .......... .......... .......... .......... .......... 23% 38.1M 1s
+ 12450K .......... .......... .......... .......... .......... 23% 82.6M 1s
+ 12500K .......... .......... .......... .......... .......... 23% 75.0M 1s
+ 12550K .......... .......... .......... .......... .......... 23%  117M 1s
+ 12600K .......... .......... .......... .......... .......... 23%  131M 1s
+ 12650K .......... .......... .......... .......... .......... 23%  256M 1s
+ 12700K .......... .......... .......... .......... .......... 23%  229M 1s
+ 12750K .......... .......... .......... .......... .......... 23%  206M 1s
+ 12800K .......... .......... .......... .......... .......... 24%  245M 1s
+ 12850K .......... .......... .......... .......... .......... 24%  248M 1s
+ 12900K .......... .......... .......... .......... .......... 24%  256M 1s
+ 12950K .......... .......... .......... .......... .......... 24% 83.9M 1s
+ 13000K .......... .......... .......... .......... .......... 24% 76.7M 0s
+ 13050K .......... .......... .......... .......... .......... 24% 73.5M 0s
+ 13100K .......... .......... .......... .......... .......... 24%  153M 0s
+ 13150K .......... .......... .......... .......... .......... 24% 62.6M 0s
+ 13200K .......... .......... .......... .......... .......... 24% 84.0M 0s
+ 13250K .......... .......... .......... .......... .......... 24% 92.3M 0s
+ 13300K .......... .......... .......... .......... .......... 24% 80.4M 0s
+ 13350K .......... .......... .......... .......... .......... 25% 64.7M 0s
+ 13400K .......... .......... .......... .......... .......... 25% 71.0M 0s
+ 13450K .......... .......... .......... .......... .......... 25%  100M 0s
+ 13500K .......... .......... .......... .......... .......... 25% 66.2M 0s
+ 13550K .......... .......... .......... .......... .......... 25% 74.4M 0s
+ 13600K .......... .......... .......... .......... .......... 25%  223M 0s
+ 13650K .......... .......... .......... .......... .......... 25%  251M 0s
+ 13700K .......... .......... .......... .......... .......... 25%  256M 0s
+ 13750K .......... .......... .......... .......... .......... 25%  213M 0s
+ 13800K .......... .......... .......... .......... .......... 25%  253M 0s
+ 13850K .......... .......... .......... .......... .......... 26% 22.6M 0s
+ 13900K .......... .......... .......... .......... .......... 26%  138M 0s
+ 13950K .......... .......... .......... .......... .......... 26%  123M 0s
+ 14000K .......... .......... .......... .......... .......... 26% 53.3M 0s
+ 14050K .......... .......... .......... .......... .......... 26% 74.6M 0s
+ 14100K .......... .......... .......... .......... .......... 26% 73.7M 0s
+ 14150K .......... .......... .......... .......... .......... 26% 78.4M 0s
+ 14200K .......... .......... .......... .......... .......... 26%  252M 0s
+ 14250K .......... .......... .......... .......... .......... 26%  234M 0s
+ 14300K .......... .......... .......... .......... .......... 26%  238M 0s
+ 14350K .......... .......... .......... .......... .......... 26%  189M 0s
+ 14400K .......... .......... .......... .......... .......... 27%  258M 0s
+ 14450K .......... .......... .......... .......... .......... 27% 73.1M 0s
+ 14500K .......... .......... .......... .......... .......... 27%  122M 0s
+ 14550K .......... .......... .......... .......... .......... 27%  205M 0s
+ 14600K .......... .......... .......... .......... .......... 27% 27.7M 0s
+ 14650K .......... .......... .......... .......... .......... 27% 74.7M 0s
+ 14700K .......... .......... .......... .......... .......... 27%  109M 0s
+ 14750K .......... .......... .......... .......... .......... 27% 86.1M 0s
+ 14800K .......... .......... .......... .......... .......... 27% 68.2M 0s
+ 14850K .......... .......... .......... .......... .......... 27% 77.1M 0s
+ 14900K .......... .......... .......... .......... .......... 27% 88.3M 0s
+ 14950K .......... .......... .......... .......... .......... 28% 77.1M 0s
+ 15000K .......... .......... .......... .......... .......... 28%  236M 0s
+ 15050K .......... .......... .......... .......... .......... 28%  258M 0s
+ 15100K .......... .......... .......... .......... .......... 28%  250M 0s
+ 15150K .......... .......... .......... .......... .......... 28%  214M 0s
+ 15200K .......... .......... .......... .......... .......... 28%  128M 0s
+ 15250K .......... .......... .......... .......... .......... 28% 83.2M 0s
+ 15300K .......... .......... .......... .......... .......... 28% 74.0M 0s
+ 15350K .......... .......... .......... .......... .......... 28% 95.9M 0s
+ 15400K .......... .......... .......... .......... .......... 28%  237M 0s
+ 15450K .......... .......... .......... .......... .......... 29%  248M 0s
+ 15500K .......... .......... .......... .......... .......... 29% 94.3M 0s
+ 15550K .......... .......... .......... .......... .......... 29% 79.3M 0s
+ 15600K .......... .......... .......... .......... .......... 29% 64.6M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  101M 0s
+ 15700K .......... .......... .......... .......... .......... 29% 63.7M 0s
+ 15750K .......... .......... .......... .......... .......... 29%  169M 0s
+ 15800K .......... .......... .......... .......... .......... 29%  234M 0s
+ 15850K .......... .......... .......... .......... .......... 29%  233M 0s
+ 15900K .......... .......... .......... .......... .......... 29%  239M 0s
+ 15950K .......... .......... .......... .......... .......... 29%  206M 0s
+ 16000K .......... .......... .......... .......... .......... 30%  247M 0s
+ 16050K .......... .......... .......... .......... .......... 30% 22.4M 0s
+ 16100K .......... .......... .......... .......... .......... 30% 62.4M 0s
+ 16150K .......... .......... .......... .......... .......... 30% 80.1M 0s
+ 16200K .......... .......... .......... .......... .......... 30% 77.1M 0s
+ 16250K .......... .......... .......... .......... .......... 30%  212M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  243M 0s
+ 16350K .......... .......... .......... .......... .......... 30%  103M 0s
+ 16400K .......... .......... .......... .......... .......... 30% 65.6M 0s
+ 16450K .......... .......... .......... .......... .......... 30% 65.1M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  114M 0s
+ 16550K .......... .......... .......... .......... .......... 31% 73.6M 0s
+ 16600K .......... .......... .......... .......... .......... 31% 87.0M 0s
+ 16650K .......... .......... .......... .......... .......... 31%  143M 0s
+ 16700K .......... .......... .......... .......... .......... 31%  127M 0s
+ 16750K .......... .......... .......... .......... .......... 31%  227M 0s
+ 16800K .......... .......... .......... .......... .......... 31%  241M 0s
+ 16850K .......... .......... .......... .......... .......... 31%  209M 0s
+ 16900K .......... .......... .......... .......... .......... 31%  258M 0s
+ 16950K .......... .......... .......... .......... .......... 31%  248M 0s
+ 17000K .......... .......... .......... .......... .......... 31%  222M 0s
+ 17050K .......... .......... .......... .......... .......... 32%  215M 0s
+ 17100K .......... .......... .......... .......... .......... 32%  230M 0s
+ 17150K .......... .......... .......... .......... .......... 32%  253M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  116M 0s
+ 17250K .......... .......... .......... .......... .......... 32% 29.2M 0s
+ 17300K .......... .......... .......... .......... .......... 32%  225M 0s
+ 17350K .......... .......... .......... .......... .......... 32% 23.9M 0s
+ 17400K .......... .......... .......... .......... .......... 32% 82.8M 0s
+ 17450K .......... .......... .......... .......... .......... 32% 79.7M 0s
+ 17500K .......... .......... .......... .......... .......... 32% 81.7M 0s
+ 17550K .......... .......... .......... .......... .......... 32% 92.5M 0s
+ 17600K .......... .......... .......... .......... .......... 33% 85.4M 0s
+ 17650K .......... .......... .......... .......... .......... 33% 58.8M 0s
+ 17700K .......... .......... .......... .......... .......... 33% 72.9M 0s
+ 17750K .......... .......... .......... .......... .......... 33% 75.0M 0s
+ 17800K .......... .......... .......... .......... .......... 33% 95.1M 0s
+ 17850K .......... .......... .......... .......... .......... 33% 88.8M 0s
+ 17900K .......... .......... .......... .......... .......... 33% 58.5M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  130M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  249M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  126M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  242M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  236M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  242M 0s
+ 18250K .......... .......... .......... .......... .......... 34%  230M 0s
+ 18300K .......... .......... .......... .......... .......... 34% 79.7M 0s
+ 18350K .......... .......... .......... .......... .......... 34%  250M 0s
+ 18400K .......... .......... .......... .......... .......... 34%  221M 0s
+ 18450K .......... .......... .......... .......... .......... 34%  189M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  256M 0s
+ 18550K .......... .......... .......... .......... .......... 34%  256M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  246M 0s
+ 18650K .......... .......... .......... .......... .......... 35%  229M 0s
+ 18700K .......... .......... .......... .......... .......... 35% 19.2M 0s
+ 18750K .......... .......... .......... .......... .......... 35% 68.7M 0s
+ 18800K .......... .......... .......... .......... .......... 35% 77.5M 0s
+ 18850K .......... .......... .......... .......... .......... 35% 80.5M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  216M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  254M 0s
+ 19000K .......... .......... .......... .......... .......... 35% 46.3M 0s
+ 19050K .......... .......... .......... .......... .......... 35% 82.9M 0s
+ 19100K .......... .......... .......... .......... .......... 35%  113M 0s
+ 19150K .......... .......... .......... .......... .......... 35% 77.0M 0s
+ 19200K .......... .......... .......... .......... .......... 36% 70.7M 0s
+ 19250K .......... .......... .......... .......... .......... 36%  196M 0s
+ 19300K .......... .......... .......... .......... .......... 36%  111M 0s
+ 19350K .......... .......... .......... .......... .......... 36%  178M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  255M 0s
+ 19450K .......... .......... .......... .......... .......... 36%  256M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  256M 0s
+ 19550K .......... .......... .......... .......... .......... 36% 74.1M 0s
+ 19600K .......... .......... .......... .......... .......... 36% 99.3M 0s
+ 19650K .......... .......... .......... .......... .......... 36% 68.0M 0s
+ 19700K .......... .......... .......... .......... .......... 36% 76.2M 0s
+ 19750K .......... .......... .......... .......... .......... 37% 64.8M 0s
+ 19800K .......... .......... .......... .......... .......... 37% 79.8M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  116M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  239M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  120M 0s
+ 20000K .......... .......... .......... .......... .......... 37% 82.7M 0s
+ 20050K .......... .......... .......... .......... .......... 37%  127M 0s
+ 20100K .......... .......... .......... .......... .......... 37% 71.4M 0s
+ 20150K .......... .......... .......... .......... .......... 37% 74.6M 0s
+ 20200K .......... .......... .......... .......... .......... 37% 75.4M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  199M 0s
+ 20300K .......... .......... .......... .......... .......... 38%  105M 0s
+ 20350K .......... .......... .......... .......... .......... 38%  214M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  257M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  160M 0s
+ 20500K .......... .......... .......... .......... .......... 38%  106M 0s
+ 20550K .......... .......... .......... .......... .......... 38% 66.9M 0s
+ 20600K .......... .......... .......... .......... .......... 38% 77.7M 0s
+ 20650K .......... .......... .......... .......... .......... 38% 75.0M 0s
+ 20700K .......... .......... .......... .......... .......... 38%  206M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  195M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  232M 0s
+ 20850K .......... .......... .......... .......... .......... 39%  244M 0s
+ 20900K .......... .......... .......... .......... .......... 39%  225M 0s
+ 20950K .......... .......... .......... .......... .......... 39%  253M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  212M 0s
+ 21050K .......... .......... .......... .......... .......... 39% 58.0M 0s
+ 21100K .......... .......... .......... .......... .......... 39% 76.8M 0s
+ 21150K .......... .......... .......... .......... .......... 39% 72.2M 0s
+ 21200K .......... .......... .......... .......... .......... 39% 79.2M 0s
+ 21250K .......... .......... .......... .......... .......... 39%  115M 0s
+ 21300K .......... .......... .......... .......... .......... 39% 94.4M 0s
+ 21350K .......... .......... .......... .......... .......... 40% 76.2M 0s
+ 21400K .......... .......... .......... .......... .......... 40% 65.2M 0s
+ 21450K .......... .......... .......... .......... .......... 40% 71.5M 0s
+ 21500K .......... .......... .......... .......... .......... 40% 63.0M 0s
+ 21550K .......... .......... .......... .......... .......... 40% 94.6M 0s
+ 21600K .......... .......... .......... .......... .......... 40% 95.1M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  110M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  213M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  248M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  257M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  256M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  156M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  250M 0s
+ 22000K .......... .......... .......... .......... .......... 41% 52.6M 0s
+ 22050K .......... .......... .......... .......... .......... 41%  236M 0s
+ 22100K .......... .......... .......... .......... .......... 41%  222M 0s
+ 22150K .......... .......... .......... .......... .......... 41% 42.3M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  123M 0s
+ 22250K .......... .......... .......... .......... .......... 41% 64.4M 0s
+ 22300K .......... .......... .......... .......... .......... 41% 62.3M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  113M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  102M 0s
+ 22450K .......... .......... .......... .......... .......... 42% 63.0M 0s
+ 22500K .......... .......... .......... .......... .......... 42% 68.5M 0s
+ 22550K .......... .......... .......... .......... .......... 42%  242M 0s
+ 22600K .......... .......... .......... .......... .......... 42%  252M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  253M 0s
+ 22700K .......... .......... .......... .......... .......... 42% 37.2M 0s
+ 22750K .......... .......... .......... .......... .......... 42% 72.5M 0s
+ 22800K .......... .......... .......... .......... .......... 42% 99.2M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  241M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  222M 0s
+ 22950K .......... .......... .......... .......... .......... 43% 69.6M 0s
+ 23000K .......... .......... .......... .......... .......... 43%  116M 0s
+ 23050K .......... .......... .......... .......... .......... 43%  111M 0s
+ 23100K .......... .......... .......... .......... .......... 43%  186M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  217M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  203M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  212M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  194M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  204M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  170M 0s
+ 23450K .......... .......... .......... .......... .......... 44% 60.4M 0s
+ 23500K .......... .......... .......... .......... .......... 44% 64.5M 0s
+ 23550K .......... .......... .......... .......... .......... 44% 94.9M 0s
+ 23600K .......... .......... .......... .......... .......... 44% 78.1M 0s
+ 23650K .......... .......... .......... .......... .......... 44% 72.2M 0s
+ 23700K .......... .......... .......... .......... .......... 44% 63.1M 0s
+ 23750K .......... .......... .......... .......... .......... 44% 87.8M 0s
+ 23800K .......... .......... .......... .......... .......... 44% 74.1M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  111M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  167M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  239M 0s
+ 24000K .......... .......... .......... .......... .......... 45% 33.0M 0s
+ 24050K .......... .......... .......... .......... .......... 45% 81.8M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  101M 0s
+ 24150K .......... .......... .......... .......... .......... 45% 81.1M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  247M 0s
+ 24250K .......... .......... .......... .......... .......... 45%  251M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  185M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  255M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  229M 0s
+ 24450K .......... .......... .......... .......... .......... 45%  243M 0s
+ 24500K .......... .......... .......... .......... .......... 45% 54.4M 0s
+ 24550K .......... .......... .......... .......... .......... 46%  153M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  199M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  236M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  210M 0s
+ 24750K .......... .......... .......... .......... .......... 46% 36.7M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  136M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  195M 0s
+ 24900K .......... .......... .......... .......... .......... 46% 43.8M 0s
+ 24950K .......... .......... .......... .......... .......... 46% 82.9M 0s
+ 25000K .......... .......... .......... .......... .......... 46%  145M 0s
+ 25050K .......... .......... .......... .......... .......... 47%  130M 0s
+ 25100K .......... .......... .......... .......... .......... 47%  159M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  250M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  249M 0s
+ 25250K .......... .......... .......... .......... .......... 47% 41.7M 0s
+ 25300K .......... .......... .......... .......... .......... 47% 66.1M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  115M 0s
+ 25400K .......... .......... .......... .......... .......... 47% 82.1M 0s
+ 25450K .......... .......... .......... .......... .......... 47%  245M 0s
+ 25500K .......... .......... .......... .......... .......... 47%  190M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  245M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  245M 0s
+ 25650K .......... .......... .......... .......... .......... 48%  221M 0s
+ 25700K .......... .......... .......... .......... .......... 48% 87.8M 0s
+ 25750K .......... .......... .......... .......... .......... 48% 23.3M 0s
+ 25800K .......... .......... .......... .......... .......... 48% 80.5M 0s
+ 25850K .......... .......... .......... .......... .......... 48% 76.2M 0s
+ 25900K .......... .......... .......... .......... .......... 48% 63.6M 0s
+ 25950K .......... .......... .......... .......... .......... 48%  158M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  244M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  137M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  108M 0s
+ 26150K .......... .......... .......... .......... .......... 49% 56.9M 0s
+ 26200K .......... .......... .......... .......... .......... 49% 70.1M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  187M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  208M 0s
+ 26350K .......... .......... .......... .......... .......... 49%  132M 0s
+ 26400K .......... .......... .......... .......... .......... 49% 74.3M 0s
+ 26450K .......... .......... .......... .......... .......... 49% 56.7M 0s
+ 26500K .......... .......... .......... .......... .......... 49% 77.9M 0s
+ 26550K .......... .......... .......... .......... .......... 49% 77.4M 0s
+ 26600K .......... .......... .......... .......... .......... 49%  137M 0s
+ 26650K .......... .......... .......... .......... .......... 49%  248M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  213M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  250M 0s
+ 26800K .......... .......... .......... .......... .......... 50% 26.9M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  175M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  211M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  134M 0s
+ 27000K .......... .......... .......... .......... .......... 50% 70.3M 0s
+ 27050K .......... .......... .......... .......... .......... 50% 76.9M 0s
+ 27100K .......... .......... .......... .......... .......... 50% 95.3M 0s
+ 27150K .......... .......... .......... .......... .......... 50% 84.9M 0s
+ 27200K .......... .......... .......... .......... .......... 51% 86.1M 0s
+ 27250K .......... .......... .......... .......... .......... 51%  233M 0s
+ 27300K .......... .......... .......... .......... .......... 51%  205M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  241M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  240M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  245M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  192M 0s
+ 27550K .......... .......... .......... .......... .......... 51% 24.5M 0s
+ 27600K .......... .......... .......... .......... .......... 51% 62.2M 0s
+ 27650K .......... .......... .......... .......... .......... 51% 89.2M 0s
+ 27700K .......... .......... .......... .......... .......... 51% 67.7M 0s
+ 27750K .......... .......... .......... .......... .......... 52% 70.7M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  248M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  189M 0s
+ 27900K .......... .......... .......... .......... .......... 52% 52.2M 0s
+ 27950K .......... .......... .......... .......... .......... 52% 68.2M 0s
+ 28000K .......... .......... .......... .......... .......... 52% 74.2M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  118M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  203M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  206M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  214M 0s
+ 28250K .......... .......... .......... .......... .......... 52%  234M 0s
+ 28300K .......... .......... .......... .......... .......... 53%  107M 0s
+ 28350K .......... .......... .......... .......... .......... 53% 41.0M 0s
+ 28400K .......... .......... .......... .......... .......... 53% 39.2M 0s
+ 28450K .......... .......... .......... .......... .......... 53% 70.6M 0s
+ 28500K .......... .......... .......... .......... .......... 53% 83.9M 0s
+ 28550K .......... .......... .......... .......... .......... 53% 75.6M 0s
+ 28600K .......... .......... .......... .......... .......... 53% 88.3M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  211M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  214M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  251M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  250M 0s
+ 28850K .......... .......... .......... .......... .......... 54% 23.5M 0s
+ 28900K .......... .......... .......... .......... .......... 54% 64.5M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  130M 0s
+ 29000K .......... .......... .......... .......... .......... 54% 86.0M 0s
+ 29050K .......... .......... .......... .......... .......... 54% 82.3M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  132M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  233M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  198M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  250M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  224M 0s
+ 29350K .......... .......... .......... .......... .......... 55%  249M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  112M 0s
+ 29450K .......... .......... .......... .......... .......... 55% 75.3M 0s
+ 29500K .......... .......... .......... .......... .......... 55% 59.7M 0s
+ 29550K .......... .......... .......... .......... .......... 55% 69.6M 0s
+ 29600K .......... .......... .......... .......... .......... 55%  154M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  222M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  194M 0s
+ 29750K .......... .......... .......... .......... .......... 55% 77.4M 0s
+ 29800K .......... .......... .......... .......... .......... 55% 74.9M 0s
+ 29850K .......... .......... .......... .......... .......... 55% 68.6M 0s
+ 29900K .......... .......... .......... .......... .......... 56% 61.8M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  102M 0s
+ 30000K .......... .......... .......... .......... .......... 56% 63.8M 0s
+ 30050K .......... .......... .......... .......... .......... 56% 78.5M 0s
+ 30100K .......... .......... .......... .......... .......... 56% 69.1M 0s
+ 30150K .......... .......... .......... .......... .......... 56% 77.4M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  217M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  214M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  187M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  192M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  231M 0s
+ 30450K .......... .......... .......... .......... .......... 57%  246M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  221M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  243M 0s
+ 30600K .......... .......... .......... .......... .......... 57% 56.9M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  216M 0s
+ 30700K .......... .......... .......... .......... .......... 57% 17.8M 0s
+ 30750K .......... .......... .......... .......... .......... 57% 80.2M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  217M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  163M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  128M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  218M 0s
+ 31000K .......... .......... .......... .......... .......... 58%  237M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  240M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  201M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  198M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  234M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  242M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  226M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  214M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  240M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  256M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  257M 0s
+ 31550K .......... .......... .......... .......... .......... 59%  195M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  237M 0s
+ 31650K .......... .......... .......... .......... .......... 59%  247M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  242M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  195M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  190M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  228M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  190M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  213M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  213M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  242M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  239M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  211M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  223M 0s
+ 32250K .......... .......... .......... .......... .......... 60%  231M 0s
+ 32300K .......... .......... .......... .......... .......... 60%  245M 0s
+ 32350K .......... .......... .......... .......... .......... 60%  206M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  247M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  209M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  228M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  211M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  244M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  236M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  207M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  196M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  250M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  240M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  231M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  167M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  245M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  244M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  247M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  184M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  246M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  244M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  239M 0s
+ 33350K .......... .......... .......... .......... .......... 62%  203M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  241M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  243M 0s
+ 33500K .......... .......... .......... .......... .......... 62%  242M 0s
+ 33550K .......... .......... .......... .......... .......... 62%  208M 0s
+ 33600K .......... .......... .......... .......... .......... 63%  226M 0s
+ 33650K .......... .......... .......... .......... .......... 63%  234M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  243M 0s
+ 33750K .......... .......... .......... .......... .......... 63%  221M 0s
+ 33800K .......... .......... .......... .......... .......... 63%  233M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  210M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  245M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  205M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  252M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  229M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  230M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  230M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  248M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  193M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  189M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  210M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  217M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  213M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  223M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  124M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  193M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  184M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  195M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  208M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  211M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  209M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  200M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  131M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  210M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  193M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  207M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  145M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  187M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  184M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  199M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  177M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  206M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  188M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  202M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  188M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  214M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  195M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  203M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  178M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  218M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  196M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  201M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  192M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  214M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  190M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  198M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  179M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  212M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  196M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  208M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  170M 0s
+ 36400K .......... .......... .......... .......... .......... 68%  188M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  188M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  189M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  162M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  158M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  170M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  216M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  189M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  195M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  200M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  205M 0s
+ 36950K .......... .......... .......... .......... .......... 69%  181M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  202M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  210M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  201M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  192M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  199M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  208M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  180M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  161M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  162M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  202M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  211M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  195M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  189M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  201M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  208M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  182M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  196M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  208M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  215M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  186M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  189M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  204M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  212M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  181M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  198M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  206M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  213M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  193M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  197M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  210M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  184M 0s
+ 38550K .......... .......... .......... .......... .......... 72%  167M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  177M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  179M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  175M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  161M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  195M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  198M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  213M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  164M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  188M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  205M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  215M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  191M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  196M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  188M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  214M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  184M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  198M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  195M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  191M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  160M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  214M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  216M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  225M 0s
+ 39750K .......... .......... .......... .......... .......... 74%  169M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  198M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  212M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  217M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  193M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  196M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  206M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  214M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  182M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  201M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  212M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  217M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  196M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  208M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  171M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  214M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  214M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  180M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  165M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  206M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  160M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  169M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  164M 0s
+ 40900K .......... .......... .......... .......... .......... 76%  197M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  188M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  184M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  206M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  171M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  181M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  205M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  191M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  212M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  197M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  185M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  215M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  213M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  192M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  166M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  185M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  184M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  191M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  181M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  230M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  177M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  194M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  206M 0s
+ 42050K .......... .......... .......... .......... .......... 78%  207M 0s
+ 42100K .......... .......... .......... .......... .......... 78%  191M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  198M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  181M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  216M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  218M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  196M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  175M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  229M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  189M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  197M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  205M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  214M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  184M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  138M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  191M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  189M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  143M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  175M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  206M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  193M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  191M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  182M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  171M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  208M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  196M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  202M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  189M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  213M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  168M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  204M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  215M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  214M 0s
+ 43700K .......... .......... .......... .......... .......... 81% 43.2M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  153M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  138M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  153M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  127M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  204M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  197M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  158M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  153M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  208M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  212M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  178M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  173M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  213M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  205M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  193M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  180M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  213M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  212M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  194M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  153M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  196M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  190M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  163M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  155M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  208M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  174M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  180M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  179M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  216M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  184M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  204M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  194M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  214M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  165M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  206M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  213M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  198M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  155M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  198M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  204M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  208M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  168M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  202M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  211M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  206M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  176M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  204M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  214M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  208M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  164M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  197M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  215M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  215M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  176M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  201M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  213M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  210M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  166M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  199M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  213M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  217M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  125M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  206M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  238M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  223M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  155M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  196M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  221M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  253M 0s
+ 47200K .......... .......... .......... .......... .......... 88%  199M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  249M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  244M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  253M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  209M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  217M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  253M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  209M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  235M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  225M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  203M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  239M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  245M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  212M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  167M 0s
+ 47950K .......... .......... .......... .......... .......... 89%  235M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  235M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  215M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  194M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  239M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  233M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  245M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  187M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  209M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  245M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  240M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  219M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  218M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  225M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  241M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  204M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  249M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  214M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  222M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  216M 0s
+ 48950K .......... .......... .......... .......... .......... 91%  244M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  248M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  173M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  206M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  240M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  244M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  214M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  207M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  202M 0s
+ 49400K .......... .......... .......... .......... .......... 92%  206M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  186M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  198M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  251M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  253M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  245M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  192M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  245M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  244M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  232M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  163M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  237M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  231M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  245M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  219M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  208M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  244M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  224M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  187M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  187M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  223M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  211M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  222M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  245M 0s
+ 50600K .......... .......... .......... .......... .......... 94%  205M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  241M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  207M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  234M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  184M 0s
  50850K .......... .......... .......... .......... .......... 95%  245M 0s
- 50900K .......... .......... .......... .......... .......... 95%  258M 0s
- 50950K .......... .......... .......... .......... .......... 95%  220M 0s
- 51000K .......... .......... .......... .......... .......... 95%  262M 0s
- 51050K .......... .......... .......... .......... .......... 95% 38.3M 0s
- 51100K .......... .......... .......... .......... .......... 95%  257M 0s
- 51150K .......... .......... .......... .......... .......... 95%  230M 0s
- 51200K .......... .......... .......... .......... .......... 95%  222M 0s
- 51250K .......... .......... .......... .......... .......... 96%  244M 0s
- 51300K .......... .......... .......... .......... .......... 96%  252M 0s
- 51350K .......... .......... .......... .......... .......... 96%  235M 0s
- 51400K .......... .......... .......... .......... .......... 96%  263M 0s
- 51450K .......... .......... .......... .......... .......... 96%  226M 0s
- 51500K .......... .......... .......... .......... .......... 96% 31.9M 0s
- 51550K .......... .......... .......... .......... .......... 96% 38.7M 0s
- 51600K .......... .......... .......... .......... .......... 96%  261M 0s
- 51650K .......... .......... .......... .......... .......... 96%  240M 0s
- 51700K .......... .......... .......... .......... .......... 96%  211M 0s
- 51750K .......... .......... .......... .......... .......... 96%  232M 0s
- 51800K .......... .......... .......... .......... .......... 97%  257M 0s
- 51850K .......... .......... .......... .......... .......... 97%  245M 0s
- 51900K .......... .......... .......... .......... .......... 97% 52.6M 0s
- 51950K .......... .......... .......... .......... .......... 97% 91.3M 0s
- 52000K .......... .......... .......... .......... .......... 97%  252M 0s
- 52050K .......... .......... .......... .......... .......... 97% 44.4M 0s
- 52100K .......... .......... .......... .......... .......... 97% 73.6M 0s
- 52150K .......... .......... .......... .......... .......... 97%  229M 0s
- 52200K .......... .......... .......... .......... .......... 97%  250M 0s
- 52250K .......... .......... .......... .......... .......... 97%  208M 0s
- 52300K .......... .......... .......... .......... .......... 98% 51.5M 0s
- 52350K .......... .......... .......... .......... .......... 98%  117M 0s
- 52400K .......... .......... .......... .......... .......... 98%  258M 0s
- 52450K .......... .......... .......... .......... .......... 98%  226M 0s
- 52500K .......... .......... .......... .......... .......... 98%  240M 0s
- 52550K .......... .......... .......... .......... .......... 98%  241M 0s
- 52600K .......... .......... .......... .......... .......... 98%  252M 0s
- 52650K .......... .......... .......... .......... .......... 98%  222M 0s
- 52700K .......... .......... .......... .......... .......... 98%  262M 0s
- 52750K .......... .......... .......... .......... .......... 98%  238M 0s
- 52800K .......... .......... .......... .......... .......... 98% 19.5M 0s
- 52850K .......... .......... .......... .......... .......... 99%  194M 0s
- 52900K .......... .......... .......... .......... .......... 99%  260M 0s
- 52950K .......... .......... .......... .......... .......... 99%  239M 0s
- 53000K .......... .......... .......... .......... .......... 99%  247M 0s
- 53050K .......... .......... .......... .......... .......... 99%  203M 0s
- 53100K .......... .......... .......... .......... .......... 99%  259M 0s
- 53150K .......... .......... .......... .......... .......... 99%  262M 0s
- 53200K .......... .......... .......... .......... .......... 99% 82.0M 0s
- 53250K .......... .......... .......... .......... .......... 99%  208M 0s
- 53300K .......... .......... .......... .......... .......... 99%  255M 0s
- 53350K .......... .......... .......... .......... .......... 99%  241M 0s
- 53400K ...                                                   100% 62.0M=0.6s
+ 50900K .......... .......... .......... .......... .......... 95%  211M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  247M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  248M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  204M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  206M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  251M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  228M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  225M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  247M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  220M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  245M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  246M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  215M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  186M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  248M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  237M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  245M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  168M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  252M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  258M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  265M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  191M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  243M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  249M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  242M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  216M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  211M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  244M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  233M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  203M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  232M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  227M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  247M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  219M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  233M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  217M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  237M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  201M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  247M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  231M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  217M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  217M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  245M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  249M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  204M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  194M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  243M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  245M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  245M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  196M 0s
+ 53400K ...                                                   100% 6.31T=0.5s
 
-2024-11-06 09:43:31 (87.2 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.1’ saved [54685068/54685068]
+2024-11-11 09:54:00 (116 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.1’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -15255,8 +15297,8 @@ setuptools                             53.0.0                70.0.0    python
 urllib3                                1.26.5                1.26.17   python     GHSA-v845-jxx5-vc9f  Medium    
 urllib3                                1.26.5                1.26.18   python     GHSA-g4mx-q9vg-27p4  Medium    
 urllib3                                1.26.5                1.26.19   python     GHSA-34jh-p97f-mpxf  Medium
-+docker sbom quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
 +tee /tmp/sbom.txt
++docker sbom quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
 NAME                                                                         VERSION                                   TYPE      
 ./pkg/ipam                                                                   (devel)                                   go-module  
 PyGObject                                                                    3.40.1                                    python     
@@ -15633,86 +15675,86 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-c6ce05a09977: Mounted from noirolabs/aci-containers-host
-872027ec1967: Pushed
-e14f7ad4a3bc: Pushed
-a60a763b4539: Pushed
-31baa81b2201: Pushed
+7f45b8d50d39: Pushed
+1a6b532927e3: Mounted from noirolabs/aci-containers-host
+f1c707e0f21d: Pushed
+cc62eae4bf9b: Pushed
+964e630741a6: Pushed
+d242d05d20ef: Pushed
 797935172f32: Pushed
-2c2d764c30e5: Pushed
-6.0.4.4.81c2369: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+6.0.4.4.81c2369: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-31baa81b2201: Layer already exists
-c6ce05a09977: Layer already exists
-e14f7ad4a3bc: Layer already exists
-2c2d764c30e5: Layer already exists
-a60a763b4539: Layer already exists
+f1c707e0f21d: Layer already exists
+7f45b8d50d39: Layer already exists
+964e630741a6: Layer already exists
+1a6b532927e3: Layer already exists
+cc62eae4bf9b: Layer already exists
 797935172f32: Layer already exists
-872027ec1967: Layer already exists
-6.0.4.4.81c2369: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+d242d05d20ef: Layer already exists
+6.0.4.4.81c2369: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
 797935172f32: Waiting
-31baa81b2201: Layer already exists
-872027ec1967: Layer already exists
-a60a763b4539: Layer already exists
-2c2d764c30e5: Layer already exists
+d242d05d20ef: Waiting
+f1c707e0f21d: Layer already exists
+964e630741a6: Layer already exists
+cc62eae4bf9b: Layer already exists
+7f45b8d50d39: Layer already exists
+d242d05d20ef: Layer already exists
+1a6b532927e3: Layer already exists
 797935172f32: Layer already exists
-e14f7ad4a3bc: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369.110624.10022: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+6.0.4.4.81c2369.111124.10031: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-e14f7ad4a3bc: Layer already exists
-872027ec1967: Layer already exists
-c6ce05a09977: Layer already exists
-a60a763b4539: Layer already exists
-31baa81b2201: Layer already exists
+7f45b8d50d39: Layer already exists
+cc62eae4bf9b: Layer already exists
+964e630741a6: Layer already exists
+f1c707e0f21d: Layer already exists
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+1a6b532927e3: Layer already exists
+d242d05d20ef: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +docker login -u=[secure] -p=[secure] quay.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -15720,46 +15762,46 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-e14f7ad4a3bc: Mounted from noirolabs/aci-containers-controller
-31baa81b2201: Mounted from noirolabs/aci-containers-controller
-872027ec1967: Mounted from noirolabs/aci-containers-controller
-c6ce05a09977: Mounted from noiro/aci-containers-host
-2c2d764c30e5: Mounted from noirolabs/aci-containers-controller
+cc62eae4bf9b: Mounted from noirolabs/aci-containers-controller
+964e630741a6: Mounted from noirolabs/aci-containers-controller
+f1c707e0f21d: Mounted from noirolabs/aci-containers-controller
 797935172f32: Layer already exists
-a60a763b4539: Mounted from noirolabs/aci-containers-controller
-6.0.4.4.81c2369.110624.10022: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+7f45b8d50d39: Mounted from noirolabs/aci-containers-controller
+1a6b532927e3: Mounted from noiro/aci-containers-host
+d242d05d20ef: Mounted from noirolabs/aci-containers-controller
+6.0.4.4.81c2369.111124.10031: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-872027ec1967: Layer already exists
-e14f7ad4a3bc: Layer already exists
-31baa81b2201: Layer already exists
-a60a763b4539: Layer already exists
-c6ce05a09977: Layer already exists
+cc62eae4bf9b: Layer already exists
+7f45b8d50d39: Layer already exists
+d242d05d20ef: Layer already exists
+f1c707e0f21d: Layer already exists
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+964e630741a6: Layer already exists
+1a6b532927e3: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -15767,49 +15809,49 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-c6ce05a09977: Mounted from noiro/aci-containers-host
-872027ec1967: Pushed
+1a6b532927e3: Mounted from noiro/aci-containers-host
+7f45b8d50d39: Pushed
 797935172f32: Layer already exists
-e14f7ad4a3bc: Pushed
-a60a763b4539: Pushed
-31baa81b2201: Pushed
-2c2d764c30e5: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+f1c707e0f21d: Pushed
+cc62eae4bf9b: Pushed
+964e630741a6: Pushed
+d242d05d20ef: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 +docker tag quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369 docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/aci-containers-controller]
-a60a763b4539: Preparing
-872027ec1967: Preparing
-31baa81b2201: Preparing
-c6ce05a09977: Preparing
-e14f7ad4a3bc: Preparing
-2c2d764c30e5: Preparing
+cc62eae4bf9b: Preparing
+7f45b8d50d39: Preparing
+964e630741a6: Preparing
+1a6b532927e3: Preparing
+f1c707e0f21d: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-2c2d764c30e5: Waiting
+d242d05d20ef: Waiting
 797935172f32: Waiting
-a60a763b4539: Layer already exists
-872027ec1967: Layer already exists
-c6ce05a09977: Layer already exists
-31baa81b2201: Layer already exists
-e14f7ad4a3bc: Layer already exists
-2c2d764c30e5: Layer already exists
+f1c707e0f21d: Layer already exists
+7f45b8d50d39: Layer already exists
+cc62eae4bf9b: Layer already exists
+964e630741a6: Layer already exists
+1a6b532927e3: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f size: 1790
+6.0.4.4.81c2369.z: digest: sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b size: 1790
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-controller 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3 registry.access.redhat.com/ubi9/ubi:9.3
++IMAGE_SHA=sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-controller 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -15817,9 +15859,9 @@ e14f7ad4a3bc: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -15837,8 +15879,8 @@ e14f7ad4a3bc: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=aci-containers-controller
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -15857,43 +15899,86 @@ fatal: destination path 'cicd-status' already exists and is not an empty directo
 +add_artifacts
 +cd /tmp/cicd-status
 +git pull --rebase origin main
-error: cannot pull with rebase: You have unstaged changes.
-error: Please commit or stash them.
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-controller
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100  912k  100  912k    0     0  4339k      0 --:--:-- --:--:-- --:--:-- 4342k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  0  915k    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100  915k  100  915k    0     0  4834k      0 --:--:-- --:--:-- --:--:-- 4816k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
-Untagged: noiro/aci-containers-controller:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c
+Untagged: noiro/aci-containers-controller:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/aci-containers-controller:6.0.4.4.81c2369.z
-Untagged: noiro/aci-containers-controller@sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f
-Untagged: quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/aci-containers-controller@sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b
+Untagged: quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/aci-containers-controller@sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f
+Untagged: quay.io/noiro/aci-containers-controller@sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b
 Untagged: quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/aci-containers-controller:6.0.4.4.81c2369.z
-Untagged: quay.io/noirolabs/aci-containers-controller@sha256:53cf2fd9692747ae0a5ba5d2b6e549cd57738d33697352380018caf66853464f
-Deleted: sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
-+python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-controller 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
+Untagged: quay.io/noirolabs/aci-containers-controller@sha256:faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b
+Deleted: sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c
++python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-controller 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
-2024-11-06T09:45:25.227Z	[34mINFO[0m	Need to update DB
-2024-11-06T09:45:25.227Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
-2024-11-06T09:45:25.227Z	[34mINFO[0m	Downloading DB...
-2024-11-06T09:45:25.368Z	[31mFATAL[0m	init error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:
-	* GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 444.71µs, allowed: 44000/minute
+2024-11-11T09:55:59.039Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T09:55:59.039Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T09:55:59.039Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T09:55:59.039Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T09:56:27.805Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T09:56:27.805Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T09:56:28.010Z	[34mINFO[0m	Number of language-specific files: 3
+2024-11-11T09:56:28.010Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
+2024-11-11T09:56:28.040Z	[33mWARN[0m	version error ((devel)): malformed version: (devel)
+2024-11-11T09:56:28.040Z	[33mWARN[0m	version error ((devel)): malformed version: (devel)
+2024-11-11T09:56:28.040Z	[33mWARN[0m	version error ((devel)): malformed version: (devel)
+2024-11-11T09:56:28.040Z	[33mWARN[0m	version error ((devel)): malformed version: (devel)
+2024-11-11T09:56:28.040Z	[33mWARN[0m	version error ((devel)): malformed version: (devel)
++git_add_commit_push
++cd /tmp/cicd-status
++git config --local user.email test@cisco.com
++git config --local user.name travis-tagger
++git stash
+Saved working directory and index state WIP on main: fa885546 6.0.4.4.z-aci-containers-host-10031-2024-11-11_09:53:53
++git pull --rebase origin main
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
++git stash pop
+On branch main
+Your branch is up to date with 'origin/main'.
 
+Changes not staged for commit:
+  (use "git add <file>..." to update what will be committed)
+  (use "git restore <file>..." to discard changes in working directory)
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-cve.txt
+	modified:   docs/release_artifacts/releases.yaml
 
+no changes added to commit (use "git add" and/or "git commit -a")
+Dropped refs/stash@{0} (e8e0930b99cdcdfa554915002799e0125b7ba03e)
++git add .
++[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
+++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
++DOCKER_REPO_DIGEST_SHA=faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b
+++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/aci-containers-controller:6.0.4.4.81c2369.z
++QUAY_REPO_DIGEST_SHA=faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b
+++date +%F_%H:%M:%S
++git commit -a -m 6.0.4.4.z-aci-containers-controller-10031-2024-11-11_09:56:28 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:d41b18f31029b6ef87dfae4bc10861e387f12e8304049d495cff1644eb54533c' -m 'DockerSha: faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b' -m 'QuaySha: faa89ee4dc4792773b71d38de15e8d9177041f3a17eff50f7aed3c5f25fdcb5b'
+[main b50f5c4c] 6.0.4.4.z-aci-containers-controller-10031-2024-11-11_09:56:28
+ 3 files changed, 7997 insertions(+), 7146 deletions(-)
++git push origin main
+To https://github.com/noironetworks/cicd-status.git
+   fa885546..b50f5c4c  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ cnideploy != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs cnideploy 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs cnideploy 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -15901,9 +15986,9 @@ Deleted: sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -15918,9 +16003,9 @@ Deleted: sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=cnideploy
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/cnideploy:6.0.4.4.81c2369
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 +sh -s -- -b /tmp
@@ -15935,1087 +16020,1087 @@ Deleted: sha256:df6f1e78129c7e96b72b86771962258e5818f1c24919954572c621c8436f81c3
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:45:30--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+--2024-11-11 09:56:34--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
 Resolving github.com (github.com)... 140.82.113.4
 Connecting to github.com (github.com)|140.82.113.4|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133, ...
-Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
+Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.2’
 
-     0K .......... .......... .......... .......... ..........  0% 3.35M 16s
-    50K .......... .......... .......... .......... ..........  0% 3.71M 15s
-   100K .......... .......... .......... .......... ..........  0% 14.8M 11s
-   150K .......... .......... .......... .......... ..........  0% 22.1M 9s
-   200K .......... .......... .......... .......... ..........  0% 6.28M 9s
-   250K .......... .......... .......... .......... ..........  0% 32.4M 8s
-   300K .......... .......... .......... .......... ..........  0% 22.7M 7s
-   350K .......... .......... .......... .......... ..........  0% 28.0M 6s
-   400K .......... .......... .......... .......... ..........  0% 44.3M 6s
-   450K .......... .......... .......... .......... ..........  0% 7.63M 6s
-   500K .......... .......... .......... .......... ..........  1%  105M 5s
-   550K .......... .......... .......... .......... ..........  1% 29.2M 5s
-   600K .......... .......... .......... .......... ..........  1% 52.6M 5s
-   650K .......... .......... .......... .......... ..........  1% 44.5M 4s
-   700K .......... .......... .......... .......... ..........  1% 51.6M 4s
-   750K .......... .......... .......... .......... ..........  1%  167M 4s
-   800K .......... .......... .......... .......... ..........  1% 76.9M 4s
-   850K .......... .......... .......... .......... ..........  1% 48.1M 4s
-   900K .......... .......... .......... .......... ..........  1% 66.1M 3s
-   950K .......... .......... .......... .......... ..........  1%  250M 3s
-  1000K .......... .......... .......... .......... ..........  1% 8.57M 3s
-  1050K .......... .......... .......... .......... ..........  2%  235M 3s
-  1100K .......... .......... .......... .......... ..........  2% 28.2M 3s
-  1150K .......... .......... .......... .......... ..........  2%  230M 3s
-  1200K .......... .......... .......... .......... ..........  2%  260M 3s
-  1250K .......... .......... .......... .......... ..........  2% 57.1M 3s
-  1300K .......... .......... .......... .......... ..........  2% 88.5M 3s
-  1350K .......... .......... .......... .......... ..........  2%  117M 3s
-  1400K .......... .......... .......... .......... ..........  2% 94.0M 3s
-  1450K .......... .......... .......... .......... ..........  2% 77.2M 3s
-  1500K .......... .......... .......... .......... ..........  2%  133M 2s
-  1550K .......... .......... .......... .......... ..........  2%  238M 2s
-  1600K .......... .......... .......... .......... ..........  3%  245M 2s
-  1650K .......... .......... .......... .......... ..........  3% 82.4M 2s
-  1700K .......... .......... .......... .......... ..........  3% 54.5M 2s
-  1750K .......... .......... .......... .......... ..........  3% 60.9M 2s
-  1800K .......... .......... .......... .......... ..........  3% 88.7M 2s
-  1850K .......... .......... .......... .......... ..........  3% 75.5M 2s
-  1900K .......... .......... .......... .......... ..........  3%  129M 2s
-  1950K .......... .......... .......... .......... ..........  3%  250M 2s
-  2000K .......... .......... .......... .......... ..........  3% 15.4M 2s
-  2050K .......... .......... .......... .......... ..........  3%  244M 2s
-  2100K .......... .......... .......... .......... ..........  4%  164M 2s
-  2150K .......... .......... .......... .......... ..........  4%  191M 2s
-  2200K .......... .......... .......... .......... ..........  4% 69.3M 2s
-  2250K .......... .......... .......... .......... ..........  4% 57.2M 2s
-  2300K .......... .......... .......... .......... ..........  4% 67.7M 2s
-  2350K .......... .......... .......... .......... ..........  4% 89.0M 2s
-  2400K .......... .......... .......... .......... ..........  4%  202M 2s
-  2450K .......... .......... .......... .......... ..........  4%  237M 2s
-  2500K .......... .......... .......... .......... ..........  4%  226M 2s
-  2550K .......... .......... .......... .......... ..........  4%  139M 2s
-  2600K .......... .......... .......... .......... ..........  4% 65.8M 2s
-  2650K .......... .......... .......... .......... ..........  5% 57.2M 2s
-  2700K .......... .......... .......... .......... ..........  5% 83.5M 2s
-  2750K .......... .......... .......... .......... ..........  5%  133M 2s
-  2800K .......... .......... .......... .......... ..........  5%  217M 2s
-  2850K .......... .......... .......... .......... ..........  5%  227M 2s
-  2900K .......... .......... .......... .......... ..........  5%  188M 2s
-  2950K .......... .......... .......... .......... ..........  5%  125M 1s
-  3000K .......... .......... .......... .......... ..........  5%  100M 1s
-  3050K .......... .......... .......... .......... ..........  5% 88.6M 1s
-  3100K .......... .......... .......... .......... ..........  5%  195M 1s
-  3150K .......... .......... .......... .......... ..........  5%  248M 1s
-  3200K .......... .......... .......... .......... ..........  6%  257M 1s
-  3250K .......... .......... .......... .......... ..........  6%  259M 1s
-  3300K .......... .......... .......... .......... ..........  6%  116M 1s
-  3350K .......... .......... .......... .......... ..........  6%  110M 1s
-  3400K .......... .......... .......... .......... ..........  6% 28.3M 1s
-  3450K .......... .......... .......... .......... ..........  6% 82.8M 1s
-  3500K .......... .......... .......... .......... ..........  6% 99.6M 1s
-  3550K .......... .......... .......... .......... ..........  6% 97.2M 1s
-  3600K .......... .......... .......... .......... ..........  6%  116M 1s
-  3650K .......... .......... .......... .......... ..........  6% 75.7M 1s
-  3700K .......... .......... .......... .......... ..........  7%  109M 1s
-  3750K .......... .......... .......... .......... ..........  7%  116M 1s
-  3800K .......... .......... .......... .......... ..........  7% 85.6M 1s
-  3850K .......... .......... .......... .......... ..........  7%  118M 1s
-  3900K .......... .......... .......... .......... ..........  7% 78.4M 1s
-  3950K .......... .......... .......... .......... ..........  7%  140M 1s
-  4000K .......... .......... .......... .......... ..........  7%  225M 1s
-  4050K .......... .......... .......... .......... ..........  7%  227M 1s
-  4100K .......... .......... .......... .......... ..........  7%  178M 1s
-  4150K .......... .......... .......... .......... ..........  7%  235M 1s
-  4200K .......... .......... .......... .......... ..........  7%  208M 1s
-  4250K .......... .......... .......... .......... ..........  8%  234M 1s
-  4300K .......... .......... .......... .......... ..........  8%  192M 1s
-  4350K .......... .......... .......... .......... ..........  8%  228M 1s
-  4400K .......... .......... .......... .......... ..........  8%  245M 1s
-  4450K .......... .......... .......... .......... ..........  8% 29.7M 1s
-  4500K .......... .......... .......... .......... ..........  8%  115M 1s
-  4550K .......... .......... .......... .......... ..........  8% 37.1M 1s
-  4600K .......... .......... .......... .......... ..........  8% 87.7M 1s
-  4650K .......... .......... .......... .......... ..........  8% 71.1M 1s
-  4700K .......... .......... .......... .......... ..........  8% 63.9M 1s
-  4750K .......... .......... .......... .......... ..........  8% 84.0M 1s
-  4800K .......... .......... .......... .......... ..........  9% 77.1M 1s
-  4850K .......... .......... .......... .......... ..........  9%  102M 1s
-  4900K .......... .......... .......... .......... ..........  9% 86.5M 1s
-  4950K .......... .......... .......... .......... ..........  9%  124M 1s
-  5000K .......... .......... .......... .......... ..........  9%  230M 1s
-  5050K .......... .......... .......... .......... ..........  9%  256M 1s
-  5100K .......... .......... .......... .......... ..........  9%  136M 1s
-  5150K .......... .......... .......... .......... ..........  9%  228M 1s
-  5200K .......... .......... .......... .......... ..........  9%  238M 1s
-  5250K .......... .......... .......... .......... ..........  9%  243M 1s
-  5300K .......... .......... .......... .......... .......... 10%  221M 1s
-  5350K .......... .......... .......... .......... .......... 10%  252M 1s
-  5400K .......... .......... .......... .......... .......... 10%  257M 1s
-  5450K .......... .......... .......... .......... .......... 10% 45.6M 1s
-  5500K .......... .......... .......... .......... .......... 10%  108M 1s
-  5550K .......... .......... .......... .......... .......... 10% 99.2M 1s
-  5600K .......... .......... .......... .......... .......... 10%  114M 1s
-  5650K .......... .......... .......... .......... .......... 10% 81.0M 1s
-  5700K .......... .......... .......... .......... .......... 10% 67.3M 1s
-  5750K .......... .......... .......... .......... .......... 10% 73.2M 1s
-  5800K .......... .......... .......... .......... .......... 10% 74.1M 1s
-  5850K .......... .......... .......... .......... .......... 11%  131M 1s
-  5900K .......... .......... .......... .......... .......... 11%  208M 1s
-  5950K .......... .......... .......... .......... .......... 11%  264M 1s
-  6000K .......... .......... .......... .......... .......... 11%  145M 1s
-  6050K .......... .......... .......... .......... .......... 11% 52.5M 1s
-  6100K .......... .......... .......... .......... .......... 11%  219M 1s
+     0K .......... .......... .......... .......... ..........  0% 4.37M 12s
+    50K .......... .......... .......... .......... ..........  0% 4.67M 12s
+   100K .......... .......... .......... .......... ..........  0% 26.1M 8s
+   150K .......... .......... .......... .......... ..........  0% 23.7M 7s
+   200K .......... .......... .......... .......... ..........  0% 6.74M 7s
+   250K .......... .......... .......... .......... ..........  0% 42.7M 6s
+   300K .......... .......... .......... .......... ..........  0% 91.3M 5s
+   350K .......... .......... .......... .......... ..........  0% 34.9M 5s
+   400K .......... .......... .......... .......... ..........  0% 28.4M 4s
+   450K .......... .......... .......... .......... ..........  0% 9.67M 5s
+   500K .......... .......... .......... .......... ..........  1% 72.6M 4s
+   550K .......... .......... .......... .......... ..........  1% 36.1M 4s
+   600K .......... .......... .......... .......... ..........  1% 35.1M 4s
+   650K .......... .......... .......... .......... ..........  1%  192M 3s
+   700K .......... .......... .......... .......... ..........  1%  240M 3s
+   750K .......... .......... .......... .......... ..........  1% 83.2M 3s
+   800K .......... .......... .......... .......... ..........  1% 72.7M 3s
+   850K .......... .......... .......... .......... ..........  1% 94.0M 3s
+   900K .......... .......... .......... .......... ..........  1% 66.8M 3s
+   950K .......... .......... .......... .......... ..........  1% 83.6M 3s
+  1000K .......... .......... .......... .......... ..........  1% 11.5M 3s
+  1050K .......... .......... .......... .......... ..........  2%  192M 3s
+  1100K .......... .......... .......... .......... ..........  2% 38.8M 3s
+  1150K .......... .......... .......... .......... ..........  2%  177M 2s
+  1200K .......... .......... .......... .......... ..........  2% 89.3M 2s
+  1250K .......... .......... .......... .......... ..........  2% 81.2M 2s
+  1300K .......... .......... .......... .......... ..........  2%  218M 2s
+  1350K .......... .......... .......... .......... ..........  2%  249M 2s
+  1400K .......... .......... .......... .......... ..........  2% 93.4M 2s
+  1450K .......... .......... .......... .......... ..........  2% 83.4M 2s
+  1500K .......... .......... .......... .......... ..........  2% 63.2M 2s
+  1550K .......... .......... .......... .......... ..........  2% 92.8M 2s
+  1600K .......... .......... .......... .......... ..........  3% 91.8M 2s
+  1650K .......... .......... .......... .......... ..........  3% 80.3M 2s
+  1700K .......... .......... .......... .......... ..........  3% 73.4M 2s
+  1750K .......... .......... .......... .......... ..........  3%  137M 2s
+  1800K .......... .......... .......... .......... ..........  3%  222M 2s
+  1850K .......... .......... .......... .......... ..........  3%  223M 2s
+  1900K .......... .......... .......... .......... ..........  3%  184M 2s
+  1950K .......... .......... .......... .......... ..........  3%  243M 2s
+  2000K .......... .......... .......... .......... ..........  3% 26.3M 2s
+  2050K .......... .......... .......... .......... ..........  3%  104M 2s
+  2100K .......... .......... .......... .......... ..........  4%  184M 2s
+  2150K .......... .......... .......... .......... ..........  4% 72.3M 2s
+  2200K .......... .......... .......... .......... ..........  4%  219M 2s
+  2250K .......... .......... .......... .......... ..........  4%  208M 1s
+  2300K .......... .......... .......... .......... ..........  4%  211M 1s
+  2350K .......... .......... .......... .......... ..........  4% 87.8M 1s
+  2400K .......... .......... .......... .......... ..........  4%  211M 1s
+  2450K .......... .......... .......... .......... ..........  4%  169M 1s
+  2500K .......... .......... .......... .......... ..........  4%  193M 1s
+  2550K .......... .......... .......... .......... ..........  4%  196M 1s
+  2600K .......... .......... .......... .......... ..........  4%  213M 1s
+  2650K .......... .......... .......... .......... ..........  5%  192M 1s
+  2700K .......... .......... .......... .......... ..........  5%  242M 1s
+  2750K .......... .......... .......... .......... ..........  5% 45.6M 1s
+  2800K .......... .......... .......... .......... ..........  5% 76.7M 1s
+  2850K .......... .......... .......... .......... ..........  5% 66.4M 1s
+  2900K .......... .......... .......... .......... ..........  5% 72.5M 1s
+  2950K .......... .......... .......... .......... ..........  5%  110M 1s
+  3000K .......... .......... .......... .......... ..........  5%  253M 1s
+  3050K .......... .......... .......... .......... ..........  5%  220M 1s
+  3100K .......... .......... .......... .......... ..........  5% 74.1M 1s
+  3150K .......... .......... .......... .......... ..........  5% 74.2M 1s
+  3200K .......... .......... .......... .......... ..........  6% 79.7M 1s
+  3250K .......... .......... .......... .......... ..........  6% 75.6M 1s
+  3300K .......... .......... .......... .......... ..........  6% 90.4M 1s
+  3350K .......... .......... .......... .......... ..........  6% 98.2M 1s
+  3400K .......... .......... .......... .......... ..........  6%  128M 1s
+  3450K .......... .......... .......... .......... ..........  6% 80.2M 1s
+  3500K .......... .......... .......... .......... ..........  6% 95.4M 1s
+  3550K .......... .......... .......... .......... ..........  6% 77.0M 1s
+  3600K .......... .......... .......... .......... ..........  6% 92.1M 1s
+  3650K .......... .......... .......... .......... ..........  6% 93.1M 1s
+  3700K .......... .......... .......... .......... ..........  7% 88.7M 1s
+  3750K .......... .......... .......... .......... ..........  7% 85.1M 1s
+  3800K .......... .......... .......... .......... ..........  7%  108M 1s
+  3850K .......... .......... .......... .......... ..........  7%  196M 1s
+  3900K .......... .......... .......... .......... ..........  7%  236M 1s
+  3950K .......... .......... .......... .......... ..........  7%  170M 1s
+  4000K .......... .......... .......... .......... ..........  7%  246M 1s
+  4050K .......... .......... .......... .......... ..........  7%  253M 1s
+  4100K .......... .......... .......... .......... ..........  7%  250M 1s
+  4150K .......... .......... .......... .......... ..........  7%  226M 1s
+  4200K .......... .......... .......... .......... ..........  7% 71.6M 1s
+  4250K .......... .......... .......... .......... ..........  8%  246M 1s
+  4300K .......... .......... .......... .......... ..........  8%  251M 1s
+  4350K .......... .......... .......... .......... ..........  8% 46.6M 1s
+  4400K .......... .......... .......... .......... ..........  8% 29.9M 1s
+  4450K .......... .......... .......... .......... ..........  8% 79.2M 1s
+  4500K .......... .......... .......... .......... ..........  8% 92.8M 1s
+  4550K .......... .......... .......... .......... ..........  8%  107M 1s
+  4600K .......... .......... .......... .......... ..........  8% 75.9M 1s
+  4650K .......... .......... .......... .......... ..........  8%  103M 1s
+  4700K .......... .......... .......... .......... ..........  8% 70.0M 1s
+  4750K .......... .......... .......... .......... ..........  8% 62.1M 1s
+  4800K .......... .......... .......... .......... ..........  9% 74.9M 1s
+  4850K .......... .......... .......... .......... ..........  9%  120M 1s
+  4900K .......... .......... .......... .......... ..........  9%  219M 1s
+  4950K .......... .......... .......... .......... ..........  9%  226M 1s
+  5000K .......... .......... .......... .......... ..........  9%  213M 1s
+  5050K .......... .......... .......... .......... ..........  9%  238M 1s
+  5100K .......... .......... .......... .......... ..........  9%  253M 1s
+  5150K .......... .......... .......... .......... ..........  9% 43.3M 1s
+  5200K .......... .......... .......... .......... ..........  9%  225M 1s
+  5250K .......... .......... .......... .......... ..........  9%  252M 1s
+  5300K .......... .......... .......... .......... .......... 10% 33.4M 1s
+  5350K .......... .......... .......... .......... .......... 10% 66.6M 1s
+  5400K .......... .......... .......... .......... .......... 10% 94.1M 1s
+  5450K .......... .......... .......... .......... .......... 10% 65.3M 1s
+  5500K .......... .......... .......... .......... .......... 10%  165M 1s
+  5550K .......... .......... .......... .......... .......... 10% 70.2M 1s
+  5600K .......... .......... .......... .......... .......... 10% 72.9M 1s
+  5650K .......... .......... .......... .......... .......... 10% 80.0M 1s
+  5700K .......... .......... .......... .......... .......... 10%  118M 1s
+  5750K .......... .......... .......... .......... .......... 10%  225M 1s
+  5800K .......... .......... .......... .......... .......... 10%  212M 1s
+  5850K .......... .......... .......... .......... .......... 11%  250M 1s
+  5900K .......... .......... .......... .......... .......... 11%  254M 1s
+  5950K .......... .......... .......... .......... .......... 11%  219M 1s
+  6000K .......... .......... .......... .......... .......... 11%  259M 1s
+  6050K .......... .......... .......... .......... .......... 11%  142M 1s
+  6100K .......... .......... .......... .......... .......... 11% 78.9M 1s
   6150K .......... .......... .......... .......... .......... 11% 81.5M 1s
-  6200K .......... .......... .......... .......... .......... 11% 80.0M 1s
-  6250K .......... .......... .......... .......... .......... 11% 84.5M 1s
-  6300K .......... .......... .......... .......... .......... 11% 78.1M 1s
-  6350K .......... .......... .......... .......... .......... 11% 80.8M 1s
-  6400K .......... .......... .......... .......... .......... 12%  215M 1s
-  6450K .......... .......... .......... .......... .......... 12%  243M 1s
-  6500K .......... .......... .......... .......... .......... 12%  221M 1s
-  6550K .......... .......... .......... .......... .......... 12%  239M 1s
-  6600K .......... .......... .......... .......... .......... 12%  265M 1s
-  6650K .......... .......... .......... .......... .......... 12%  249M 1s
-  6700K .......... .......... .......... .......... .......... 12%  217M 1s
-  6750K .......... .......... .......... .......... .......... 12%  242M 1s
-  6800K .......... .......... .......... .......... .......... 12% 78.0M 1s
-  6850K .......... .......... .......... .......... .......... 12% 90.3M 1s
-  6900K .......... .......... .......... .......... .......... 13% 68.3M 1s
-  6950K .......... .......... .......... .......... .......... 13% 90.6M 1s
-  7000K .......... .......... .......... .......... .......... 13% 78.6M 1s
-  7050K .......... .......... .......... .......... .......... 13% 73.1M 1s
-  7100K .......... .......... .......... .......... .......... 13%  104M 1s
-  7150K .......... .......... .......... .......... .......... 13%  224M 1s
-  7200K .......... .......... .......... .......... .......... 13%  225M 1s
-  7250K .......... .......... .......... .......... .......... 13%  243M 1s
-  7300K .......... .......... .......... .......... .......... 13% 28.4M 1s
-  7350K .......... .......... .......... .......... .......... 13% 76.0M 1s
-  7400K .......... .......... .......... .......... .......... 13% 86.4M 1s
-  7450K .......... .......... .......... .......... .......... 14%  109M 1s
-  7500K .......... .......... .......... .......... .......... 14% 56.5M 1s
-  7550K .......... .......... .......... .......... .......... 14% 76.7M 1s
-  7600K .......... .......... .......... .......... .......... 14% 76.7M 1s
-  7650K .......... .......... .......... .......... .......... 14% 75.5M 1s
-  7700K .......... .......... .......... .......... .......... 14%  193M 1s
-  7750K .......... .......... .......... .......... .......... 14%  252M 1s
-  7800K .......... .......... .......... .......... .......... 14%  251M 1s
-  7850K .......... .......... .......... .......... .......... 14%  234M 1s
-  7900K .......... .......... .......... .......... .......... 14% 56.1M 1s
-  7950K .......... .......... .......... .......... .......... 14% 51.8M 1s
-  8000K .......... .......... .......... .......... .......... 15%  224M 1s
-  8050K .......... .......... .......... .......... .......... 15%  231M 1s
-  8100K .......... .......... .......... .......... .......... 15% 80.2M 1s
-  8150K .......... .......... .......... .......... .......... 15% 69.5M 1s
-  8200K .......... .......... .......... .......... .......... 15% 95.5M 1s
-  8250K .......... .......... .......... .......... .......... 15% 80.4M 1s
-  8300K .......... .......... .......... .......... .......... 15% 58.0M 1s
-  8350K .......... .......... .......... .......... .......... 15%  177M 1s
-  8400K .......... .......... .......... .......... .......... 15% 81.8M 1s
-  8450K .......... .......... .......... .......... .......... 15%  110M 1s
-  8500K .......... .......... .......... .......... .......... 16%  228M 1s
-  8550K .......... .......... .......... .......... .......... 16%  236M 1s
-  8600K .......... .......... .......... .......... .......... 16%  260M 1s
-  8650K .......... .......... .......... .......... .......... 16%  258M 1s
-  8700K .......... .......... .......... .......... .......... 16%  210M 1s
-  8750K .......... .......... .......... .......... .......... 16%  249M 1s
-  8800K .......... .......... .......... .......... .......... 16%  138M 1s
-  8850K .......... .......... .......... .......... .......... 16% 87.9M 1s
-  8900K .......... .......... .......... .......... .......... 16% 64.9M 1s
-  8950K .......... .......... .......... .......... .......... 16% 73.1M 1s
-  9000K .......... .......... .......... .......... .......... 16%  130M 1s
-  9050K .......... .......... .......... .......... .......... 17%  245M 1s
-  9100K .......... .......... .......... .......... .......... 17%  214M 1s
-  9150K .......... .......... .......... .......... .......... 17% 70.1M 1s
-  9200K .......... .......... .......... .......... .......... 17% 94.2M 1s
-  9250K .......... .......... .......... .......... .......... 17% 80.9M 1s
-  9300K .......... .......... .......... .......... .......... 17% 56.1M 1s
-  9350K .......... .......... .......... .......... .......... 17% 77.9M 1s
-  9400K .......... .......... .......... .......... .......... 17%  109M 1s
-  9450K .......... .......... .......... .......... .......... 17% 87.3M 1s
-  9500K .......... .......... .......... .......... .......... 17% 66.5M 1s
-  9550K .......... .......... .......... .......... .......... 17% 76.0M 1s
-  9600K .......... .......... .......... .......... .......... 18%  111M 1s
-  9650K .......... .......... .......... .......... .......... 18% 80.8M 1s
-  9700K .......... .......... .......... .......... .......... 18% 82.5M 1s
-  9750K .......... .......... .......... .......... .......... 18%  230M 1s
+  6200K .......... .......... .......... .......... .......... 11%  249M 1s
+  6250K .......... .......... .......... .......... .......... 11%  253M 1s
+  6300K .......... .......... .......... .......... .......... 11%  115M 1s
+  6350K .......... .......... .......... .......... .......... 11% 79.8M 1s
+  6400K .......... .......... .......... .......... .......... 12% 77.1M 1s
+  6450K .......... .......... .......... .......... .......... 12% 87.6M 1s
+  6500K .......... .......... .......... .......... .......... 12% 73.7M 1s
+  6550K .......... .......... .......... .......... .......... 12% 73.9M 1s
+  6600K .......... .......... .......... .......... .......... 12%  147M 1s
+  6650K .......... .......... .......... .......... .......... 12% 92.6M 1s
+  6700K .......... .......... .......... .......... .......... 12% 91.7M 1s
+  6750K .......... .......... .......... .......... .......... 12% 62.7M 1s
+  6800K .......... .......... .......... .......... .......... 12% 77.3M 1s
+  6850K .......... .......... .......... .......... .......... 12%  135M 1s
+  6900K .......... .......... .......... .......... .......... 13%  254M 1s
+  6950K .......... .......... .......... .......... .......... 13%  229M 1s
+  7000K .......... .......... .......... .......... .......... 13%  222M 1s
+  7050K .......... .......... .......... .......... .......... 13%  244M 1s
+  7100K .......... .......... .......... .......... .......... 13%  255M 1s
+  7150K .......... .......... .......... .......... .......... 13%  211M 1s
+  7200K .......... .......... .......... .......... .......... 13%  193M 1s
+  7250K .......... .......... .......... .......... .......... 13%  107M 1s
+  7300K .......... .......... .......... .......... .......... 13%  255M 1s
+  7350K .......... .......... .......... .......... .......... 13%  206M 1s
+  7400K .......... .......... .......... .......... .......... 13% 94.9M 1s
+  7450K .......... .......... .......... .......... .......... 14% 39.8M 1s
+  7500K .......... .......... .......... .......... .......... 14% 88.2M 1s
+  7550K .......... .......... .......... .......... .......... 14% 77.8M 1s
+  7600K .......... .......... .......... .......... .......... 14% 84.4M 1s
+  7650K .......... .......... .......... .......... .......... 14%  119M 1s
+  7700K .......... .......... .......... .......... .......... 14% 71.6M 1s
+  7750K .......... .......... .......... .......... .......... 14% 62.6M 1s
+  7800K .......... .......... .......... .......... .......... 14% 83.4M 1s
+  7850K .......... .......... .......... .......... .......... 14%  112M 1s
+  7900K .......... .......... .......... .......... .......... 14% 68.0M 1s
+  7950K .......... .......... .......... .......... .......... 14% 75.0M 1s
+  8000K .......... .......... .......... .......... .......... 15% 73.0M 1s
+  8050K .......... .......... .......... .......... .......... 15%  234M 1s
+  8100K .......... .......... .......... .......... .......... 15%  251M 1s
+  8150K .......... .......... .......... .......... .......... 15%  209M 1s
+  8200K .......... .......... .......... .......... .......... 15%  244M 1s
+  8250K .......... .......... .......... .......... .......... 15%  252M 1s
+  8300K .......... .......... .......... .......... .......... 15%  228M 1s
+  8350K .......... .......... .......... .......... .......... 15%  215M 1s
+  8400K .......... .......... .......... .......... .......... 15%  102M 1s
+  8450K .......... .......... .......... .......... .......... 15%  127M 1s
+  8500K .......... .......... .......... .......... .......... 16%  115M 1s
+  8550K .......... .......... .......... .......... .......... 16% 20.6M 1s
+  8600K .......... .......... .......... .......... .......... 16%  155M 1s
+  8650K .......... .......... .......... .......... .......... 16% 85.0M 1s
+  8700K .......... .......... .......... .......... .......... 16% 89.9M 1s
+  8750K .......... .......... .......... .......... .......... 16%  101M 1s
+  8800K .......... .......... .......... .......... .......... 16%  253M 1s
+  8850K .......... .......... .......... .......... .......... 16%  256M 1s
+  8900K .......... .......... .......... .......... .......... 16%  147M 1s
+  8950K .......... .......... .......... .......... .......... 16% 47.9M 1s
+  9000K .......... .......... .......... .......... .......... 16% 65.9M 1s
+  9050K .......... .......... .......... .......... .......... 17% 72.7M 1s
+  9100K .......... .......... .......... .......... .......... 17% 76.8M 1s
+  9150K .......... .......... .......... .......... .......... 17%  103M 1s
+  9200K .......... .......... .......... .......... .......... 17%  237M 1s
+  9250K .......... .......... .......... .......... .......... 17%  193M 1s
+  9300K .......... .......... .......... .......... .......... 17%  230M 1s
+  9350K .......... .......... .......... .......... .......... 17%  129M 1s
+  9400K .......... .......... .......... .......... .......... 17%  252M 1s
+  9450K .......... .......... .......... .......... .......... 17% 84.6M 1s
+  9500K .......... .......... .......... .......... .......... 17% 60.7M 1s
+  9550K .......... .......... .......... .......... .......... 17% 65.8M 1s
+  9600K .......... .......... .......... .......... .......... 18%  120M 1s
+  9650K .......... .......... .......... .......... .......... 18%  250M 1s
+  9700K .......... .......... .......... .......... .......... 18%  230M 1s
+  9750K .......... .......... .......... .......... .......... 18%  202M 1s
   9800K .......... .......... .......... .......... .......... 18%  254M 1s
-  9850K .......... .......... .......... .......... .......... 18%  258M 1s
-  9900K .......... .......... .......... .......... .......... 18% 87.1M 1s
-  9950K .......... .......... .......... .......... .......... 18%  157M 1s
- 10000K .......... .......... .......... .......... .......... 18%  248M 1s
- 10050K .......... .......... .......... .......... .......... 18%  233M 1s
- 10100K .......... .......... .......... .......... .......... 19% 39.8M 1s
- 10150K .......... .......... .......... .......... .......... 19% 62.2M 1s
- 10200K .......... .......... .......... .......... .......... 19% 72.4M 1s
- 10250K .......... .......... .......... .......... .......... 19% 99.7M 1s
- 10300K .......... .......... .......... .......... .......... 19% 63.9M 1s
- 10350K .......... .......... .......... .......... .......... 19%  236M 1s
- 10400K .......... .......... .......... .......... .......... 19%  244M 1s
- 10450K .......... .......... .......... .......... .......... 19%  261M 1s
- 10500K .......... .......... .......... .......... .......... 19%  231M 1s
- 10550K .......... .......... .......... .......... .......... 19%  103M 1s
- 10600K .......... .......... .......... .......... .......... 19%  105M 1s
- 10650K .......... .......... .......... .......... .......... 20% 72.2M 1s
- 10700K .......... .......... .......... .......... .......... 20% 65.3M 1s
- 10750K .......... .......... .......... .......... .......... 20% 84.8M 1s
- 10800K .......... .......... .......... .......... .......... 20% 83.8M 1s
- 10850K .......... .......... .......... .......... .......... 20%  161M 1s
- 10900K .......... .......... .......... .......... .......... 20%  226M 1s
- 10950K .......... .......... .......... .......... .......... 20%  140M 1s
- 11000K .......... .......... .......... .......... .......... 20% 83.5M 1s
- 11050K .......... .......... .......... .......... .......... 20% 79.0M 1s
- 11100K .......... .......... .......... .......... .......... 20% 57.8M 1s
- 11150K .......... .......... .......... .......... .......... 20%  232M 1s
- 11200K .......... .......... .......... .......... .......... 21%  251M 1s
- 11250K .......... .......... .......... .......... .......... 21%  255M 1s
- 11300K .......... .......... .......... .......... .......... 21% 73.6M 1s
- 11350K .......... .......... .......... .......... .......... 21% 49.5M 1s
- 11400K .......... .......... .......... .......... .......... 21% 75.7M 1s
- 11450K .......... .......... .......... .......... .......... 21% 94.5M 1s
- 11500K .......... .......... .......... .......... .......... 21% 76.3M 1s
- 11550K .......... .......... .......... .......... .......... 21%  113M 1s
- 11600K .......... .......... .......... .......... .......... 21% 67.3M 1s
- 11650K .......... .......... .......... .......... .......... 21% 95.0M 1s
- 11700K .......... .......... .......... .......... .......... 22%  100M 1s
- 11750K .......... .......... .......... .......... .......... 22%  244M 1s
- 11800K .......... .......... .......... .......... .......... 22%  247M 1s
- 11850K .......... .......... .......... .......... .......... 22%  230M 1s
- 11900K .......... .......... .......... .......... .......... 22%  206M 1s
- 11950K .......... .......... .......... .......... .......... 22%  254M 1s
- 12000K .......... .......... .......... .......... .......... 22%  258M 1s
- 12050K .......... .......... .......... .......... .......... 22%  174M 1s
- 12100K .......... .......... .......... .......... .......... 22%  100M 1s
- 12150K .......... .......... .......... .......... .......... 22% 76.1M 1s
- 12200K .......... .......... .......... .......... .......... 22% 89.4M 1s
- 12250K .......... .......... .......... .......... .......... 23% 94.6M 1s
- 12300K .......... .......... .......... .......... .......... 23% 61.3M 1s
- 12350K .......... .......... .......... .......... .......... 23% 80.5M 1s
- 12400K .......... .......... .......... .......... .......... 23% 70.5M 1s
- 12450K .......... .......... .......... .......... .......... 23%  115M 1s
- 12500K .......... .......... .......... .......... .......... 23% 67.9M 1s
- 12550K .......... .......... .......... .......... .......... 23%  249M 1s
- 12600K .......... .......... .......... .......... .......... 23%  248M 1s
- 12650K .......... .......... .......... .......... .......... 23%  204M 1s
- 12700K .......... .......... .......... .......... .......... 23%  218M 1s
- 12750K .......... .......... .......... .......... .......... 23%  250M 1s
- 12800K .......... .......... .......... .......... .......... 24%  257M 1s
- 12850K .......... .......... .......... .......... .......... 24%  263M 1s
- 12900K .......... .......... .......... .......... .......... 24%  190M 1s
- 12950K .......... .......... .......... .......... .......... 24%  223M 1s
- 13000K .......... .......... .......... .......... .......... 24% 44.5M 1s
- 13050K .......... .......... .......... .......... .......... 24% 85.2M 1s
- 13100K .......... .......... .......... .......... .......... 24% 61.9M 1s
- 13150K .......... .......... .......... .......... .......... 24% 76.1M 1s
- 13200K .......... .......... .......... .......... .......... 24%  219M 1s
- 13250K .......... .......... .......... .......... .......... 24% 81.7M 1s
- 13300K .......... .......... .......... .......... .......... 24% 69.6M 1s
- 13350K .......... .......... .......... .......... .......... 25% 73.4M 1s
- 13400K .......... .......... .......... .......... .......... 25% 79.7M 1s
- 13450K .......... .......... .......... .......... .......... 25%  124M 1s
- 13500K .......... .......... .......... .......... .......... 25% 97.2M 1s
- 13550K .......... .......... .......... .......... .......... 25% 75.8M 1s
- 13600K .......... .......... .......... .......... .......... 25% 74.2M 1s
- 13650K .......... .......... .......... .......... .......... 25%  117M 1s
- 13700K .......... .......... .......... .......... .......... 25%  218M 1s
- 13750K .......... .......... .......... .......... .......... 25%  259M 1s
- 13800K .......... .......... .......... .......... .......... 25%  236M 1s
- 13850K .......... .......... .......... .......... .......... 26%  254M 1s
- 13900K .......... .......... .......... .......... .......... 26%  219M 1s
- 13950K .......... .......... .......... .......... .......... 26% 75.6M 1s
- 14000K .......... .......... .......... .......... .......... 26% 87.9M 1s
- 14050K .......... .......... .......... .......... .......... 26% 67.7M 1s
- 14100K .......... .......... .......... .......... .......... 26% 86.1M 1s
- 14150K .......... .......... .......... .......... .......... 26%  227M 1s
- 14200K .......... .......... .......... .......... .......... 26% 74.4M 1s
- 14250K .......... .......... .......... .......... .......... 26%  105M 1s
- 14300K .......... .......... .......... .......... .......... 26% 58.1M 1s
- 14350K .......... .......... .......... .......... .......... 26% 84.5M 1s
- 14400K .......... .......... .......... .......... .......... 27% 78.9M 1s
- 14450K .......... .......... .......... .......... .......... 27% 70.6M 1s
- 14500K .......... .......... .......... .......... .......... 27%  203M 1s
- 14550K .......... .......... .......... .......... .......... 27%  254M 1s
- 14600K .......... .......... .......... .......... .......... 27%  237M 1s
- 14650K .......... .......... .......... .......... .......... 27%  262M 1s
- 14700K .......... .......... .......... .......... .......... 27%  215M 1s
- 14750K .......... .......... .......... .......... .......... 27%  256M 1s
- 14800K .......... .......... .......... .......... .......... 27%  256M 1s
- 14850K .......... .......... .......... .......... .......... 27% 25.6M 1s
- 14900K .......... .......... .......... .......... .......... 27% 46.3M 1s
- 14950K .......... .......... .......... .......... .......... 28%  100M 1s
- 15000K .......... .......... .......... .......... .......... 28%  102M 1s
- 15050K .......... .......... .......... .......... .......... 28% 73.4M 1s
- 15100K .......... .......... .......... .......... .......... 28% 70.7M 1s
- 15150K .......... .......... .......... .......... .......... 28% 77.7M 1s
- 15200K .......... .......... .......... .......... .......... 28% 82.5M 1s
- 15250K .......... .......... .......... .......... .......... 28%  118M 1s
- 15300K .......... .......... .......... .......... .......... 28% 64.8M 1s
- 15350K .......... .......... .......... .......... .......... 28%  122M 1s
- 15400K .......... .......... .......... .......... .......... 28%  229M 1s
- 15450K .......... .......... .......... .......... .......... 29%  247M 1s
- 15500K .......... .......... .......... .......... .......... 29%  225M 1s
- 15550K .......... .......... .......... .......... .......... 29%  265M 1s
- 15600K .......... .......... .......... .......... .......... 29%  222M 1s
- 15650K .......... .......... .......... .......... .......... 29%  215M 1s
- 15700K .......... .......... .......... .......... .......... 29%  193M 0s
- 15750K .......... .......... .......... .......... .......... 29%  250M 0s
- 15800K .......... .......... .......... .......... .......... 29%  183M 0s
- 15850K .......... .......... .......... .......... .......... 29%  179M 0s
- 15900K .......... .......... .......... .......... .......... 29%  159M 0s
- 15950K .......... .......... .......... .......... .......... 29%  199M 0s
- 16000K .......... .......... .......... .......... .......... 30%  171M 0s
- 16050K .......... .......... .......... .......... .......... 30%  184M 0s
- 16100K .......... .......... .......... .......... .......... 30%  142M 0s
- 16150K .......... .......... .......... .......... .......... 30%  173M 0s
- 16200K .......... .......... .......... .......... .......... 30%  177M 0s
- 16250K .......... .......... .......... .......... .......... 30%  174M 0s
- 16300K .......... .......... .......... .......... .......... 30%  171M 0s
- 16350K .......... .......... .......... .......... .......... 30%  176M 0s
- 16400K .......... .......... .......... .......... .......... 30%  181M 0s
- 16450K .......... .......... .......... .......... .......... 30%  178M 0s
- 16500K .......... .......... .......... .......... .......... 30%  137M 0s
- 16550K .......... .......... .......... .......... .......... 31%  165M 0s
- 16600K .......... .......... .......... .......... .......... 31%  168M 0s
- 16650K .......... .......... .......... .......... .......... 31%  259M 0s
- 16700K .......... .......... .......... .......... .......... 31%  159M 0s
- 16750K .......... .......... .......... .......... .......... 31%  170M 0s
- 16800K .......... .......... .......... .......... .......... 31%  204M 0s
- 16850K .......... .......... .......... .......... .......... 31%  186M 0s
- 16900K .......... .......... .......... .......... .......... 31%  152M 0s
- 16950K .......... .......... .......... .......... .......... 31%  164M 0s
- 17000K .......... .......... .......... .......... .......... 31%  199M 0s
+  9850K .......... .......... .......... .......... .......... 18%  256M 1s
+  9900K .......... .......... .......... .......... .......... 18%  253M 1s
+  9950K .......... .......... .......... .......... .......... 18%  210M 1s
+ 10000K .......... .......... .......... .......... .......... 18% 34.0M 1s
+ 10050K .......... .......... .......... .......... .......... 18% 28.2M 1s
+ 10100K .......... .......... .......... .......... .......... 19%  121M 1s
+ 10150K .......... .......... .......... .......... .......... 19%  136M 1s
+ 10200K .......... .......... .......... .......... .......... 19%  206M 1s
+ 10250K .......... .......... .......... .......... .......... 19%  260M 1s
+ 10300K .......... .......... .......... .......... .......... 19%  104M 1s
+ 10350K .......... .......... .......... .......... .......... 19% 57.6M 1s
+ 10400K .......... .......... .......... .......... .......... 19% 88.0M 1s
+ 10450K .......... .......... .......... .......... .......... 19% 78.9M 1s
+ 10500K .......... .......... .......... .......... .......... 19%  104M 1s
+ 10550K .......... .......... .......... .......... .......... 19% 67.8M 1s
+ 10600K .......... .......... .......... .......... .......... 19%  122M 1s
+ 10650K .......... .......... .......... .......... .......... 20% 88.7M 1s
+ 10700K .......... .......... .......... .......... .......... 20%  136M 1s
+ 10750K .......... .......... .......... .......... .......... 20%  212M 1s
+ 10800K .......... .......... .......... .......... .......... 20%  257M 1s
+ 10850K .......... .......... .......... .......... .......... 20%  255M 1s
+ 10900K .......... .......... .......... .......... .......... 20%  224M 1s
+ 10950K .......... .......... .......... .......... .......... 20%  203M 1s
+ 11000K .......... .......... .......... .......... .......... 20%  250M 1s
+ 11050K .......... .......... .......... .......... .......... 20%  258M 1s
+ 11100K .......... .......... .......... .......... .......... 20%  259M 1s
+ 11150K .......... .......... .......... .......... .......... 20% 29.6M 1s
+ 11200K .......... .......... .......... .......... .......... 21%  242M 1s
+ 11250K .......... .......... .......... .......... .......... 21%  247M 1s
+ 11300K .......... .......... .......... .......... .......... 21% 75.2M 1s
+ 11350K .......... .......... .......... .......... .......... 21% 28.0M 1s
+ 11400K .......... .......... .......... .......... .......... 21% 81.5M 1s
+ 11450K .......... .......... .......... .......... .......... 21% 99.5M 1s
+ 11500K .......... .......... .......... .......... .......... 21%  132M 1s
+ 11550K .......... .......... .......... .......... .......... 21% 62.1M 1s
+ 11600K .......... .......... .......... .......... .......... 21% 80.0M 1s
+ 11650K .......... .......... .......... .......... .......... 21% 94.9M 1s
+ 11700K .......... .......... .......... .......... .......... 22% 74.9M 1s
+ 11750K .......... .......... .......... .......... .......... 22% 68.0M 1s
+ 11800K .......... .......... .......... .......... .......... 22% 76.6M 1s
+ 11850K .......... .......... .......... .......... .......... 22% 88.9M 1s
+ 11900K .......... .......... .......... .......... .......... 22% 87.3M 1s
+ 11950K .......... .......... .......... .......... .......... 22%  188M 1s
+ 12000K .......... .......... .......... .......... .......... 22%  244M 1s
+ 12050K .......... .......... .......... .......... .......... 22%  259M 1s
+ 12100K .......... .......... .......... .......... .......... 22%  253M 1s
+ 12150K .......... .......... .......... .......... .......... 22%  220M 1s
+ 12200K .......... .......... .......... .......... .......... 22% 42.9M 1s
+ 12250K .......... .......... .......... .......... .......... 23%  140M 1s
+ 12300K .......... .......... .......... .......... .......... 23% 32.8M 1s
+ 12350K .......... .......... .......... .......... .......... 23% 68.9M 1s
+ 12400K .......... .......... .......... .......... .......... 23%  224M 1s
+ 12450K .......... .......... .......... .......... .......... 23% 80.5M 1s
+ 12500K .......... .......... .......... .......... .......... 23% 87.7M 1s
+ 12550K .......... .......... .......... .......... .......... 23% 61.2M 1s
+ 12600K .......... .......... .......... .......... .......... 23% 73.3M 1s
+ 12650K .......... .......... .......... .......... .......... 23% 78.3M 1s
+ 12700K .......... .......... .......... .......... .......... 23% 79.8M 1s
+ 12750K .......... .......... .......... .......... .......... 23%  207M 1s
+ 12800K .......... .......... .......... .......... .......... 24%  223M 1s
+ 12850K .......... .......... .......... .......... .......... 24%  251M 1s
+ 12900K .......... .......... .......... .......... .......... 24%  258M 1s
+ 12950K .......... .......... .......... .......... .......... 24%  228M 1s
+ 13000K .......... .......... .......... .......... .......... 24%  244M 1s
+ 13050K .......... .......... .......... .......... .......... 24%  169M 1s
+ 13100K .......... .......... .......... .......... .......... 24%  242M 1s
+ 13150K .......... .......... .......... .......... .......... 24% 29.9M 1s
+ 13200K .......... .......... .......... .......... .......... 24% 39.2M 1s
+ 13250K .......... .......... .......... .......... .......... 24%  162M 1s
+ 13300K .......... .......... .......... .......... .......... 24% 74.0M 1s
+ 13350K .......... .......... .......... .......... .......... 25%  192M 1s
+ 13400K .......... .......... .......... .......... .......... 25% 49.4M 1s
+ 13450K .......... .......... .......... .......... .......... 25% 74.9M 1s
+ 13500K .......... .......... .......... .......... .......... 25% 99.6M 1s
+ 13550K .......... .......... .......... .......... .......... 25% 51.9M 1s
+ 13600K .......... .......... .......... .......... .......... 25%  208M 1s
+ 13650K .......... .......... .......... .......... .......... 25%  243M 1s
+ 13700K .......... .......... .......... .......... .......... 25%  234M 1s
+ 13750K .......... .......... .......... .......... .......... 25%  221M 1s
+ 13800K .......... .......... .......... .......... .......... 25%  257M 1s
+ 13850K .......... .......... .......... .......... .......... 26%  255M 1s
+ 13900K .......... .......... .......... .......... .......... 26%  125M 1s
+ 13950K .......... .......... .......... .......... .......... 26%  119M 1s
+ 14000K .......... .......... .......... .......... .......... 26%  244M 1s
+ 14050K .......... .......... .......... .......... .......... 26% 57.9M 1s
+ 14100K .......... .......... .......... .......... .......... 26%  106M 1s
+ 14150K .......... .......... .......... .......... .......... 26% 33.3M 1s
+ 14200K .......... .......... .......... .......... .......... 26% 65.6M 1s
+ 14250K .......... .......... .......... .......... .......... 26%  151M 1s
+ 14300K .......... .......... .......... .......... .......... 26% 92.9M 1s
+ 14350K .......... .......... .......... .......... .......... 26% 72.7M 1s
+ 14400K .......... .......... .......... .......... .......... 27% 78.0M 0s
+ 14450K .......... .......... .......... .......... .......... 27% 87.0M 0s
+ 14500K .......... .......... .......... .......... .......... 27% 78.7M 0s
+ 14550K .......... .......... .......... .......... .......... 27% 99.8M 0s
+ 14600K .......... .......... .......... .......... .......... 27%  210M 0s
+ 14650K .......... .......... .......... .......... .......... 27%  254M 0s
+ 14700K .......... .......... .......... .......... .......... 27%  259M 0s
+ 14750K .......... .......... .......... .......... .......... 27%  208M 0s
+ 14800K .......... .......... .......... .......... .......... 27% 45.0M 0s
+ 14850K .......... .......... .......... .......... .......... 27%  251M 0s
+ 14900K .......... .......... .......... .......... .......... 27%  251M 0s
+ 14950K .......... .......... .......... .......... .......... 28% 38.3M 0s
+ 15000K .......... .......... .......... .......... .......... 28% 75.4M 0s
+ 15050K .......... .......... .......... .......... .......... 28%  120M 0s
+ 15100K .......... .......... .......... .......... .......... 28% 93.1M 0s
+ 15150K .......... .......... .......... .......... .......... 28% 60.5M 0s
+ 15200K .......... .......... .......... .......... .......... 28%  182M 0s
+ 15250K .......... .......... .......... .......... .......... 28% 52.7M 0s
+ 15300K .......... .......... .......... .......... .......... 28%  219M 0s
+ 15350K .......... .......... .......... .......... .......... 28%  223M 0s
+ 15400K .......... .......... .......... .......... .......... 28%  255M 0s
+ 15450K .......... .......... .......... .......... .......... 29%  203M 0s
+ 15500K .......... .......... .......... .......... .......... 29%  225M 0s
+ 15550K .......... .......... .......... .......... .......... 29%  211M 0s
+ 15600K .......... .......... .......... .......... .......... 29%  257M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  214M 0s
+ 15700K .......... .......... .......... .......... .......... 29%  207M 0s
+ 15750K .......... .......... .......... .......... .......... 29%  161M 0s
+ 15800K .......... .......... .......... .......... .......... 29%  185M 0s
+ 15850K .......... .......... .......... .......... .......... 29%  163M 0s
+ 15900K .......... .......... .......... .......... .......... 29%  190M 0s
+ 15950K .......... .......... .......... .......... .......... 29%  162M 0s
+ 16000K .......... .......... .......... .......... .......... 30%  184M 0s
+ 16050K .......... .......... .......... .......... .......... 30%  179M 0s
+ 16100K .......... .......... .......... .......... .......... 30%  176M 0s
+ 16150K .......... .......... .......... .......... .......... 30%  155M 0s
+ 16200K .......... .......... .......... .......... .......... 30%  167M 0s
+ 16250K .......... .......... .......... .......... .......... 30%  172M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  166M 0s
+ 16350K .......... .......... .......... .......... .......... 30%  141M 0s
+ 16400K .......... .......... .......... .......... .......... 30%  185M 0s
+ 16450K .......... .......... .......... .......... .......... 30%  197M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  256M 0s
+ 16550K .......... .......... .......... .......... .......... 31%  216M 0s
+ 16600K .......... .......... .......... .......... .......... 31%  200M 0s
+ 16650K .......... .......... .......... .......... .......... 31%  192M 0s
+ 16700K .......... .......... .......... .......... .......... 31%  186M 0s
+ 16750K .......... .......... .......... .......... .......... 31%  147M 0s
+ 16800K .......... .......... .......... .......... .......... 31%  185M 0s
+ 16850K .......... .......... .......... .......... .......... 31%  197M 0s
+ 16900K .......... .......... .......... .......... .......... 31%  179M 0s
+ 16950K .......... .......... .......... .......... .......... 31%  148M 0s
+ 17000K .......... .......... .......... .......... .......... 31%  167M 0s
  17050K .......... .......... .......... .......... .......... 32%  166M 0s
- 17100K .......... .......... .......... .......... .......... 32%  156M 0s
- 17150K .......... .......... .......... .......... .......... 32%  165M 0s
- 17200K .......... .......... .......... .......... .......... 32%  172M 0s
- 17250K .......... .......... .......... .......... .......... 32%  171M 0s
- 17300K .......... .......... .......... .......... .......... 32%  134M 0s
- 17350K .......... .......... .......... .......... .......... 32%  169M 0s
- 17400K .......... .......... .......... .......... .......... 32%  169M 0s
- 17450K .......... .......... .......... .......... .......... 32%  162M 0s
- 17500K .......... .......... .......... .......... .......... 32%  184M 0s
- 17550K .......... .......... .......... .......... .......... 32%  237M 0s
- 17600K .......... .......... .......... .......... .......... 33%  215M 0s
- 17650K .......... .......... .......... .......... .......... 33%  245M 0s
- 17700K .......... .......... .......... .......... .......... 33%  210M 0s
- 17750K .......... .......... .......... .......... .......... 33%  259M 0s
- 17800K .......... .......... .......... .......... .......... 33%  223M 0s
- 17850K .......... .......... .......... .......... .......... 33%  204M 0s
- 17900K .......... .......... .......... .......... .......... 33%  159M 0s
- 17950K .......... .......... .......... .......... .......... 33%  180M 0s
- 18000K .......... .......... .......... .......... .......... 33%  162M 0s
- 18050K .......... .......... .......... .......... .......... 33%  201M 0s
- 18100K .......... .......... .......... .......... .......... 33%  192M 0s
- 18150K .......... .......... .......... .......... .......... 34%  253M 0s
- 18200K .......... .......... .......... .......... .......... 34%  218M 0s
- 18250K .......... .......... .......... .......... .......... 34%  186M 0s
- 18300K .......... .......... .......... .......... .......... 34%  165M 0s
- 18350K .......... .......... .......... .......... .......... 34%  186M 0s
- 18400K .......... .......... .......... .......... .......... 34%  171M 0s
- 18450K .......... .......... .......... .......... .......... 34%  170M 0s
- 18500K .......... .......... .......... .......... .......... 34%  162M 0s
- 18550K .......... .......... .......... .......... .......... 34%  176M 0s
- 18600K .......... .......... .......... .......... .......... 34%  183M 0s
- 18650K .......... .......... .......... .......... .......... 35%  191M 0s
- 18700K .......... .......... .......... .......... .......... 35%  217M 0s
- 18750K .......... .......... .......... .......... .......... 35%  162M 0s
- 18800K .......... .......... .......... .......... .......... 35%  167M 0s
- 18850K .......... .......... .......... .......... .......... 35%  171M 0s
- 18900K .......... .......... .......... .......... .......... 35%  139M 0s
- 18950K .......... .......... .......... .......... .......... 35%  184M 0s
- 19000K .......... .......... .......... .......... .......... 35%  169M 0s
- 19050K .......... .......... .......... .......... .......... 35%  180M 0s
- 19100K .......... .......... .......... .......... .......... 35%  155M 0s
- 19150K .......... .......... .......... .......... .......... 35%  185M 0s
- 19200K .......... .......... .......... .......... .......... 36%  191M 0s
- 19250K .......... .......... .......... .......... .......... 36%  194M 0s
- 19300K .......... .......... .......... .......... .......... 36%  140M 0s
- 19350K .......... .......... .......... .......... .......... 36%  181M 0s
- 19400K .......... .......... .......... .......... .......... 36%  190M 0s
+ 17100K .......... .......... .......... .......... .......... 32%  147M 0s
+ 17150K .......... .......... .......... .......... .......... 32%  140M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  167M 0s
+ 17250K .......... .......... .......... .......... .......... 32%  164M 0s
+ 17300K .......... .......... .......... .......... .......... 32%  185M 0s
+ 17350K .......... .......... .......... .......... .......... 32%  157M 0s
+ 17400K .......... .......... .......... .......... .......... 32%  185M 0s
+ 17450K .......... .......... .......... .......... .......... 32%  203M 0s
+ 17500K .......... .......... .......... .......... .......... 32%  192M 0s
+ 17550K .......... .......... .......... .......... .......... 32%  169M 0s
+ 17600K .......... .......... .......... .......... .......... 33%  184M 0s
+ 17650K .......... .......... .......... .......... .......... 33%  165M 0s
+ 17700K .......... .......... .......... .......... .......... 33%  197M 0s
+ 17750K .......... .......... .......... .......... .......... 33%  162M 0s
+ 17800K .......... .......... .......... .......... .......... 33%  177M 0s
+ 17850K .......... .......... .......... .......... .......... 33%  175M 0s
+ 17900K .......... .......... .......... .......... .......... 33%  192M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  167M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  174M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  193M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  195M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  166M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  171M 0s
+ 18250K .......... .......... .......... .......... .......... 34%  169M 0s
+ 18300K .......... .......... .......... .......... .......... 34%  170M 0s
+ 18350K .......... .......... .......... .......... .......... 34%  141M 0s
+ 18400K .......... .......... .......... .......... .......... 34%  186M 0s
+ 18450K .......... .......... .......... .......... .......... 34%  181M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  172M 0s
+ 18550K .......... .......... .......... .......... .......... 34%  147M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  176M 0s
+ 18650K .......... .......... .......... .......... .......... 35%  165M 0s
+ 18700K .......... .......... .......... .......... .......... 35%  214M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  208M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  238M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  231M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  198M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  166M 0s
+ 19000K .......... .......... .......... .......... .......... 35%  179M 0s
+ 19050K .......... .......... .......... .......... .......... 35%  195M 0s
+ 19100K .......... .......... .......... .......... .......... 35%  169M 0s
+ 19150K .......... .......... .......... .......... .......... 35%  157M 0s
+ 19200K .......... .......... .......... .......... .......... 36%  185M 0s
+ 19250K .......... .......... .......... .......... .......... 36%  190M 0s
+ 19300K .......... .......... .......... .......... .......... 36%  173M 0s
+ 19350K .......... .......... .......... .......... .......... 36%  167M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  177M 0s
  19450K .......... .......... .......... .......... .......... 36%  169M 0s
- 19500K .......... .......... .......... .......... .......... 36%  158M 0s
- 19550K .......... .......... .......... .......... .......... 36%  186M 0s
- 19600K .......... .......... .......... .......... .......... 36%  197M 0s
- 19650K .......... .......... .......... .......... .......... 36%  179M 0s
- 19700K .......... .......... .......... .......... .......... 36%  163M 0s
- 19750K .......... .......... .......... .......... .......... 37%  182M 0s
- 19800K .......... .......... .......... .......... .......... 37%  165M 0s
- 19850K .......... .......... .......... .......... .......... 37%  164M 0s
- 19900K .......... .......... .......... .......... .......... 37%  140M 0s
- 19950K .......... .......... .......... .......... .......... 37%  173M 0s
- 20000K .......... .......... .......... .......... .......... 37%  184M 0s
- 20050K .......... .......... .......... .......... .......... 37%  176M 0s
- 20100K .......... .......... .......... .......... .......... 37%  163M 0s
- 20150K .......... .......... .......... .......... .......... 37%  181M 0s
- 20200K .......... .......... .......... .......... .......... 37%  189M 0s
- 20250K .......... .......... .......... .......... .......... 38%  177M 0s
- 20300K .......... .......... .......... .......... .......... 38%  150M 0s
- 20350K .......... .......... .......... .......... .......... 38%  178M 0s
- 20400K .......... .......... .......... .......... .......... 38%  181M 0s
- 20450K .......... .......... .......... .......... .......... 38%  183M 0s
- 20500K .......... .......... .......... .......... .......... 38%  169M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  191M 0s
+ 19550K .......... .......... .......... .......... .......... 36%  153M 0s
+ 19600K .......... .......... .......... .......... .......... 36%  210M 0s
+ 19650K .......... .......... .......... .......... .......... 36%  219M 0s
+ 19700K .......... .......... .......... .......... .......... 36%  251M 0s
+ 19750K .......... .......... .......... .......... .......... 37%  150M 0s
+ 19800K .......... .......... .......... .......... .......... 37%  152M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  174M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  182M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  153M 0s
+ 20000K .......... .......... .......... .......... .......... 37%  166M 0s
+ 20050K .......... .......... .......... .......... .......... 37%  181M 0s
+ 20100K .......... .......... .......... .......... .......... 37%  186M 0s
+ 20150K .......... .......... .......... .......... .......... 37%  162M 0s
+ 20200K .......... .......... .......... .......... .......... 37%  174M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  176M 0s
+ 20300K .......... .......... .......... .......... .......... 38%  184M 0s
+ 20350K .......... .......... .......... .......... .......... 38%  151M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  172M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  126M 0s
+ 20500K .......... .......... .......... .......... .......... 38%  155M 0s
  20550K .......... .......... .......... .......... .......... 38%  161M 0s
- 20600K .......... .......... .......... .......... .......... 38%  172M 0s
- 20650K .......... .......... .......... .......... .......... 38%  183M 0s
- 20700K .......... .......... .......... .......... .......... 38%  165M 0s
- 20750K .......... .......... .......... .......... .......... 38%  142M 0s
- 20800K .......... .......... .......... .......... .......... 39%  181M 0s
- 20850K .......... .......... .......... .......... .......... 39%  181M 0s
- 20900K .......... .......... .......... .......... .......... 39%  183M 0s
- 20950K .......... .......... .......... .......... .......... 39%  188M 0s
- 21000K .......... .......... .......... .......... .......... 39%  265M 0s
- 21050K .......... .......... .......... .......... .......... 39%  258M 0s
- 21100K .......... .......... .......... .......... .......... 39%  202M 0s
- 21150K .......... .......... .......... .......... .......... 39%  157M 0s
- 21200K .......... .......... .......... .......... .......... 39%  191M 0s
- 21250K .......... .......... .......... .......... .......... 39%  179M 0s
- 21300K .......... .......... .......... .......... .......... 39%  191M 0s
+ 20600K .......... .......... .......... .......... .......... 38%  180M 0s
+ 20650K .......... .......... .......... .......... .......... 38%  182M 0s
+ 20700K .......... .......... .......... .......... .......... 38%  154M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  209M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  217M 0s
+ 20850K .......... .......... .......... .......... .......... 39%  199M 0s
+ 20900K .......... .......... .......... .......... .......... 39%  176M 0s
+ 20950K .......... .......... .......... .......... .......... 39%  178M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  181M 0s
+ 21050K .......... .......... .......... .......... .......... 39%  159M 0s
+ 21100K .......... .......... .......... .......... .......... 39%  143M 0s
+ 21150K .......... .......... .......... .......... .......... 39%  165M 0s
+ 21200K .......... .......... .......... .......... .......... 39%  154M 0s
+ 21250K .......... .......... .......... .......... .......... 39%  150M 0s
+ 21300K .......... .......... .......... .......... .......... 39%  148M 0s
  21350K .......... .......... .......... .......... .......... 40%  170M 0s
- 21400K .......... .......... .......... .......... .......... 40%  192M 0s
- 21450K .......... .......... .......... .......... .......... 40%  168M 0s
- 21500K .......... .......... .......... .......... .......... 40%  196M 0s
- 21550K .......... .......... .......... .......... .......... 40%  154M 0s
- 21600K .......... .......... .......... .......... .......... 40%  200M 0s
- 21650K .......... .......... .......... .......... .......... 40%  171M 0s
- 21700K .......... .......... .......... .......... .......... 40%  176M 0s
- 21750K .......... .......... .......... .......... .......... 40%  158M 0s
- 21800K .......... .......... .......... .......... .......... 40%  164M 0s
- 21850K .......... .......... .......... .......... .......... 41%  185M 0s
- 21900K .......... .......... .......... .......... .......... 41%  253M 0s
- 21950K .......... .......... .......... .......... .......... 41%  219M 0s
- 22000K .......... .......... .......... .......... .......... 41%  265M 0s
- 22050K .......... .......... .......... .......... .......... 41%  197M 0s
- 22100K .......... .......... .......... .......... .......... 41%  253M 0s
- 22150K .......... .......... .......... .......... .......... 41%  228M 0s
- 22200K .......... .......... .......... .......... .......... 41%  263M 0s
- 22250K .......... .......... .......... .......... .......... 41%  223M 0s
- 22300K .......... .......... .......... .......... .......... 41%  177M 0s
- 22350K .......... .......... .......... .......... .......... 41%  153M 0s
- 22400K .......... .......... .......... .......... .......... 42%  184M 0s
- 22450K .......... .......... .......... .......... .......... 42%  168M 0s
- 22500K .......... .......... .......... .......... .......... 42%  173M 0s
- 22550K .......... .......... .......... .......... .......... 42%  178M 0s
- 22600K .......... .......... .......... .......... .......... 42%  175M 0s
- 22650K .......... .......... .......... .......... .......... 42%  204M 0s
- 22700K .......... .......... .......... .......... .......... 42%  168M 0s
- 22750K .......... .......... .......... .......... .......... 42%  155M 0s
- 22800K .......... .......... .......... .......... .......... 42%  157M 0s
- 22850K .......... .......... .......... .......... .......... 42%  165M 0s
- 22900K .......... .......... .......... .......... .......... 42%  172M 0s
- 22950K .......... .......... .......... .......... .......... 43%  158M 0s
- 23000K .......... .......... .......... .......... .......... 43%  173M 0s
- 23050K .......... .......... .......... .......... .......... 43%  184M 0s
- 23100K .......... .......... .......... .......... .......... 43%  187M 0s
- 23150K .......... .......... .......... .......... .......... 43%  157M 0s
- 23200K .......... .......... .......... .......... .......... 43%  177M 0s
- 23250K .......... .......... .......... .......... .......... 43%  181M 0s
- 23300K .......... .......... .......... .......... .......... 43%  180M 0s
- 23350K .......... .......... .......... .......... .......... 43%  167M 0s
- 23400K .......... .......... .......... .......... .......... 43%  173M 0s
- 23450K .......... .......... .......... .......... .......... 44%  190M 0s
- 23500K .......... .......... .......... .......... .......... 44%  182M 0s
- 23550K .......... .......... .......... .......... .......... 44%  143M 0s
- 23600K .......... .......... .......... .......... .......... 44%  177M 0s
+ 21400K .......... .......... .......... .......... .......... 40%  193M 0s
+ 21450K .......... .......... .......... .......... .......... 40%  156M 0s
+ 21500K .......... .......... .......... .......... .......... 40%  165M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  168M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  189M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  247M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  216M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  213M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  245M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  243M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  213M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  228M 0s
+ 22000K .......... .......... .......... .......... .......... 41%  172M 0s
+ 22050K .......... .......... .......... .......... .......... 41%  178M 0s
+ 22100K .......... .......... .......... .......... .......... 41%  159M 0s
+ 22150K .......... .......... .......... .......... .......... 41%  176M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  181M 0s
+ 22250K .......... .......... .......... .......... .......... 41%  184M 0s
+ 22300K .......... .......... .......... .......... .......... 41%  161M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  222M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  255M 0s
+ 22450K .......... .......... .......... .......... .......... 42%  211M 0s
+ 22500K .......... .......... .......... .......... .......... 42%  144M 0s
+ 22550K .......... .......... .......... .......... .......... 42%  150M 0s
+ 22600K .......... .......... .......... .......... .......... 42%  164M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  165M 0s
+ 22700K .......... .......... .......... .......... .......... 42%  141M 0s
+ 22750K .......... .......... .......... .......... .......... 42%  196M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  185M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  194M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  149M 0s
+ 22950K .......... .......... .......... .......... .......... 43%  190M 0s
+ 23000K .......... .......... .......... .......... .......... 43%  184M 0s
+ 23050K .......... .......... .......... .......... .......... 43%  157M 0s
+ 23100K .......... .......... .......... .......... .......... 43%  159M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  180M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  182M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  176M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  146M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  197M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  154M 0s
+ 23450K .......... .......... .......... .......... .......... 44%  213M 0s
+ 23500K .......... .......... .......... .......... .......... 44%  152M 0s
+ 23550K .......... .......... .......... .......... .......... 44%  155M 0s
+ 23600K .......... .......... .......... .......... .......... 44%  165M 0s
  23650K .......... .......... .......... .......... .......... 44%  176M 0s
- 23700K .......... .......... .......... .......... .......... 44%  184M 0s
- 23750K .......... .......... .......... .......... .......... 44%  177M 0s
- 23800K .......... .......... .......... .......... .......... 44%  260M 0s
- 23850K .......... .......... .......... .......... .......... 44%  253M 0s
- 23900K .......... .......... .......... .......... .......... 44%  220M 0s
- 23950K .......... .......... .......... .......... .......... 44%  150M 0s
- 24000K .......... .......... .......... .......... .......... 45%  197M 0s
- 24050K .......... .......... .......... .......... .......... 45%  187M 0s
- 24100K .......... .......... .......... .......... .......... 45%  180M 0s
- 24150K .......... .......... .......... .......... .......... 45%  148M 0s
- 24200K .......... .......... .......... .......... .......... 45%  178M 0s
- 24250K .......... .......... .......... .......... .......... 45%  191M 0s
- 24300K .......... .......... .......... .......... .......... 45%  191M 0s
+ 23700K .......... .......... .......... .......... .......... 44%  155M 0s
+ 23750K .......... .......... .......... .......... .......... 44%  152M 0s
+ 23800K .......... .......... .......... .......... .......... 44%  171M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  176M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  138M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  192M 0s
+ 24000K .......... .......... .......... .......... .......... 45%  161M 0s
+ 24050K .......... .......... .......... .......... .......... 45%  180M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  171M 0s
+ 24150K .......... .......... .......... .......... .......... 45%  186M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  156M 0s
+ 24250K .......... .......... .......... .......... .......... 45%  161M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  193M 0s
  24350K .......... .......... .......... .......... .......... 45%  156M 0s
- 24400K .......... .......... .......... .......... .......... 45%  192M 0s
- 24450K .......... .......... .......... .......... .......... 45%  177M 0s
- 24500K .......... .......... .......... .......... .......... 45%  190M 0s
- 24550K .......... .......... .......... .......... .......... 46%  147M 0s
- 24600K .......... .......... .......... .......... .......... 46%  158M 0s
- 24650K .......... .......... .......... .......... .......... 46%  175M 0s
- 24700K .......... .......... .......... .......... .......... 46%  163M 0s
- 24750K .......... .......... .......... .......... .......... 46%  196M 0s
- 24800K .......... .......... .......... .......... .......... 46%  194M 0s
- 24850K .......... .......... .......... .......... .......... 46%  183M 0s
- 24900K .......... .......... .......... .......... .......... 46%  181M 0s
- 24950K .......... .......... .......... .......... .......... 46%  168M 0s
- 25000K .......... .......... .......... .......... .......... 46%  187M 0s
- 25050K .......... .......... .......... .......... .......... 47%  178M 0s
- 25100K .......... .......... .......... .......... .......... 47%  185M 0s
- 25150K .......... .......... .......... .......... .......... 47%  162M 0s
- 25200K .......... .......... .......... .......... .......... 47%  195M 0s
- 25250K .......... .......... .......... .......... .......... 47%  182M 0s
- 25300K .......... .......... .......... .......... .......... 47%  194M 0s
- 25350K .......... .......... .......... .......... .......... 47%  174M 0s
- 25400K .......... .......... .......... .......... .......... 47%  172M 0s
- 25450K .......... .......... .......... .......... .......... 47%  177M 0s
- 25500K .......... .......... .......... .......... .......... 47%  172M 0s
- 25550K .......... .......... .......... .......... .......... 47%  144M 0s
- 25600K .......... .......... .......... .......... .......... 48%  163M 0s
- 25650K .......... .......... .......... .......... .......... 48%  178M 0s
- 25700K .......... .......... .......... .......... .......... 48%  178M 0s
- 25750K .......... .......... .......... .......... .......... 48%  164M 0s
- 25800K .......... .......... .......... .......... .......... 48%  176M 0s
- 25850K .......... .......... .......... .......... .......... 48%  224M 0s
- 25900K .......... .......... .......... .......... .......... 48%  237M 0s
- 25950K .......... .......... .......... .......... .......... 48%  195M 0s
- 26000K .......... .......... .......... .......... .......... 48%  257M 0s
- 26050K .......... .......... .......... .......... .......... 48%  269M 0s
- 26100K .......... .......... .......... .......... .......... 48%  234M 0s
- 26150K .......... .......... .......... .......... .......... 49%  158M 0s
- 26200K .......... .......... .......... .......... .......... 49%  174M 0s
- 26250K .......... .......... .......... .......... .......... 49%  183M 0s
- 26300K .......... .......... .......... .......... .......... 49%  171M 0s
- 26350K .......... .......... .......... .......... .......... 49%  163M 0s
- 26400K .......... .......... .......... .......... .......... 49%  187M 0s
- 26450K .......... .......... .......... .......... .......... 49%  188M 0s
- 26500K .......... .......... .......... .......... .......... 49%  195M 0s
- 26550K .......... .......... .......... .......... .......... 49%  158M 0s
- 26600K .......... .......... .......... .......... .......... 49%  197M 0s
- 26650K .......... .......... .......... .......... .......... 49%  261M 0s
- 26700K .......... .......... .......... .......... .......... 50%  243M 0s
- 26750K .......... .......... .......... .......... .......... 50%  178M 0s
- 26800K .......... .......... .......... .......... .......... 50%  230M 0s
- 26850K .......... .......... .......... .......... .......... 50%  221M 0s
- 26900K .......... .......... .......... .......... .......... 50%  174M 0s
- 26950K .......... .......... .......... .......... .......... 50%  146M 0s
- 27000K .......... .......... .......... .......... .......... 50%  173M 0s
- 27050K .......... .......... .......... .......... .......... 50%  179M 0s
- 27100K .......... .......... .......... .......... .......... 50%  183M 0s
- 27150K .......... .......... .......... .......... .......... 50%  151M 0s
- 27200K .......... .......... .......... .......... .......... 51%  179M 0s
- 27250K .......... .......... .......... .......... .......... 51%  185M 0s
- 27300K .......... .......... .......... .......... .......... 51%  172M 0s
- 27350K .......... .......... .......... .......... .......... 51%  175M 0s
- 27400K .......... .......... .......... .......... .......... 51%  166M 0s
- 27450K .......... .......... .......... .......... .......... 51%  171M 0s
- 27500K .......... .......... .......... .......... .......... 51%  170M 0s
- 27550K .......... .......... .......... .......... .......... 51%  146M 0s
- 27600K .......... .......... .......... .......... .......... 51%  190M 0s
- 27650K .......... .......... .......... .......... .......... 51%  230M 0s
- 27700K .......... .......... .......... .......... .......... 51%  182M 0s
- 27750K .......... .......... .......... .......... .......... 52%  168M 0s
- 27800K .......... .......... .......... .......... .......... 52%  183M 0s
- 27850K .......... .......... .......... .......... .......... 52%  199M 0s
- 27900K .......... .......... .......... .......... .......... 52%  196M 0s
- 27950K .......... .......... .......... .......... .......... 52%  146M 0s
- 28000K .......... .......... .......... .......... .......... 52%  187M 0s
- 28050K .......... .......... .......... .......... .......... 52%  167M 0s
- 28100K .......... .......... .......... .......... .......... 52%  180M 0s
- 28150K .......... .......... .......... .......... .......... 52%  166M 0s
- 28200K .......... .......... .......... .......... .......... 52%  176M 0s
- 28250K .......... .......... .......... .......... .......... 52%  175M 0s
- 28300K .......... .......... .......... .......... .......... 53%  173M 0s
- 28350K .......... .......... .......... .......... .......... 53%  155M 0s
- 28400K .......... .......... .......... .......... .......... 53%  163M 0s
- 28450K .......... .......... .......... .......... .......... 53%  176M 0s
- 28500K .......... .......... .......... .......... .......... 53%  162M 0s
- 28550K .......... .......... .......... .......... .......... 53%  147M 0s
- 28600K .......... .......... .......... .......... .......... 53%  184M 0s
- 28650K .......... .......... .......... .......... .......... 53%  164M 0s
- 28700K .......... .......... .......... .......... .......... 53%  185M 0s
- 28750K .......... .......... .......... .......... .......... 53%  145M 0s
- 28800K .......... .......... .......... .......... .......... 54%  214M 0s
- 28850K .......... .......... .......... .......... .......... 54%  180M 0s
- 28900K .......... .......... .......... .......... .......... 54%  186M 0s
- 28950K .......... .......... .......... .......... .......... 54%  212M 0s
- 29000K .......... .......... .......... .......... .......... 54%  259M 0s
- 29050K .......... .......... .......... .......... .......... 54%  187M 0s
- 29100K .......... .......... .......... .......... .......... 54%  181M 0s
- 29150K .......... .......... .......... .......... .......... 54%  152M 0s
- 29200K .......... .......... .......... .......... .......... 54%  216M 0s
- 29250K .......... .......... .......... .......... .......... 54%  191M 0s
- 29300K .......... .......... .......... .......... .......... 54%  180M 0s
- 29350K .......... .......... .......... .......... .......... 55%  173M 0s
- 29400K .......... .......... .......... .......... .......... 55%  184M 0s
- 29450K .......... .......... .......... .......... .......... 55%  173M 0s
- 29500K .......... .......... .......... .......... .......... 55%  234M 0s
- 29550K .......... .......... .......... .......... .......... 55%  216M 0s
- 29600K .......... .......... .......... .......... .......... 55%  248M 0s
- 29650K .......... .......... .......... .......... .......... 55%  198M 0s
- 29700K .......... .......... .......... .......... .......... 55%  175M 0s
- 29750K .......... .......... .......... .......... .......... 55%  162M 0s
- 29800K .......... .......... .......... .......... .......... 55%  186M 0s
- 29850K .......... .......... .......... .......... .......... 55%  191M 0s
- 29900K .......... .......... .......... .......... .......... 56%  185M 0s
- 29950K .......... .......... .......... .......... .......... 56%  160M 0s
- 30000K .......... .......... .......... .......... .......... 56%  168M 0s
- 30050K .......... .......... .......... .......... .......... 56%  163M 0s
- 30100K .......... .......... .......... .......... .......... 56%  184M 0s
- 30150K .......... .......... .......... .......... .......... 56%  165M 0s
- 30200K .......... .......... .......... .......... .......... 56%  178M 0s
- 30250K .......... .......... .......... .......... .......... 56%  187M 0s
- 30300K .......... .......... .......... .......... .......... 56%  192M 0s
- 30350K .......... .......... .......... .......... .......... 56%  167M 0s
- 30400K .......... .......... .......... .......... .......... 57%  220M 0s
- 30450K .......... .......... .......... .......... .......... 57%  238M 0s
- 30500K .......... .......... .......... .......... .......... 57%  265M 0s
- 30550K .......... .......... .......... .......... .......... 57%  233M 0s
- 30600K .......... .......... .......... .......... .......... 57%  183M 0s
- 30650K .......... .......... .......... .......... .......... 57%  207M 0s
- 30700K .......... .......... .......... .......... .......... 57%  211M 0s
- 30750K .......... .......... .......... .......... .......... 57%  132M 0s
- 30800K .......... .......... .......... .......... .......... 57%  163M 0s
- 30850K .......... .......... .......... .......... .......... 57%  167M 0s
- 30900K .......... .......... .......... .......... .......... 57%  192M 0s
- 30950K .......... .......... .......... .......... .......... 58%  157M 0s
- 31000K .......... .......... .......... .......... .......... 58%  178M 0s
- 31050K .......... .......... .......... .......... .......... 58%  189M 0s
- 31100K .......... .......... .......... .......... .......... 58%  193M 0s
- 31150K .......... .......... .......... .......... .......... 58%  163M 0s
- 31200K .......... .......... .......... .......... .......... 58%  182M 0s
- 31250K .......... .......... .......... .......... .......... 58%  184M 0s
- 31300K .......... .......... .......... .......... .......... 58%  179M 0s
- 31350K .......... .......... .......... .......... .......... 58%  169M 0s
- 31400K .......... .......... .......... .......... .......... 58%  184M 0s
- 31450K .......... .......... .......... .......... .......... 58%  192M 0s
- 31500K .......... .......... .......... .......... .......... 59%  172M 0s
- 31550K .......... .......... .......... .......... .......... 59%  149M 0s
- 31600K .......... .......... .......... .......... .......... 59%  182M 0s
- 31650K .......... .......... .......... .......... .......... 59%  178M 0s
- 31700K .......... .......... .......... .......... .......... 59%  199M 0s
- 31750K .......... .......... .......... .......... .......... 59%  145M 0s
- 31800K .......... .......... .......... .......... .......... 59%  176M 0s
- 31850K .......... .......... .......... .......... .......... 59%  171M 0s
- 31900K .......... .......... .......... .......... .......... 59%  179M 0s
- 31950K .......... .......... .......... .......... .......... 59%  173M 0s
- 32000K .......... .......... .......... .......... .......... 60%  182M 0s
- 32050K .......... .......... .......... .......... .......... 60%  172M 0s
- 32100K .......... .......... .......... .......... .......... 60%  183M 0s
- 32150K .......... .......... .......... .......... .......... 60%  177M 0s
- 32200K .......... .......... .......... .......... .......... 60%  172M 0s
- 32250K .......... .......... .......... .......... .......... 60%  168M 0s
- 32300K .......... .......... .......... .......... .......... 60%  196M 0s
- 32350K .......... .......... .......... .......... .......... 60%  162M 0s
- 32400K .......... .......... .......... .......... .......... 60%  182M 0s
- 32450K .......... .......... .......... .......... .......... 60%  194M 0s
- 32500K .......... .......... .......... .......... .......... 60%  232M 0s
- 32550K .......... .......... .......... .......... .......... 61%  211M 0s
- 32600K .......... .......... .......... .......... .......... 61%  221M 0s
- 32650K .......... .......... .......... .......... .......... 61%  249M 0s
- 32700K .......... .......... .......... .......... .......... 61%  169M 0s
- 32750K .......... .......... .......... .......... .......... 61%  137M 0s
- 32800K .......... .......... .......... .......... .......... 61%  187M 0s
- 32850K .......... .......... .......... .......... .......... 61%  189M 0s
- 32900K .......... .......... .......... .......... .......... 61%  184M 0s
- 32950K .......... .......... .......... .......... .......... 61%  166M 0s
- 33000K .......... .......... .......... .......... .......... 61%  188M 0s
- 33050K .......... .......... .......... .......... .......... 61%  185M 0s
- 33100K .......... .......... .......... .......... .......... 62%  177M 0s
- 33150K .......... .......... .......... .......... .......... 62%  151M 0s
- 33200K .......... .......... .......... .......... .......... 62%  183M 0s
- 33250K .......... .......... .......... .......... .......... 62%  191M 0s
- 33300K .......... .......... .......... .......... .......... 62%  175M 0s
- 33350K .......... .......... .......... .......... .......... 62%  159M 0s
- 33400K .......... .......... .......... .......... .......... 62%  151M 0s
- 33450K .......... .......... .......... .......... .......... 62%  232M 0s
- 33500K .......... .......... .......... .......... .......... 62%  237M 0s
- 33550K .......... .......... .......... .......... .......... 62%  215M 0s
- 33600K .......... .......... .......... .......... .......... 63%  233M 0s
- 33650K .......... .......... .......... .......... .......... 63%  243M 0s
- 33700K .......... .......... .......... .......... .......... 63%  255M 0s
- 33750K .......... .......... .......... .......... .......... 63%  179M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  164M 0s
+ 24450K .......... .......... .......... .......... .......... 45%  151M 0s
+ 24500K .......... .......... .......... .......... .......... 45%  138M 0s
+ 24550K .......... .......... .......... .......... .......... 46%  162M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  183M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  210M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  164M 0s
+ 24750K .......... .......... .......... .......... .......... 46%  180M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  170M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  186M 0s
+ 24900K .......... .......... .......... .......... .......... 46%  158M 0s
+ 24950K .......... .......... .......... .......... .......... 46%  160M 0s
+ 25000K .......... .......... .......... .......... .......... 46%  185M 0s
+ 25050K .......... .......... .......... .......... .......... 47%  179M 0s
+ 25100K .......... .......... .......... .......... .......... 47%  153M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  179M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  181M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  168M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  140M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  201M 0s
+ 25400K .......... .......... .......... .......... .......... 47%  251M 0s
+ 25450K .......... .......... .......... .......... .......... 47%  244M 0s
+ 25500K .......... .......... .......... .......... .......... 47%  161M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  178M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  190M 0s
+ 25650K .......... .......... .......... .......... .......... 48%  181M 0s
+ 25700K .......... .......... .......... .......... .......... 48%  149M 0s
+ 25750K .......... .......... .......... .......... .......... 48%  182M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  173M 0s
+ 25850K .......... .......... .......... .......... .......... 48%  176M 0s
+ 25900K .......... .......... .......... .......... .......... 48%  163M 0s
+ 25950K .......... .......... .......... .......... .......... 48%  175M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  203M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  215M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  204M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  253M 0s
+ 26200K .......... .......... .......... .......... .......... 49%  254M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  254M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  151M 0s
+ 26350K .......... .......... .......... .......... .......... 49%  172M 0s
+ 26400K .......... .......... .......... .......... .......... 49%  224M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  171M 0s
+ 26500K .......... .......... .......... .......... .......... 49%  153M 0s
+ 26550K .......... .......... .......... .......... .......... 49%  192M 0s
+ 26600K .......... .......... .......... .......... .......... 49%  178M 0s
+ 26650K .......... .......... .......... .......... .......... 49%  174M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  182M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  163M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  149M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  167M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  131M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  156M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  166M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  175M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  157M 0s
+ 27150K .......... .......... .......... .......... .......... 50%  162M 0s
+ 27200K .......... .......... .......... .......... .......... 51%  165M 0s
+ 27250K .......... .......... .......... .......... .......... 51%  184M 0s
+ 27300K .......... .......... .......... .......... .......... 51%  155M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  176M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  187M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  151M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  153M 0s
+ 27550K .......... .......... .......... .......... .......... 51%  184M 0s
+ 27600K .......... .......... .......... .......... .......... 51%  166M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  160M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  143M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  184M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  182M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  176M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  167M 0s
+ 27950K .......... .......... .......... .......... .......... 52%  151M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  160M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  183M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  143M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  145M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  177M 0s
+ 28250K .......... .......... .......... .......... .......... 52%  214M 0s
+ 28300K .......... .......... .......... .......... .......... 53%  227M 0s
+ 28350K .......... .......... .......... .......... .......... 53%  220M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  200M 0s
+ 28450K .......... .......... .......... .......... .......... 53%  177M 0s
+ 28500K .......... .......... .......... .......... .......... 53%  149M 0s
+ 28550K .......... .......... .......... .......... .......... 53%  188M 0s
+ 28600K .......... .......... .......... .......... .......... 53%  193M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  196M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  223M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  170M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  181M 0s
+ 28850K .......... .......... .......... .......... .......... 54%  173M 0s
+ 28900K .......... .......... .......... .......... .......... 54%  145M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  166M 0s
+ 29000K .......... .......... .......... .......... .......... 54%  176M 0s
+ 29050K .......... .......... .......... .......... .......... 54%  179M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  161M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  167M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  183M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  157M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  168M 0s
+ 29350K .......... .......... .......... .......... .......... 55%  187M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  173M 0s
+ 29450K .......... .......... .......... .......... .......... 55%  144M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  145M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  205M 0s
+ 29600K .......... .......... .......... .......... .......... 55%  218M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  249M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  206M 0s
+ 29750K .......... .......... .......... .......... .......... 55%  241M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  217M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  194M 0s
+ 29900K .......... .......... .......... .......... .......... 56%  138M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  180M 0s
+ 30000K .......... .......... .......... .......... .......... 56%  158M 0s
+ 30050K .......... .......... .......... .......... .......... 56%  185M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  161M 0s
+ 30150K .......... .......... .......... .......... .......... 56%  157M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  173M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  182M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  151M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  149M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  167M 0s
+ 30450K .......... .......... .......... .......... .......... 57%  160M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  158M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  200M 0s
+ 30600K .......... .......... .......... .......... .......... 57%  185M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  186M 0s
+ 30700K .......... .......... .......... .......... .......... 57%  141M 0s
+ 30750K .......... .......... .......... .......... .......... 57%  192M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  179M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  175M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  178M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  154M 0s
+ 31000K .......... .......... .......... .......... .......... 58%  188M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  173M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  183M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  146M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  152M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  174M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  225M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  219M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  220M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  164M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  184M 0s
+ 31550K .......... .......... .......... .......... .......... 59%  158M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  164M 0s
+ 31650K .......... .......... .......... .......... .......... 59%  182M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  188M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  155M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  201M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  168M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  169M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  141M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  171M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  180M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  177M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  170M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  167M 0s
+ 32250K .......... .......... .......... .......... .......... 60%  251M 0s
+ 32300K .......... .......... .......... .......... .......... 60%  223M 0s
+ 32350K .......... .......... .......... .......... .......... 60%  210M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  243M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  179M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  185M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  165M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  177M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  167M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  157M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  148M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  172M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  159M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  182M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  168M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  181M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  175M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  181M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  138M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  156M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  181M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  180M 0s
+ 33350K .......... .......... .......... .......... .......... 62%  149M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  190M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  191M 0s
+ 33500K .......... .......... .......... .......... .......... 62%  184M 0s
+ 33550K .......... .......... .......... .......... .......... 62%  138M 0s
+ 33600K .......... .......... .......... .......... .......... 63%  187M 0s
+ 33650K .......... .......... .......... .......... .......... 63%  180M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  152M 0s
+ 33750K .......... .......... .......... .......... .......... 63%  165M 0s
  33800K .......... .......... .......... .......... .......... 63%  185M 0s
- 33850K .......... .......... .......... .......... .......... 63%  171M 0s
- 33900K .......... .......... .......... .......... .......... 63%  171M 0s
- 33950K .......... .......... .......... .......... .......... 63%  142M 0s
- 34000K .......... .......... .......... .......... .......... 63%  174M 0s
- 34050K .......... .......... .......... .......... .......... 63%  187M 0s
- 34100K .......... .......... .......... .......... .......... 63%  175M 0s
- 34150K .......... .......... .......... .......... .......... 64%  150M 0s
- 34200K .......... .......... .......... .......... .......... 64%  177M 0s
- 34250K .......... .......... .......... .......... .......... 64%  166M 0s
- 34300K .......... .......... .......... .......... .......... 64%  164M 0s
- 34350K .......... .......... .......... .......... .......... 64%  141M 0s
- 34400K .......... .......... .......... .......... .......... 64%  174M 0s
- 34450K .......... .......... .......... .......... .......... 64%  178M 0s
- 34500K .......... .......... .......... .......... .......... 64%  176M 0s
- 34550K .......... .......... .......... .......... .......... 64%  172M 0s
- 34600K .......... .......... .......... .......... .......... 64%  178M 0s
- 34650K .......... .......... .......... .......... .......... 64%  188M 0s
- 34700K .......... .......... .......... .......... .......... 65%  174M 0s
- 34750K .......... .......... .......... .......... .......... 65%  164M 0s
- 34800K .......... .......... .......... .......... .......... 65%  176M 0s
- 34850K .......... .......... .......... .......... .......... 65%  182M 0s
- 34900K .......... .......... .......... .......... .......... 65%  187M 0s
- 34950K .......... .......... .......... .......... .......... 65%  161M 0s
- 35000K .......... .......... .......... .......... .......... 65%  197M 0s
- 35050K .......... .......... .......... .......... .......... 65%  175M 0s
- 35100K .......... .......... .......... .......... .......... 65%  190M 0s
- 35150K .......... .......... .......... .......... .......... 65%  149M 0s
- 35200K .......... .......... .......... .......... .......... 66%  174M 0s
- 35250K .......... .......... .......... .......... .......... 66%  175M 0s
- 35300K .......... .......... .......... .......... .......... 66%  190M 0s
- 35350K .......... .......... .......... .......... .......... 66%  151M 0s
- 35400K .......... .......... .......... .......... .......... 66%  249M 0s
- 35450K .......... .......... .......... .......... .......... 66%  258M 0s
- 35500K .......... .......... .......... .......... .......... 66%  227M 0s
- 35550K .......... .......... .......... .......... .......... 66%  164M 0s
- 35600K .......... .......... .......... .......... .......... 66%  175M 0s
- 35650K .......... .......... .......... .......... .......... 66%  185M 0s
- 35700K .......... .......... .......... .......... .......... 66%  188M 0s
- 35750K .......... .......... .......... .......... .......... 67%  162M 0s
- 35800K .......... .......... .......... .......... .......... 67%  183M 0s
- 35850K .......... .......... .......... .......... .......... 67%  194M 0s
- 35900K .......... .......... .......... .......... .......... 67%  185M 0s
- 35950K .......... .......... .......... .......... .......... 67%  162M 0s
- 36000K .......... .......... .......... .......... .......... 67%  177M 0s
- 36050K .......... .......... .......... .......... .......... 67%  173M 0s
- 36100K .......... .......... .......... .......... .......... 67%  159M 0s
- 36150K .......... .......... .......... .......... .......... 67%  149M 0s
- 36200K .......... .......... .......... .......... .......... 67%  179M 0s
- 36250K .......... .......... .......... .......... .......... 67%  165M 0s
- 36300K .......... .......... .......... .......... .......... 68%  241M 0s
- 36350K .......... .......... .......... .......... .......... 68%  178M 0s
- 36400K .......... .......... .......... .......... .......... 68%  224M 0s
- 36450K .......... .......... .......... .......... .......... 68%  203M 0s
- 36500K .......... .......... .......... .......... .......... 68%  257M 0s
- 36550K .......... .......... .......... .......... .......... 68%  224M 0s
- 36600K .......... .......... .......... .......... .......... 68%  237M 0s
- 36650K .......... .......... .......... .......... .......... 68%  236M 0s
- 36700K .......... .......... .......... .......... .......... 68%  164M 0s
- 36750K .......... .......... .......... .......... .......... 68%  161M 0s
- 36800K .......... .......... .......... .......... .......... 69%  189M 0s
- 36850K .......... .......... .......... .......... .......... 69%  175M 0s
- 36900K .......... .......... .......... .......... .......... 69%  179M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  184M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  160M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  140M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  164M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  153M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  171M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  156M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  179M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  239M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  247M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  201M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  181M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  168M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  122M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  148M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  147M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  161M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  160M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  130M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  173M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  188M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  168M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  173M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  161M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  157M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  155M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  147M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  248M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  202M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  179M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  169M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  185M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  169M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  196M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  159M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  173M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  188M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  193M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  166M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  156M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  230M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  253M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  214M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  243M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  225M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  250M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  225M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  255M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  242M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  171M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  143M 0s
+ 36400K .......... .......... .......... .......... .......... 68%  180M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  174M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  197M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  150M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  164M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  176M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  174M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  187M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  220M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  245M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  190M 0s
  36950K .......... .......... .......... .......... .......... 69%  167M 0s
- 37000K .......... .......... .......... .......... .......... 69%  197M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  171M 0s
  37050K .......... .......... .......... .......... .......... 69%  183M 0s
- 37100K .......... .......... .......... .......... .......... 69%  188M 0s
- 37150K .......... .......... .......... .......... .......... 69%  154M 0s
- 37200K .......... .......... .......... .......... .......... 69%  189M 0s
- 37250K .......... .......... .......... .......... .......... 69%  178M 0s
- 37300K .......... .......... .......... .......... .......... 69%  166M 0s
- 37350K .......... .......... .......... .......... .......... 70%  156M 0s
- 37400K .......... .......... .......... .......... .......... 70%  169M 0s
- 37450K .......... .......... .......... .......... .......... 70%  187M 0s
- 37500K .......... .......... .......... .......... .......... 70%  197M 0s
- 37550K .......... .......... .......... .......... .......... 70%  172M 0s
- 37600K .......... .......... .......... .......... .......... 70%  186M 0s
- 37650K .......... .......... .......... .......... .......... 70%  167M 0s
- 37700K .......... .......... .......... .......... .......... 70%  186M 0s
- 37750K .......... .......... .......... .......... .......... 70%  169M 0s
- 37800K .......... .......... .......... .......... .......... 70%  174M 0s
- 37850K .......... .......... .......... .......... .......... 70%  155M 0s
- 37900K .......... .......... .......... .......... .......... 71%  176M 0s
- 37950K .......... .......... .......... .......... .......... 71%  154M 0s
- 38000K .......... .......... .......... .......... .......... 71%  173M 0s
- 38050K .......... .......... .......... .......... .......... 71%  189M 0s
- 38100K .......... .......... .......... .......... .......... 71%  180M 0s
- 38150K .......... .......... .......... .......... .......... 71%  176M 0s
- 38200K .......... .......... .......... .......... .......... 71%  189M 0s
- 38250K .......... .......... .......... .......... .......... 71%  185M 0s
- 38300K .......... .......... .......... .......... .......... 71%  189M 0s
- 38350K .......... .......... .......... .......... .......... 71%  157M 0s
- 38400K .......... .......... .......... .......... .......... 71%  226M 0s
- 38450K .......... .......... .......... .......... .......... 72%  254M 0s
- 38500K .......... .......... .......... .......... .......... 72%  219M 0s
- 38550K .......... .......... .......... .......... .......... 72%  205M 0s
- 38600K .......... .......... .......... .......... .......... 72%  174M 0s
- 38650K .......... .......... .......... .......... .......... 72%  202M 0s
- 38700K .......... .......... .......... .......... .......... 72%  179M 0s
- 38750K .......... .......... .......... .......... .......... 72%  164M 0s
- 38800K .......... .......... .......... .......... .......... 72%  177M 0s
- 38850K .......... .......... .......... .......... .......... 72%  179M 0s
- 38900K .......... .......... .......... .......... .......... 72%  158M 0s
- 38950K .......... .......... .......... .......... .......... 73%  139M 0s
- 39000K .......... .......... .......... .......... .......... 73%  172M 0s
- 39050K .......... .......... .......... .......... .......... 73%  185M 0s
- 39100K .......... .......... .......... .......... .......... 73%  198M 0s
- 39150K .......... .......... .......... .......... .......... 73%  161M 0s
- 39200K .......... .......... .......... .......... .......... 73%  204M 0s
- 39250K .......... .......... .......... .......... .......... 73%  158M 0s
- 39300K .......... .......... .......... .......... .......... 73%  187M 0s
- 39350K .......... .......... .......... .......... .......... 73%  170M 0s
- 39400K .......... .......... .......... .......... .......... 73%  180M 0s
- 39450K .......... .......... .......... .......... .......... 73%  198M 0s
- 39500K .......... .......... .......... .......... .......... 74%  187M 0s
- 39550K .......... .......... .......... .......... .......... 74%  158M 0s
- 39600K .......... .......... .......... .......... .......... 74%  179M 0s
- 39650K .......... .......... .......... .......... .......... 74%  183M 0s
- 39700K .......... .......... .......... .......... .......... 74%  211M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  186M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  151M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  168M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  193M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  173M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  157M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  174M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  163M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  166M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  153M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  187M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  202M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  165M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  172M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  182M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  179M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  172M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  162M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  162M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  153M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  185M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  172M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  233M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  166M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  191M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  155M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  178M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  164M 0s
+ 38500K .......... .......... .......... .......... .......... 72% 99.9M 0s
+ 38550K .......... .......... .......... .......... .......... 72%  144M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  199M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  193M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  191M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  144M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  187M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  211M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  180M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  142M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  159M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  182M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  166M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  153M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  191M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  170M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  197M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  162M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  176M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  163M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  163M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  140M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  161M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  193M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  174M 0s
  39750K .......... .......... .......... .......... .......... 74%  156M 0s
- 39800K .......... .......... .......... .......... .......... 74%  164M 0s
- 39850K .......... .......... .......... .......... .......... 74%  167M 0s
- 39900K .......... .......... .......... .......... .......... 74%  177M 0s
- 39950K .......... .......... .......... .......... .......... 74%  158M 0s
- 40000K .......... .......... .......... .......... .......... 74%  198M 0s
- 40050K .......... .......... .......... .......... .......... 75%  198M 0s
- 40100K .......... .......... .......... .......... .......... 75%  180M 0s
- 40150K .......... .......... .......... .......... .......... 75%  180M 0s
- 40200K .......... .......... .......... .......... .......... 75%  176M 0s
- 40250K .......... .......... .......... .......... .......... 75%  166M 0s
- 40300K .......... .......... .......... .......... .......... 75%  201M 0s
- 40350K .......... .......... .......... .......... .......... 75%  153M 0s
- 40400K .......... .......... .......... .......... .......... 75%  180M 0s
- 40450K .......... .......... .......... .......... .......... 75%  206M 0s
- 40500K .......... .......... .......... .......... .......... 75%  177M 0s
- 40550K .......... .......... .......... .......... .......... 76%  166M 0s
- 40600K .......... .......... .......... .......... .......... 76%  186M 0s
- 40650K .......... .......... .......... .......... .......... 76%  195M 0s
- 40700K .......... .......... .......... .......... .......... 76%  164M 0s
- 40750K .......... .......... .......... .......... .......... 76%  140M 0s
- 40800K .......... .......... .......... .......... .......... 76%  179M 0s
- 40850K .......... .......... .......... .......... .......... 76%  168M 0s
- 40900K .......... .......... .......... .......... .......... 76%  164M 0s
- 40950K .......... .......... .......... .......... .......... 76%  162M 0s
- 41000K .......... .......... .......... .......... .......... 76%  160M 0s
- 41050K .......... .......... .......... .......... .......... 76%  192M 0s
- 41100K .......... .......... .......... .......... .......... 77%  177M 0s
- 41150K .......... .......... .......... .......... .......... 77%  164M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  188M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  193M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  187M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  163M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  242M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  256M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  260M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  227M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  204M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  209M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  226M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  149M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  169M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  186M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  165M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  146M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  195M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  189M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  172M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  144M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  178M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  177M 0s
+ 40900K .......... .......... .......... .......... .......... 76%  141M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  160M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  153M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  156M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  180M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  205M 0s
  41200K .......... .......... .......... .......... .......... 77%  183M 0s
- 41250K .......... .......... .......... .......... .......... 77%  188M 0s
- 41300K .......... .......... .......... .......... .......... 77%  185M 0s
- 41350K .......... .......... .......... .......... .......... 77%  176M 0s
- 41400K .......... .......... .......... .......... .......... 77%  178M 0s
- 41450K .......... .......... .......... .......... .......... 77%  238M 0s
- 41500K .......... .......... .......... .......... .......... 77%  247M 0s
- 41550K .......... .......... .......... .......... .......... 77%  187M 0s
- 41600K .......... .......... .......... .......... .......... 77%  210M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  166M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  160M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  187M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  196M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  179M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  155M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  183M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  168M 0s
  41650K .......... .......... .......... .......... .......... 78%  177M 0s
- 41700K .......... .......... .......... .......... .......... 78%  183M 0s
- 41750K .......... .......... .......... .......... .......... 78%  170M 0s
- 41800K .......... .......... .......... .......... .......... 78%  178M 0s
- 41850K .......... .......... .......... .......... .......... 78%  177M 0s
- 41900K .......... .......... .......... .......... .......... 78%  191M 0s
- 41950K .......... .......... .......... .......... .......... 78%  163M 0s
- 42000K .......... .......... .......... .......... .......... 78%  160M 0s
- 42050K .......... .......... .......... .......... .......... 78%  173M 0s
- 42100K .......... .......... .......... .......... .......... 78%  167M 0s
- 42150K .......... .......... .......... .......... .......... 79%  164M 0s
- 42200K .......... .......... .......... .......... .......... 79%  261M 0s
- 42250K .......... .......... .......... .......... .......... 79%  252M 0s
- 42300K .......... .......... .......... .......... .......... 79%  256M 0s
- 42350K .......... .......... .......... .......... .......... 79%  220M 0s
- 42400K .......... .......... .......... .......... .......... 79%  208M 0s
- 42450K .......... .......... .......... .......... .......... 79%  182M 0s
- 42500K .......... .......... .......... .......... .......... 79%  205M 0s
- 42550K .......... .......... .......... .......... .......... 79%  179M 0s
- 42600K .......... .......... .......... .......... .......... 79%  176M 0s
- 42650K .......... .......... .......... .......... .......... 79%  179M 0s
- 42700K .......... .......... .......... .......... .......... 80%  188M 0s
- 42750K .......... .......... .......... .......... .......... 80%  147M 0s
- 42800K .......... .......... .......... .......... .......... 80%  189M 0s
- 42850K .......... .......... .......... .......... .......... 80%  166M 0s
- 42900K .......... .......... .......... .......... .......... 80%  189M 0s
- 42950K .......... .......... .......... .......... .......... 80%  149M 0s
- 43000K .......... .......... .......... .......... .......... 80%  167M 0s
- 43050K .......... .......... .......... .......... .......... 80%  169M 0s
- 43100K .......... .......... .......... .......... .......... 80%  173M 0s
- 43150K .......... .......... .......... .......... .......... 80%  158M 0s
- 43200K .......... .......... .......... .......... .......... 80%  185M 0s
- 43250K .......... .......... .......... .......... .......... 81%  203M 0s
- 43300K .......... .......... .......... .......... .......... 81%  182M 0s
- 43350K .......... .......... .......... .......... .......... 81%  165M 0s
- 43400K .......... .......... .......... .......... .......... 81%  201M 0s
- 43450K .......... .......... .......... .......... .......... 81%  184M 0s
- 43500K .......... .......... .......... .......... .......... 81%  151M 0s
- 43550K .......... .......... .......... .......... .......... 81%  183M 0s
- 43600K .......... .......... .......... .......... .......... 81%  187M 0s
- 43650K .......... .......... .......... .......... .......... 81%  155M 0s
- 43700K .......... .......... .......... .......... .......... 81%  211M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  147M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  156M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  155M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  153M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  138M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  180M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  178M 0s
+ 42050K .......... .......... .......... .......... .......... 78%  178M 0s
+ 42100K .......... .......... .......... .......... .......... 78%  148M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  185M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  185M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  205M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  144M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  182M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  193M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  167M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  160M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  184M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  211M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  186M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  158M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  175M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  179M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  168M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  145M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  176M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  212M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  249M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  216M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  179M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  167M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  195M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  171M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  217M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  170M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  193M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  145M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  146M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  158M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  161M 0s
+ 43700K .......... .......... .......... .......... .......... 81%  139M 0s
  43750K .......... .......... .......... .......... .......... 82%  178M 0s
  43800K .......... .......... .......... .......... .......... 82%  177M 0s
- 43850K .......... .......... .......... .......... .......... 82%  133M 0s
- 43900K .......... .......... .......... .......... .......... 82%  164M 0s
- 43950K .......... .......... .......... .......... .......... 82%  181M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  179M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  140M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  179M 0s
  44000K .......... .......... .......... .......... .......... 82%  191M 0s
  44050K .......... .......... .......... .......... .......... 82%  169M 0s
- 44100K .......... .......... .......... .......... .......... 82%  190M 0s
- 44150K .......... .......... .......... .......... .......... 82%  176M 0s
- 44200K .......... .......... .......... .......... .......... 82%  193M 0s
- 44250K .......... .......... .......... .......... .......... 82%  176M 0s
- 44300K .......... .......... .......... .......... .......... 83%  219M 0s
- 44350K .......... .......... .......... .......... .......... 83%  220M 0s
- 44400K .......... .......... .......... .......... .......... 83%  239M 0s
- 44450K .......... .......... .......... .......... .......... 83%  195M 0s
- 44500K .......... .......... .......... .......... .......... 83%  184M 0s
- 44550K .......... .......... .......... .......... .......... 83%  170M 0s
- 44600K .......... .......... .......... .......... .......... 83%  183M 0s
- 44650K .......... .......... .......... .......... .......... 83%  240M 0s
- 44700K .......... .......... .......... .......... .......... 83%  257M 0s
- 44750K .......... .......... .......... .......... .......... 83%  224M 0s
- 44800K .......... .......... .......... .......... .......... 83%  260M 0s
- 44850K .......... .......... .......... .......... .......... 84%  161M 0s
- 44900K .......... .......... .......... .......... .......... 84%  172M 0s
- 44950K .......... .......... .......... .......... .......... 84%  164M 0s
- 45000K .......... .......... .......... .......... .......... 84%  165M 0s
- 45050K .......... .......... .......... .......... .......... 84%  192M 0s
- 45100K .......... .......... .......... .......... .......... 84%  182M 0s
- 45150K .......... .......... .......... .......... .......... 84%  168M 0s
- 45200K .......... .......... .......... .......... .......... 84%  181M 0s
- 45250K .......... .......... .......... .......... .......... 84%  179M 0s
- 45300K .......... .......... .......... .......... .......... 84%  169M 0s
- 45350K .......... .......... .......... .......... .......... 85%  166M 0s
- 45400K .......... .......... .......... .......... .......... 85%  239M 0s
- 45450K .......... .......... .......... .......... .......... 85%  182M 0s
- 45500K .......... .......... .......... .......... .......... 85%  177M 0s
- 45550K .......... .......... .......... .......... .......... 85%  148M 0s
- 45600K .......... .......... .......... .......... .......... 85%  192M 0s
- 45650K .......... .......... .......... .......... .......... 85%  200M 0s
- 45700K .......... .......... .......... .......... .......... 85%  178M 0s
- 45750K .......... .......... .......... .......... .......... 85%  159M 0s
- 45800K .......... .......... .......... .......... .......... 85%  182M 0s
- 45850K .......... .......... .......... .......... .......... 85%  183M 0s
- 45900K .......... .......... .......... .......... .......... 86%  187M 0s
- 45950K .......... .......... .......... .......... .......... 86%  166M 0s
- 46000K .......... .......... .......... .......... .......... 86%  180M 0s
- 46050K .......... .......... .......... .......... .......... 86%  188M 0s
- 46100K .......... .......... .......... .......... .......... 86%  173M 0s
- 46150K .......... .......... .......... .......... .......... 86%  154M 0s
- 46200K .......... .......... .......... .......... .......... 86%  173M 0s
- 46250K .......... .......... .......... .......... .......... 86%  165M 0s
- 46300K .......... .......... .......... .......... .......... 86%  183M 0s
- 46350K .......... .......... .......... .......... .......... 86%  157M 0s
- 46400K .......... .......... .......... .......... .......... 86%  192M 0s
- 46450K .......... .......... .......... .......... .......... 87%  166M 0s
- 46500K .......... .......... .......... .......... .......... 87%  179M 0s
- 46550K .......... .......... .......... .......... .......... 87%  209M 0s
- 46600K .......... .......... .......... .......... .......... 87%  183M 0s
- 46650K .......... .......... .......... .......... .......... 87%  141M 0s
- 46700K .......... .......... .......... .......... .......... 87%  241M 0s
- 46750K .......... .......... .......... .......... .......... 87%  239M 0s
- 46800K .......... .......... .......... .......... .......... 87%  243M 0s
- 46850K .......... .......... .......... .......... .......... 87%  215M 0s
- 46900K .......... .......... .......... .......... .......... 87%  256M 0s
- 46950K .......... .......... .......... .......... .......... 88%  251M 0s
- 47000K .......... .......... .......... .......... .......... 88%  264M 0s
- 47050K .......... .......... .......... .......... .......... 88%  222M 0s
- 47100K .......... .......... .......... .......... .......... 88%  212M 0s
- 47150K .......... .......... .......... .......... .......... 88%  256M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  159M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  213M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  229M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  175M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  209M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  222M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  252M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  221M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  154M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  166M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  180M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  154M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  155M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  174M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  154M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  163M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  143M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  157M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  180M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  179M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  153M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  178M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  183M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  177M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  164M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  190M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  191M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  181M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  136M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  168M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  164M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  163M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  196M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  255M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  241M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  186M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  149M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  181M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  182M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  176M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  169M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  195M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  181M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  153M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  159M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  187M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  139M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  163M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  159M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  162M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  168M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  174M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  152M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  170M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  181M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  167M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  150M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  192M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  182M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  175M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  174M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  180M 0s
  47200K .......... .......... .......... .......... .......... 88%  182M 0s
- 47250K .......... .......... .......... .......... .......... 88%  174M 0s
- 47300K .......... .......... .......... .......... .......... 88%  178M 0s
- 47350K .......... .......... .......... .......... .......... 88%  184M 0s
- 47400K .......... .......... .......... .......... .......... 88%  189M 0s
- 47450K .......... .......... .......... .......... .......... 88%  155M 0s
- 47500K .......... .......... .......... .......... .......... 89%  198M 0s
- 47550K .......... .......... .......... .......... .......... 89%  182M 0s
- 47600K .......... .......... .......... .......... .......... 89%  211M 0s
- 47650K .......... .......... .......... .......... .......... 89%  180M 0s
- 47700K .......... .......... .......... .......... .......... 89%  168M 0s
- 47750K .......... .......... .......... .......... .......... 89%  160M 0s
- 47800K .......... .......... .......... .......... .......... 89%  171M 0s
- 47850K .......... .......... .......... .......... .......... 89%  155M 0s
- 47900K .......... .......... .......... .......... .......... 89%  172M 0s
- 47950K .......... .......... .......... .......... .......... 89%  196M 0s
- 48000K .......... .......... .......... .......... .......... 89%  206M 0s
- 48050K .......... .......... .......... .......... .......... 90%  168M 0s
- 48100K .......... .......... .......... .......... .......... 90%  176M 0s
- 48150K .......... .......... .......... .......... .......... 90%  182M 0s
- 48200K .......... .......... .......... .......... .......... 90%  164M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  195M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  159M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  142M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  167M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  160M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  159M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  190M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  169M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  184M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  167M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  189M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  170M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  175M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  147M 0s
+ 47950K .......... .......... .......... .......... .......... 89%  148M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  187M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  187M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  164M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  181M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  212M 0s
  48250K .......... .......... .......... .......... .......... 90%  163M 0s
- 48300K .......... .......... .......... .......... .......... 90%  247M 0s
- 48350K .......... .......... .......... .......... .......... 90%  181M 0s
- 48400K .......... .......... .......... .......... .......... 90%  167M 0s
- 48450K .......... .......... .......... .......... .......... 90%  169M 0s
- 48500K .......... .......... .......... .......... .......... 90%  185M 0s
- 48550K .......... .......... .......... .......... .......... 91%  189M 0s
- 48600K .......... .......... .......... .......... .......... 91%  178M 0s
- 48650K .......... .......... .......... .......... .......... 91%  154M 0s
- 48700K .......... .......... .......... .......... .......... 91%  184M 0s
- 48750K .......... .......... .......... .......... .......... 91%  156M 0s
- 48800K .......... .......... .......... .......... .......... 91%  186M 0s
- 48850K .......... .......... .......... .......... .......... 91%  174M 0s
- 48900K .......... .......... .......... .......... .......... 91%  175M 0s
- 48950K .......... .......... .......... .......... .......... 91%  179M 0s
- 49000K .......... .......... .......... .......... .......... 91%  198M 0s
- 49050K .......... .......... .......... .......... .......... 91%  168M 0s
- 49100K .......... .......... .......... .......... .......... 92%  178M 0s
- 49150K .......... .......... .......... .......... .......... 92%  180M 0s
- 49200K .......... .......... .......... .......... .......... 92%  172M 0s
- 49250K .......... .......... .......... .......... .......... 92%  166M 0s
- 49300K .......... .......... .......... .......... .......... 92%  156M 0s
- 49350K .......... .......... .......... .......... .......... 92%  165M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  133M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  141M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  166M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  186M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  208M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  238M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  254M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  258M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  185M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  242M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  216M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  185M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  151M 0s
+ 48950K .......... .......... .......... .......... .......... 91%  193M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  186M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  178M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  148M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  182M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  193M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  183M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  162M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  181M 0s
  49400K .......... .......... .......... .......... .......... 92%  168M 0s
- 49450K .......... .......... .......... .......... .......... 92%  138M 0s
- 49500K .......... .......... .......... .......... .......... 92%  172M 0s
- 49550K .......... .......... .......... .......... .......... 92%  181M 0s
- 49600K .......... .......... .......... .......... .......... 92%  180M 0s
- 49650K .......... .......... .......... .......... .......... 93%  151M 0s
- 49700K .......... .......... .......... .......... .......... 93%  174M 0s
- 49750K .......... .......... .......... .......... .......... 93%  180M 0s
- 49800K .......... .......... .......... .......... .......... 93%  175M 0s
- 49850K .......... .......... .......... .......... .......... 93%  152M 0s
- 49900K .......... .......... .......... .......... .......... 93%  193M 0s
- 49950K .......... .......... .......... .......... .......... 93%  174M 0s
- 50000K .......... .......... .......... .......... .......... 93%  204M 0s
- 50050K .......... .......... .......... .......... .......... 93%  162M 0s
- 50100K .......... .......... .......... .......... .......... 93%  180M 0s
- 50150K .......... .......... .......... .......... .......... 94%  234M 0s
- 50200K .......... .......... .......... .......... .......... 94%  251M 0s
- 50250K .......... .......... .......... .......... .......... 94%  148M 0s
- 50300K .......... .......... .......... .......... .......... 94%  168M 0s
- 50350K .......... .......... .......... .......... .......... 94%  177M 0s
- 50400K .......... .......... .......... .......... .......... 94%  192M 0s
- 50450K .......... .......... .......... .......... .......... 94%  156M 0s
- 50500K .......... .......... .......... .......... .......... 94%  196M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  155M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  158M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  174M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  171M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  176M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  151M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  172M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  145M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  204M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  178M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  168M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  186M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  165M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  165M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  173M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  196M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  184M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  138M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  114M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  164M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  157M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  165M 0s
  50550K .......... .......... .......... .......... .......... 94%  177M 0s
- 50600K .......... .......... .......... .......... .......... 94%  188M 0s
- 50650K .......... .......... .......... .......... .......... 94%  157M 0s
- 50700K .......... .......... .......... .......... .......... 95%  176M 0s
- 50750K .......... .......... .......... .......... .......... 95%  185M 0s
- 50800K .......... .......... .......... .......... .......... 95%  185M 0s
- 50850K .......... .......... .......... .......... .......... 95%  161M 0s
- 50900K .......... .......... .......... .......... .......... 95%  168M 0s
- 50950K .......... .......... .......... .......... .......... 95%  161M 0s
- 51000K .......... .......... .......... .......... .......... 95%  170M 0s
- 51050K .......... .......... .......... .......... .......... 95%  151M 0s
- 51100K .......... .......... .......... .......... .......... 95%  174M 0s
- 51150K .......... .......... .......... .......... .......... 95%  174M 0s
- 51200K .......... .......... .......... .......... .......... 95%  198M 0s
- 51250K .......... .......... .......... .......... .......... 96%  180M 0s
- 51300K .......... .......... .......... .......... .......... 96%  229M 0s
- 51350K .......... .......... .......... .......... .......... 96%  237M 0s
- 51400K .......... .......... .......... .......... .......... 96%  253M 0s
- 51450K .......... .......... .......... .......... .......... 96%  244M 0s
- 51500K .......... .......... .......... .......... .......... 96%  251M 0s
- 51550K .......... .......... .......... .......... .......... 96%  207M 0s
- 51600K .......... .......... .......... .......... .......... 96%  235M 0s
- 51650K .......... .......... .......... .......... .......... 96%  216M 0s
- 51700K .......... .......... .......... .......... .......... 96%  194M 0s
- 51750K .......... .......... .......... .......... .......... 96%  155M 0s
- 51800K .......... .......... .......... .......... .......... 97%  176M 0s
- 51850K .......... .......... .......... .......... .......... 97%  184M 0s
- 51900K .......... .......... .......... .......... .......... 97%  165M 0s
- 51950K .......... .......... .......... .......... .......... 97%  139M 0s
- 52000K .......... .......... .......... .......... .......... 97%  159M 0s
- 52050K .......... .......... .......... .......... .......... 97%  162M 0s
- 52100K .......... .......... .......... .......... .......... 97%  166M 0s
- 52150K .......... .......... .......... .......... .......... 97%  153M 0s
- 52200K .......... .......... .......... .......... .......... 97%  171M 0s
- 52250K .......... .......... .......... .......... .......... 97%  178M 0s
- 52300K .......... .......... .......... .......... .......... 98%  178M 0s
- 52350K .......... .......... .......... .......... .......... 98%  152M 0s
- 52400K .......... .......... .......... .......... .......... 98%  181M 0s
- 52450K .......... .......... .......... .......... .......... 98%  183M 0s
- 52500K .......... .......... .......... .......... .......... 98%  181M 0s
- 52550K .......... .......... .......... .......... .......... 98%  172M 0s
- 52600K .......... .......... .......... .......... .......... 98%  256M 0s
- 52650K .......... .......... .......... .......... .......... 98%  220M 0s
- 52700K .......... .......... .......... .......... .......... 98%  224M 0s
- 52750K .......... .......... .......... .......... .......... 98%  152M 0s
- 52800K .......... .......... .......... .......... .......... 98%  185M 0s
- 52850K .......... .......... .......... .......... .......... 99%  178M 0s
- 52900K .......... .......... .......... .......... .......... 99%  193M 0s
- 52950K .......... .......... .......... .......... .......... 99%  152M 0s
- 53000K .......... .......... .......... .......... .......... 99%  162M 0s
- 53050K .......... .......... .......... .......... .......... 99%  176M 0s
- 53100K .......... .......... .......... .......... .......... 99%  166M 0s
- 53150K .......... .......... .......... .......... .......... 99%  128M 0s
- 53200K .......... .......... .......... .......... .......... 99%  160M 0s
- 53250K .......... .......... .......... .......... .......... 99%  179M 0s
- 53300K .......... .......... .......... .......... .......... 99%  176M 0s
- 53350K .......... .......... .......... .......... .......... 99%  170M 0s
- 53400K ...                                                   100% 6.31T=0.4s
+ 50600K .......... .......... .......... .......... .......... 94%  165M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  166M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  144M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  177M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  160M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  181M 0s
+ 50900K .......... .......... .......... .......... .......... 95%  158M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  210M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  231M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  257M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  210M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  262M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  187M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  179M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  178M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  189M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  179M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  215M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  254M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  205M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  162M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  145M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  162M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  161M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  174M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  147M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  186M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  163M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  187M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  167M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  177M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  173M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  169M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  132M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  186M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  178M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  196M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  167M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  190M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  183M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  182M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  130M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  165M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  165M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  163M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  162M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  177M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  161M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  169M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  148M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  175M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  171M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  186M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  165M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  166M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  174M 0s
+ 53400K ...                                                   100% 75.8M=0.4s
 
-2024-11-06 09:45:31 (126 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.2’ saved [54685068/54685068]
+2024-11-11 09:56:35 (128 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.2’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -17091,62 +17176,62 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/cnideploy:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-2c2d764c30e5: Mounted from noirolabs/aci-containers-controller
-c6ce05a09977: Mounted from noirolabs/aci-containers-controller
-a2cb3a2fbce4: Pushed
-c322c5b0f474: Pushed
-6.0.4.4.81c2369: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+d242d05d20ef: Mounted from noirolabs/aci-containers-controller
+1a6b532927e3: Mounted from noirolabs/aci-containers-controller
+d1718fe1912b: Pushed
+9414dc7e0657: Pushed
+6.0.4.4.81c2369: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noirolabs/cnideploy:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/cnideploy:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-c6ce05a09977: Layer already exists
-2c2d764c30e5: Layer already exists
-a2cb3a2fbce4: Layer already exists
-c322c5b0f474: Layer already exists
+d242d05d20ef: Layer already exists
+1a6b532927e3: Layer already exists
 797935172f32: Layer already exists
-6.0.4.4.81c2369: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+9414dc7e0657: Layer already exists
+d1718fe1912b: Layer already exists
+6.0.4.4.81c2369: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-c322c5b0f474: Layer already exists
-2c2d764c30e5: Layer already exists
-c6ce05a09977: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-a2cb3a2fbce4: Layer already exists
-6.0.4.4.81c2369.110624.10022: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+1a6b532927e3: Layer already exists
+d1718fe1912b: Layer already exists
+9414dc7e0657: Layer already exists
+6.0.4.4.81c2369.111124.10031: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-c322c5b0f474: Layer already exists
-a2cb3a2fbce4: Layer already exists
+d242d05d20ef: Layer already exists
+d1718fe1912b: Layer already exists
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+1a6b532927e3: Layer already exists
+9414dc7e0657: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +docker login -u=[secure] -p=[secure] quay.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -17154,34 +17239,34 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noiro/cnideploy:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/cnideploy:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noiro/cnideploy:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/cnideploy:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-a2cb3a2fbce4: Mounted from noirolabs/cnideploy
-c322c5b0f474: Mounted from noirolabs/cnideploy
-c6ce05a09977: Mounted from noiro/aci-containers-controller
-2c2d764c30e5: Mounted from noiro/aci-containers-controller
-6.0.4.4.81c2369.110624.10022: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+9414dc7e0657: Mounted from noirolabs/cnideploy
+d242d05d20ef: Mounted from noiro/aci-containers-controller
+d1718fe1912b: Mounted from noirolabs/cnideploy
+1a6b532927e3: Mounted from noiro/aci-containers-controller
+6.0.4.4.81c2369.111124.10031: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 quay.io/noiro/cnideploy:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/cnideploy:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-a2cb3a2fbce4: Layer already exists
-c322c5b0f474: Layer already exists
+1a6b532927e3: Layer already exists
+9414dc7e0657: Layer already exists
+d1718fe1912b: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+6.0.4.4.81c2369.z: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -17189,37 +17274,37 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 docker.io/noiro/cnideploy:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/cnideploy:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 docker.io/noiro/cnideploy:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/cnideploy:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-2c2d764c30e5: Mounted from noiro/aci-containers-controller
-c6ce05a09977: Mounted from noiro/aci-containers-controller
-a2cb3a2fbce4: Pushed
-c322c5b0f474: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+d242d05d20ef: Mounted from noiro/aci-containers-controller
+1a6b532927e3: Mounted from noiro/aci-containers-controller
+d1718fe1912b: Pushed
+9414dc7e0657: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 +docker tag quay.io/noirolabs/cnideploy:6.0.4.4.81c2369 docker.io/noiro/cnideploy:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/cnideploy:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/cnideploy]
-a2cb3a2fbce4: Preparing
-c322c5b0f474: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+d1718fe1912b: Preparing
+9414dc7e0657: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-c6ce05a09977: Layer already exists
+9414dc7e0657: Layer already exists
+d1718fe1912b: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-c322c5b0f474: Layer already exists
-a2cb3a2fbce4: Layer already exists
-2c2d764c30e5: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004 size: 1367
+1a6b532927e3: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4 size: 1367
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/cnideploy:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro cnideploy 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034 registry.access.redhat.com/ubi9/ubi:9.3
++IMAGE_SHA=sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro cnideploy 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -17227,9 +17312,9 @@ a2cb3a2fbce4: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -17247,8 +17332,8 @@ a2cb3a2fbce4: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=cnideploy
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -17267,40 +17352,81 @@ fatal: destination path 'cicd-status' already exists and is not an empty directo
 +add_artifacts
 +cd /tmp/cicd-status
 +git pull --rebase origin main
-error: cannot pull with rebase: You have unstaged changes.
-error: Please commit or stash them.
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/cnideploy
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1012k  100 1012k    0     0  5859k      0 --:--:-- --:--:-- --:--:-- 5889k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1019k  100 1019k    0     0  5561k      0 --:--:-- --:--:-- --:--:-- 5571k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
-Untagged: noiro/cnideploy:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce
+Untagged: noiro/cnideploy:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/cnideploy:6.0.4.4.81c2369.z
-Untagged: noiro/cnideploy@sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004
-Untagged: quay.io/noiro/cnideploy:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/cnideploy@sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4
+Untagged: quay.io/noiro/cnideploy:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/cnideploy:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/cnideploy@sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004
+Untagged: quay.io/noiro/cnideploy@sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4
 Untagged: quay.io/noirolabs/cnideploy:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/cnideploy:6.0.4.4.81c2369.z
-Untagged: quay.io/noirolabs/cnideploy@sha256:69c3ac72aadf3ebd520f56435535cb89b6698b5d53819eeca36add05eecd7004
-Deleted: sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
-+python /tmp/cicd/travis/update-release.py quay.io/noiro cnideploy 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
+Untagged: quay.io/noirolabs/cnideploy@sha256:57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4
+Deleted: sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce
++python /tmp/cicd/travis/update-release.py quay.io/noiro cnideploy 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/cnideploy:6.0.4.4.81c2369.z
-2024-11-06T09:46:58.762Z	[34mINFO[0m	Need to update DB
-2024-11-06T09:46:58.762Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
-2024-11-06T09:46:58.762Z	[34mINFO[0m	Downloading DB...
-2024-11-06T09:46:58.945Z	[31mFATAL[0m	init error: DB error: failed to download vulnerability DB: database download error: oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:5b19a61b224413cc3b1001154da5e4a275ce78c30cc692961bb3c8de4003c7c7: TOOMANYREQUESTS: retry-after: 453.829µs, allowed: 44000/minute
+2024-11-11T09:57:56.491Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T09:57:56.491Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T09:57:56.491Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T09:57:56.491Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T09:58:05.159Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T09:58:05.160Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T09:58:05.366Z	[34mINFO[0m	Number of language-specific files: 17
+2024-11-11T09:58:05.366Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
++git_add_commit_push
++cd /tmp/cicd-status
++git config --local user.email test@cisco.com
++git config --local user.name travis-tagger
++git stash
+Saved working directory and index state WIP on main: b50f5c4c 6.0.4.4.z-aci-containers-controller-10031-2024-11-11_09:56:28
++git pull --rebase origin main
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
++git stash pop
+On branch main
+Your branch is up to date with 'origin/main'.
+
+Changes not staged for commit:
+  (use "git add <file>..." to update what will be committed)
+  (use "git restore <file>..." to discard changes in working directory)
+	modified:   docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-cve.txt
+	modified:   docs/release_artifacts/releases.yaml
+
+no changes added to commit (use "git add" and/or "git commit -a")
+Dropped refs/stash@{0} (7d2063ebc2f5407d2b711defea99557ff4af61f4)
++git add .
++[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
+++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/cnideploy:6.0.4.4.81c2369.z
++DOCKER_REPO_DIGEST_SHA=57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4
+++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/cnideploy:6.0.4.4.81c2369.z
++QUAY_REPO_DIGEST_SHA=57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4
+++date +%F_%H:%M:%S
++git commit -a -m 6.0.4.4.z-cnideploy-10031-2024-11-11_09:58:05 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:b9c6dcdbf7ea8058fa9213baf7f3dc33d9704150494d9f6b43fc163f525aa3ce' -m 'DockerSha: 57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4' -m 'QuaySha: 57188b652ce89b359bb4a9994ba9bbb86cd5a232efc27b4414399e3b678ca0c4'
+[main fb304fb2] 6.0.4.4.z-cnideploy-10031-2024-11-11_09:58:05
+ 3 files changed, 9194 insertions(+), 8302 deletions(-)
++git push origin main
+To https://github.com/noironetworks/cicd-status.git
+   b50f5c4c..fb304fb2  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ aci-containers-operator != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-operator 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-operator 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -17308,9 +17434,9 @@ Deleted: sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -17325,9 +17451,9 @@ Deleted: sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=aci-containers-operator
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 +sh -s -- -b /tmp
@@ -17342,7 +17468,7 @@ Deleted: sha256:cdecf6ab6714b3f2aa70fa5589a4004a8478a6062aba6fa105f4e24755af0034
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:47:04--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+--2024-11-11 09:58:11--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
 Resolving github.com (github.com)... 140.82.114.4
 Connecting to github.com (github.com)|140.82.114.4|:443... connected.
 HTTP request sent, awaiting response... 302 Found
@@ -17352,1077 +17478,1077 @@ HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.3’
 
-     0K .......... .......... .......... .......... ..........  0% 3.64M 14s
-    50K .......... .......... .......... .......... ..........  0% 3.72M 14s
-   100K .......... .......... .......... .......... ..........  0% 15.9M 11s
-   150K .......... .......... .......... .......... ..........  0% 17.7M 9s
-   200K .......... .......... .......... .......... ..........  0% 6.66M 8s
-   250K .......... .......... .......... .......... ..........  0% 39.1M 7s
-   300K .......... .......... .......... .......... ..........  0% 22.7M 7s
-   350K .......... .......... .......... .......... ..........  0% 27.0M 6s
-   400K .......... .......... .......... .......... ..........  0% 45.8M 5s
-   450K .......... .......... .......... .......... ..........  0% 7.30M 6s
-   500K .......... .......... .......... .......... ..........  1% 74.7M 5s
-   550K .......... .......... .......... .......... ..........  1% 39.2M 5s
-   600K .......... .......... .......... .......... ..........  1% 61.4M 4s
-   650K .......... .......... .......... .......... ..........  1% 47.8M 4s
-   700K .......... .......... .......... .......... ..........  1% 54.4M 4s
-   750K .......... .......... .......... .......... ..........  1%  222M 4s
-   800K .......... .......... .......... .......... ..........  1% 59.6M 4s
-   850K .......... .......... .......... .......... ..........  1% 53.9M 3s
-   900K .......... .......... .......... .......... ..........  1% 66.1M 3s
-   950K .......... .......... .......... .......... ..........  1%  245M 3s
-  1000K .......... .......... .......... .......... ..........  1% 8.18M 3s
-  1050K .......... .......... .......... .......... ..........  2%  223M 3s
-  1100K .......... .......... .......... .......... ..........  2% 37.1M 3s
-  1150K .......... .......... .......... .......... ..........  2%  215M 3s
-  1200K .......... .......... .......... .......... ..........  2% 72.6M 3s
-  1250K .......... .......... .......... .......... ..........  2%  195M 3s
-  1300K .......... .......... .......... .......... ..........  2% 59.4M 3s
-  1350K .......... .......... .......... .......... ..........  2%  102M 3s
-  1400K .......... .......... .......... .......... ..........  2%  236M 3s
-  1450K .......... .......... .......... .......... ..........  2%  157M 2s
-  1500K .......... .......... .......... .......... ..........  2%  193M 2s
-  1550K .......... .......... .......... .......... ..........  2% 72.6M 2s
-  1600K .......... .......... .......... .......... ..........  3% 77.4M 2s
-  1650K .......... .......... .......... .......... ..........  3% 83.2M 2s
-  1700K .......... .......... .......... .......... ..........  3% 76.4M 2s
-  1750K .......... .......... .......... .......... ..........  3%  218M 2s
-  1800K .......... .......... .......... .......... ..........  3%  207M 2s
-  1850K .......... .......... .......... .......... ..........  3%  257M 2s
-  1900K .......... .......... .......... .......... ..........  3%  205M 2s
-  1950K .......... .......... .......... .......... ..........  3%  226M 2s
-  2000K .......... .......... .......... .......... ..........  3% 9.62M 2s
-  2050K .......... .......... .......... .......... ..........  3%  205M 2s
-  2100K .......... .......... .......... .......... ..........  4%  212M 2s
-  2150K .......... .......... .......... .......... ..........  4%  231M 2s
-  2200K .......... .......... .......... .......... ..........  4%  244M 2s
-  2250K .......... .......... .......... .......... ..........  4% 59.9M 2s
-  2300K .......... .......... .......... .......... ..........  4% 73.2M 2s
-  2350K .......... .......... .......... .......... ..........  4% 96.2M 2s
-  2400K .......... .......... .......... .......... ..........  4% 82.9M 2s
-  2450K .......... .......... .......... .......... ..........  4% 83.2M 2s
-  2500K .......... .......... .......... .......... ..........  4%  106M 2s
-  2550K .......... .......... .......... .......... ..........  4%  272M 2s
-  2600K .......... .......... .......... .......... ..........  4%  230M 2s
-  2650K .......... .......... .......... .......... ..........  5% 66.0M 2s
-  2700K .......... .......... .......... .......... ..........  5% 49.5M 2s
-  2750K .......... .......... .......... .......... ..........  5%  207M 2s
-  2800K .......... .......... .......... .......... ..........  5%  264M 2s
-  2850K .......... .......... .......... .......... ..........  5%  131M 2s
-  2900K .......... .......... .......... .......... ..........  5% 74.2M 1s
-  2950K .......... .......... .......... .......... ..........  5% 82.3M 1s
-  3000K .......... .......... .......... .......... ..........  5%  259M 1s
-  3050K .......... .......... .......... .......... ..........  5%  265M 1s
-  3100K .......... .......... .......... .......... ..........  5%  167M 1s
-  3150K .......... .......... .......... .......... ..........  5%  161M 1s
-  3200K .......... .......... .......... .......... ..........  6% 71.4M 1s
-  3250K .......... .......... .......... .......... ..........  6% 86.8M 1s
-  3300K .......... .......... .......... .......... ..........  6% 66.1M 1s
-  3350K .......... .......... .......... .......... ..........  6% 76.1M 1s
-  3400K .......... .......... .......... .......... ..........  6%  244M 1s
-  3450K .......... .......... .......... .......... ..........  6%  251M 1s
-  3500K .......... .......... .......... .......... ..........  6%  215M 1s
-  3550K .......... .......... .......... .......... ..........  6%  256M 1s
-  3600K .......... .......... .......... .......... ..........  6%  157M 1s
-  3650K .......... .......... .......... .......... ..........  6% 84.6M 1s
-  3700K .......... .......... .......... .......... ..........  7% 48.9M 1s
-  3750K .......... .......... .......... .......... ..........  7%  103M 1s
-  3800K .......... .......... .......... .......... ..........  7%  129M 1s
-  3850K .......... .......... .......... .......... ..........  7% 98.9M 1s
-  3900K .......... .......... .......... .......... ..........  7% 83.6M 1s
-  3950K .......... .......... .......... .......... ..........  7% 94.9M 1s
-  4000K .......... .......... .......... .......... ..........  7%  113M 1s
-  4050K .......... .......... .......... .......... ..........  7%  134M 1s
-  4100K .......... .......... .......... .......... ..........  7% 83.3M 1s
-  4150K .......... .......... .......... .......... ..........  7% 84.2M 1s
-  4200K .......... .......... .......... .......... ..........  7%  230M 1s
-  4250K .......... .......... .......... .......... ..........  8%  234M 1s
-  4300K .......... .......... .......... .......... ..........  8%  196M 1s
-  4350K .......... .......... .......... .......... ..........  8% 93.7M 1s
-  4400K .......... .......... .......... .......... ..........  8%  253M 1s
-  4450K .......... .......... .......... .......... ..........  8%  234M 1s
-  4500K .......... .......... .......... .......... ..........  8%  184M 1s
-  4550K .......... .......... .......... .......... ..........  8% 35.9M 1s
-  4600K .......... .......... .......... .......... ..........  8% 76.2M 1s
-  4650K .......... .......... .......... .......... ..........  8% 81.7M 1s
-  4700K .......... .......... .......... .......... ..........  8% 81.2M 1s
-  4750K .......... .......... .......... .......... ..........  8% 80.8M 1s
-  4800K .......... .......... .......... .......... ..........  9%  235M 1s
-  4850K .......... .......... .......... .......... ..........  9%  247M 1s
-  4900K .......... .......... .......... .......... ..........  9%  227M 1s
-  4950K .......... .......... .......... .......... ..........  9%  241M 1s
-  5000K .......... .......... .......... .......... ..........  9%  246M 1s
+     0K .......... .......... .......... .......... ..........  0% 4.08M 13s
+    50K .......... .......... .......... .......... ..........  0% 5.26M 11s
+   100K .......... .......... .......... .......... ..........  0% 20.0M 8s
+   150K .......... .......... .......... .......... ..........  0% 38.2M 7s
+   200K .......... .......... .......... .......... ..........  0% 7.30M 7s
+   250K .......... .......... .......... .......... ..........  0% 25.3M 6s
+   300K .......... .......... .......... .......... ..........  0% 57.4M 5s
+   350K .......... .......... .......... .......... ..........  0% 39.7M 5s
+   400K .......... .......... .......... .......... ..........  0% 36.7M 4s
+   450K .......... .......... .......... .......... ..........  0% 62.0M 4s
+   500K .......... .......... .......... .......... ..........  1% 10.3M 4s
+   550K .......... .......... .......... .......... ..........  1% 25.7M 4s
+   600K .......... .......... .......... .......... ..........  1% 56.4M 4s
+   650K .......... .......... .......... .......... ..........  1%  230M 3s
+   700K .......... .......... .......... .......... ..........  1%  180M 3s
+   750K .......... .......... .......... .......... ..........  1% 67.5M 3s
+   800K .......... .......... .......... .......... ..........  1% 58.1M 3s
+   850K .......... .......... .......... .......... ..........  1%  104M 3s
+   900K .......... .......... .......... .......... ..........  1%  217M 3s
+   950K .......... .......... .......... .......... ..........  1% 88.2M 3s
+  1000K .......... .......... .......... .......... ..........  1% 10.6M 3s
+  1050K .......... .......... .......... .......... ..........  2%  233M 3s
+  1100K .......... .......... .......... .......... ..........  2%  240M 2s
+  1150K .......... .......... .......... .......... ..........  2% 28.0M 2s
+  1200K .......... .......... .......... .......... ..........  2%  208M 2s
+  1250K .......... .......... .......... .......... ..........  2% 77.8M 2s
+  1300K .......... .......... .......... .......... ..........  2% 88.5M 2s
+  1350K .......... .......... .......... .......... ..........  2%  151M 2s
+  1400K .......... .......... .......... .......... ..........  2%  111M 2s
+  1450K .......... .......... .......... .......... ..........  2% 86.7M 2s
+  1500K .......... .......... .......... .......... ..........  2%  150M 2s
+  1550K .......... .......... .......... .......... ..........  2%  210M 2s
+  1600K .......... .......... .......... .......... ..........  3%  127M 2s
+  1650K .......... .......... .......... .......... ..........  3%  120M 2s
+  1700K .......... .......... .......... .......... ..........  3%  218M 2s
+  1750K .......... .......... .......... .......... ..........  3% 73.9M 2s
+  1800K .......... .......... .......... .......... ..........  3%  254M 2s
+  1850K .......... .......... .......... .......... ..........  3% 71.2M 2s
+  1900K .......... .......... .......... .......... ..........  3%  101M 2s
+  1950K .......... .......... .......... .......... ..........  3% 94.2M 2s
+  2000K .......... .......... .......... .......... ..........  3% 28.3M 2s
+  2050K .......... .......... .......... .......... ..........  3%  213M 2s
+  2100K .......... .......... .......... .......... ..........  4%  227M 2s
+  2150K .......... .......... .......... .......... ..........  4%  201M 2s
+  2200K .......... .......... .......... .......... ..........  4%  222M 1s
+  2250K .......... .......... .......... .......... ..........  4% 44.9M 1s
+  2300K .......... .......... .......... .......... ..........  4%  226M 1s
+  2350K .......... .......... .......... .......... ..........  4%  189M 1s
+  2400K .......... .......... .......... .......... ..........  4%  226M 1s
+  2450K .......... .......... .......... .......... ..........  4%  208M 1s
+  2500K .......... .......... .......... .......... ..........  4%  242M 1s
+  2550K .......... .......... .......... .......... ..........  4%  230M 1s
+  2600K .......... .......... .......... .......... ..........  4%  256M 1s
+  2650K .......... .......... .......... .......... ..........  5%  115M 1s
+  2700K .......... .......... .......... .......... ..........  5%  118M 1s
+  2750K .......... .......... .......... .......... ..........  5% 60.1M 1s
+  2800K .......... .......... .......... .......... ..........  5% 80.2M 1s
+  2850K .......... .......... .......... .......... ..........  5% 65.3M 1s
+  2900K .......... .......... .......... .......... ..........  5% 98.7M 1s
+  2950K .......... .......... .......... .......... ..........  5% 66.8M 1s
+  3000K .......... .......... .......... .......... ..........  5% 77.8M 1s
+  3050K .......... .......... .......... .......... ..........  5% 74.0M 1s
+  3100K .......... .......... .......... .......... ..........  5% 72.0M 1s
+  3150K .......... .......... .......... .......... ..........  5% 68.2M 1s
+  3200K .......... .......... .......... .......... ..........  6%  220M 1s
+  3250K .......... .......... .......... .......... ..........  6%  180M 1s
+  3300K .......... .......... .......... .......... ..........  6%  225M 1s
+  3350K .......... .......... .......... .......... ..........  6%  209M 1s
+  3400K .......... .......... .......... .......... ..........  6% 48.0M 1s
+  3450K .......... .......... .......... .......... ..........  6%  109M 1s
+  3500K .......... .......... .......... .......... ..........  6%  141M 1s
+  3550K .......... .......... .......... .......... ..........  6% 89.6M 1s
+  3600K .......... .......... .......... .......... ..........  6% 60.8M 1s
+  3650K .......... .......... .......... .......... ..........  6% 97.0M 1s
+  3700K .......... .......... .......... .......... ..........  7%  100M 1s
+  3750K .......... .......... .......... .......... ..........  7%  190M 1s
+  3800K .......... .......... .......... .......... ..........  7%  163M 1s
+  3850K .......... .......... .......... .......... ..........  7% 82.5M 1s
+  3900K .......... .......... .......... .......... ..........  7% 84.1M 1s
+  3950K .......... .......... .......... .......... ..........  7% 69.5M 1s
+  4000K .......... .......... .......... .......... ..........  7% 84.1M 1s
+  4050K .......... .......... .......... .......... ..........  7%  245M 1s
+  4100K .......... .......... .......... .......... ..........  7%  232M 1s
+  4150K .......... .......... .......... .......... ..........  7%  216M 1s
+  4200K .......... .......... .......... .......... ..........  7%  257M 1s
+  4250K .......... .......... .......... .......... ..........  8%  247M 1s
+  4300K .......... .......... .......... .......... ..........  8%  257M 1s
+  4350K .......... .......... .......... .......... ..........  8% 26.3M 1s
+  4400K .......... .......... .......... .......... ..........  8% 90.1M 1s
+  4450K .......... .......... .......... .......... ..........  8%  210M 1s
+  4500K .......... .......... .......... .......... ..........  8%  101M 1s
+  4550K .......... .......... .......... .......... ..........  8% 80.6M 1s
+  4600K .......... .......... .......... .......... ..........  8% 76.8M 1s
+  4650K .......... .......... .......... .......... ..........  8% 81.1M 1s
+  4700K .......... .......... .......... .......... ..........  8% 92.0M 1s
+  4750K .......... .......... .......... .......... ..........  8% 72.9M 1s
+  4800K .......... .......... .......... .......... ..........  9%  101M 1s
+  4850K .......... .......... .......... .......... ..........  9%  137M 1s
+  4900K .......... .......... .......... .......... ..........  9%  214M 1s
+  4950K .......... .......... .......... .......... ..........  9%  211M 1s
+  5000K .......... .......... .......... .......... ..........  9%  257M 1s
   5050K .......... .......... .......... .......... ..........  9%  234M 1s
-  5100K .......... .......... .......... .......... ..........  9%  214M 1s
-  5150K .......... .......... .......... .......... ..........  9%  249M 1s
-  5200K .......... .......... .......... .......... ..........  9%  223M 1s
-  5250K .......... .......... .......... .......... ..........  9%  117M 1s
-  5300K .......... .......... .......... .......... .......... 10% 75.8M 1s
-  5350K .......... .......... .......... .......... .......... 10% 86.3M 1s
-  5400K .......... .......... .......... .......... .......... 10%  101M 1s
-  5450K .......... .......... .......... .......... .......... 10%  103M 1s
-  5500K .......... .......... .......... .......... .......... 10%  214M 1s
-  5550K .......... .......... .......... .......... .......... 10%  231M 1s
-  5600K .......... .......... .......... .......... .......... 10% 44.8M 1s
-  5650K .......... .......... .......... .......... .......... 10% 91.3M 1s
-  5700K .......... .......... .......... .......... .......... 10% 69.3M 1s
-  5750K .......... .......... .......... .......... .......... 10% 91.8M 1s
-  5800K .......... .......... .......... .......... .......... 10% 85.6M 1s
-  5850K .......... .......... .......... .......... .......... 11%  122M 1s
-  5900K .......... .......... .......... .......... .......... 11% 85.4M 1s
-  5950K .......... .......... .......... .......... .......... 11% 87.6M 1s
-  6000K .......... .......... .......... .......... .......... 11% 65.7M 1s
-  6050K .......... .......... .......... .......... .......... 11% 81.7M 1s
-  6100K .......... .......... .......... .......... .......... 11%  108M 1s
-  6150K .......... .......... .......... .......... .......... 11%  250M 1s
-  6200K .......... .......... .......... .......... .......... 11%  240M 1s
-  6250K .......... .......... .......... .......... .......... 11% 78.0M 1s
-  6300K .......... .......... .......... .......... .......... 11% 57.3M 1s
-  6350K .......... .......... .......... .......... .......... 11%  214M 1s
-  6400K .......... .......... .......... .......... .......... 12%  239M 1s
-  6450K .......... .......... .......... .......... .......... 12%  115M 1s
-  6500K .......... .......... .......... .......... .......... 12% 51.0M 1s
-  6550K .......... .......... .......... .......... .......... 12%  113M 1s
+  5100K .......... .......... .......... .......... ..........  9%  244M 1s
+  5150K .......... .......... .......... .......... ..........  9% 24.1M 1s
+  5200K .......... .......... .......... .......... ..........  9% 63.2M 1s
+  5250K .......... .......... .......... .......... ..........  9% 77.6M 1s
+  5300K .......... .......... .......... .......... .......... 10% 79.6M 1s
+  5350K .......... .......... .......... .......... .......... 10%  197M 1s
+  5400K .......... .......... .......... .......... .......... 10%  236M 1s
+  5450K .......... .......... .......... .......... .......... 10%  217M 1s
+  5500K .......... .......... .......... .......... .......... 10% 32.8M 1s
+  5550K .......... .......... .......... .......... .......... 10%  193M 1s
+  5600K .......... .......... .......... .......... .......... 10%  216M 1s
+  5650K .......... .......... .......... .......... .......... 10%  252M 1s
+  5700K .......... .......... .......... .......... .......... 10% 46.5M 1s
+  5750K .......... .......... .......... .......... .......... 10%  159M 1s
+  5800K .......... .......... .......... .......... .......... 10% 55.1M 1s
+  5850K .......... .......... .......... .......... .......... 11% 97.3M 1s
+  5900K .......... .......... .......... .......... .......... 11% 70.9M 1s
+  5950K .......... .......... .......... .......... .......... 11% 67.4M 1s
+  6000K .......... .......... .......... .......... .......... 11% 95.5M 1s
+  6050K .......... .......... .......... .......... .......... 11%  204M 1s
+  6100K .......... .......... .......... .......... .......... 11%  252M 1s
+  6150K .......... .......... .......... .......... .......... 11% 35.1M 1s
+  6200K .......... .......... .......... .......... .......... 11%  111M 1s
+  6250K .......... .......... .......... .......... .......... 11%  232M 1s
+  6300K .......... .......... .......... .......... .......... 11%  207M 1s
+  6350K .......... .......... .......... .......... .......... 11%  134M 1s
+  6400K .......... .......... .......... .......... .......... 12% 83.6M 1s
+  6450K .......... .......... .......... .......... .......... 12%  198M 1s
+  6500K .......... .......... .......... .......... .......... 12%  132M 1s
+  6550K .......... .......... .......... .......... .......... 12%  211M 1s
   6600K .......... .......... .......... .......... .......... 12%  244M 1s
-  6650K .......... .......... .......... .......... .......... 12%  110M 1s
-  6700K .......... .......... .......... .......... .......... 12% 67.9M 1s
-  6750K .......... .......... .......... .......... .......... 12% 91.0M 1s
-  6800K .......... .......... .......... .......... .......... 12%  193M 1s
-  6850K .......... .......... .......... .......... .......... 12% 98.3M 1s
-  6900K .......... .......... .......... .......... .......... 13%  169M 1s
-  6950K .......... .......... .......... .......... .......... 13%  235M 1s
-  7000K .......... .......... .......... .......... .......... 13%  223M 1s
-  7050K .......... .......... .......... .......... .......... 13%  253M 1s
-  7100K .......... .......... .......... .......... .......... 13%  199M 1s
-  7150K .......... .......... .......... .......... .......... 13%  247M 1s
-  7200K .......... .......... .......... .......... .......... 13%  250M 1s
-  7250K .......... .......... .......... .......... .......... 13% 74.9M 1s
-  7300K .......... .......... .......... .......... .......... 13% 70.9M 1s
-  7350K .......... .......... .......... .......... .......... 13% 99.4M 1s
-  7400K .......... .......... .......... .......... .......... 13% 72.8M 1s
-  7450K .......... .......... .......... .......... .......... 14%  155M 1s
-  7500K .......... .......... .......... .......... .......... 14%  204M 1s
-  7550K .......... .......... .......... .......... .......... 14% 72.4M 1s
-  7600K .......... .......... .......... .......... .......... 14% 56.2M 1s
-  7650K .......... .......... .......... .......... .......... 14% 67.9M 1s
-  7700K .......... .......... .......... .......... .......... 14% 77.8M 1s
-  7750K .......... .......... .......... .......... .......... 14%  124M 1s
-  7800K .......... .......... .......... .......... .......... 14% 87.5M 1s
-  7850K .......... .......... .......... .......... .......... 14% 73.9M 1s
-  7900K .......... .......... .......... .......... .......... 14% 60.0M 1s
-  7950K .......... .......... .......... .......... .......... 14%  103M 1s
-  8000K .......... .......... .......... .......... .......... 15% 84.5M 1s
-  8050K .......... .......... .......... .......... .......... 15% 71.0M 1s
-  8100K .......... .......... .......... .......... .......... 15% 69.5M 1s
-  8150K .......... .......... .......... .......... .......... 15% 74.6M 1s
-  8200K .......... .......... .......... .......... .......... 15% 65.5M 1s
-  8250K .......... .......... .......... .......... .......... 15%  226M 1s
-  8300K .......... .......... .......... .......... .......... 15%  206M 1s
-  8350K .......... .......... .......... .......... .......... 15% 91.8M 1s
-  8400K .......... .......... .......... .......... .......... 15%  218M 1s
-  8450K .......... .......... .......... .......... .......... 15%  245M 1s
-  8500K .......... .......... .......... .......... .......... 16%  232M 1s
-  8550K .......... .......... .......... .......... .......... 16%  249M 1s
-  8600K .......... .......... .......... .......... .......... 16%  236M 1s
-  8650K .......... .......... .......... .......... .......... 16%  252M 1s
-  8700K .......... .......... .......... .......... .......... 16%  202M 1s
-  8750K .......... .......... .......... .......... .......... 16%  255M 1s
-  8800K .......... .......... .......... .......... .......... 16%  229M 1s
-  8850K .......... .......... .......... .......... .......... 16% 49.0M 1s
-  8900K .......... .......... .......... .......... .......... 16% 69.3M 1s
-  8950K .......... .......... .......... .......... .......... 16% 66.5M 1s
-  9000K .......... .......... .......... .......... .......... 16% 80.0M 1s
-  9050K .......... .......... .......... .......... .......... 17% 78.5M 1s
-  9100K .......... .......... .......... .......... .......... 17% 62.6M 1s
-  9150K .......... .......... .......... .......... .......... 17% 78.4M 1s
-  9200K .......... .......... .......... .......... .......... 17%  125M 1s
-  9250K .......... .......... .......... .......... .......... 17%  252M 1s
-  9300K .......... .......... .......... .......... .......... 17%  217M 1s
-  9350K .......... .......... .......... .......... .......... 17% 70.0M 1s
-  9400K .......... .......... .......... .......... .......... 17%  125M 1s
-  9450K .......... .......... .......... .......... .......... 17% 73.6M 1s
-  9500K .......... .......... .......... .......... .......... 17%  106M 1s
-  9550K .......... .......... .......... .......... .......... 17%  246M 1s
-  9600K .......... .......... .......... .......... .......... 18%  256M 1s
-  9650K .......... .......... .......... .......... .......... 18%  258M 1s
-  9700K .......... .......... .......... .......... .......... 18%  222M 1s
-  9750K .......... .......... .......... .......... .......... 18%  102M 1s
-  9800K .......... .......... .......... .......... .......... 18% 84.1M 1s
-  9850K .......... .......... .......... .......... .......... 18% 80.1M 1s
-  9900K .......... .......... .......... .......... .......... 18% 63.7M 1s
-  9950K .......... .......... .......... .......... .......... 18% 94.4M 1s
- 10000K .......... .......... .......... .......... .......... 18% 70.5M 1s
- 10050K .......... .......... .......... .......... .......... 18% 83.5M 1s
- 10100K .......... .......... .......... .......... .......... 19% 62.3M 1s
- 10150K .......... .......... .......... .......... .......... 19% 95.6M 1s
- 10200K .......... .......... .......... .......... .......... 19%  237M 1s
- 10250K .......... .......... .......... .......... .......... 19%  255M 1s
- 10300K .......... .......... .......... .......... .......... 19% 73.8M 1s
- 10350K .......... .......... .......... .......... .......... 19%  226M 1s
- 10400K .......... .......... .......... .......... .......... 19%  253M 1s
- 10450K .......... .......... .......... .......... .......... 19%  223M 1s
- 10500K .......... .......... .......... .......... .......... 19%  228M 1s
- 10550K .......... .......... .......... .......... .......... 19%  257M 1s
- 10600K .......... .......... .......... .......... .......... 19%  248M 1s
- 10650K .......... .......... .......... .......... .......... 20%  257M 1s
- 10700K .......... .......... .......... .......... .......... 20%  110M 1s
- 10750K .......... .......... .......... .......... .......... 20% 56.8M 1s
- 10800K .......... .......... .......... .......... .......... 20% 76.4M 1s
- 10850K .......... .......... .......... .......... .......... 20% 85.1M 1s
- 10900K .......... .......... .......... .......... .......... 20% 69.1M 1s
- 10950K .......... .......... .......... .......... .......... 20%  119M 1s
- 11000K .......... .......... .......... .......... .......... 20% 76.3M 1s
- 11050K .......... .......... .......... .......... .......... 20% 76.1M 1s
- 11100K .......... .......... .......... .......... .......... 20% 68.4M 1s
- 11150K .......... .......... .......... .......... .......... 20% 95.8M 1s
- 11200K .......... .......... .......... .......... .......... 21%  250M 1s
- 11250K .......... .......... .......... .......... .......... 21%  239M 1s
- 11300K .......... .......... .......... .......... .......... 21% 42.8M 1s
- 11350K .......... .......... .......... .......... .......... 21% 71.9M 1s
- 11400K .......... .......... .......... .......... .......... 21% 76.9M 1s
- 11450K .......... .......... .......... .......... .......... 21% 85.3M 1s
- 11500K .......... .......... .......... .......... .......... 21% 97.3M 1s
- 11550K .......... .......... .......... .......... .......... 21%  231M 1s
- 11600K .......... .......... .......... .......... .......... 21%  251M 1s
- 11650K .......... .......... .......... .......... .......... 21%  240M 1s
- 11700K .......... .......... .......... .......... .......... 22%  221M 1s
- 11750K .......... .......... .......... .......... .......... 22%  237M 1s
- 11800K .......... .......... .......... .......... .......... 22% 21.4M 1s
- 11850K .......... .......... .......... .......... .......... 22% 97.6M 1s
- 11900K .......... .......... .......... .......... .......... 22% 60.6M 1s
- 11950K .......... .......... .......... .......... .......... 22%  174M 1s
- 12000K .......... .......... .......... .......... .......... 22%  218M 1s
- 12050K .......... .......... .......... .......... .......... 22%  137M 1s
- 12100K .......... .......... .......... .......... .......... 22% 65.4M 1s
- 12150K .......... .......... .......... .......... .......... 22%  111M 1s
- 12200K .......... .......... .......... .......... .......... 22% 73.6M 1s
- 12250K .......... .......... .......... .......... .......... 23% 75.9M 1s
- 12300K .......... .......... .......... .......... .......... 23% 71.0M 1s
- 12350K .......... .......... .......... .......... .......... 23% 94.2M 1s
- 12400K .......... .......... .......... .......... .......... 23% 70.6M 1s
- 12450K .......... .......... .......... .......... .......... 23% 65.8M 1s
- 12500K .......... .......... .......... .......... .......... 23%  155M 1s
- 12550K .......... .......... .......... .......... .......... 23%  223M 1s
- 12600K .......... .......... .......... .......... .......... 23%  243M 1s
- 12650K .......... .......... .......... .......... .......... 23%  229M 1s
- 12700K .......... .......... .......... .......... .......... 23%  214M 1s
- 12750K .......... .......... .......... .......... .......... 23%  219M 1s
- 12800K .......... .......... .......... .......... .......... 24% 34.1M 1s
- 12850K .......... .......... .......... .......... .......... 24%  250M 1s
- 12900K .......... .......... .......... .......... .......... 24%  207M 1s
- 12950K .......... .......... .......... .......... .......... 24% 43.0M 1s
- 13000K .......... .......... .......... .......... .......... 24% 75.2M 1s
- 13050K .......... .......... .......... .......... .......... 24% 74.6M 1s
- 13100K .......... .......... .......... .......... .......... 24% 83.0M 1s
- 13150K .......... .......... .......... .......... .......... 24% 68.5M 1s
- 13200K .......... .......... .......... .......... .......... 24% 72.4M 1s
- 13250K .......... .......... .......... .......... .......... 24% 82.4M 1s
- 13300K .......... .......... .......... .......... .......... 24%  200M 1s
+  6650K .......... .......... .......... .......... .......... 12%  242M 1s
+  6700K .......... .......... .......... .......... .......... 12%  234M 1s
+  6750K .......... .......... .......... .......... .......... 12%  211M 1s
+  6800K .......... .......... .......... .......... .......... 12%  135M 1s
+  6850K .......... .......... .......... .......... .......... 12% 92.0M 1s
+  6900K .......... .......... .......... .......... .......... 13% 74.3M 1s
+  6950K .......... .......... .......... .......... .......... 13%  119M 1s
+  7000K .......... .......... .......... .......... .......... 13% 54.1M 1s
+  7050K .......... .......... .......... .......... .......... 13% 83.2M 1s
+  7100K .......... .......... .......... .......... .......... 13%  101M 1s
+  7150K .......... .......... .......... .......... .......... 13% 75.9M 1s
+  7200K .......... .......... .......... .......... .......... 13% 70.8M 1s
+  7250K .......... .......... .......... .......... .......... 13% 70.0M 1s
+  7300K .......... .......... .......... .......... .......... 13% 97.6M 1s
+  7350K .......... .......... .......... .......... .......... 13%  222M 1s
+  7400K .......... .......... .......... .......... .......... 13%  242M 1s
+  7450K .......... .......... .......... .......... .......... 14% 81.7M 1s
+  7500K .......... .......... .......... .......... .......... 14% 87.4M 1s
+  7550K .......... .......... .......... .......... .......... 14%  117M 1s
+  7600K .......... .......... .......... .......... .......... 14%  232M 1s
+  7650K .......... .......... .......... .......... .......... 14%  240M 1s
+  7700K .......... .......... .......... .......... .......... 14%  232M 1s
+  7750K .......... .......... .......... .......... .......... 14%  184M 1s
+  7800K .......... .......... .......... .......... .......... 14%  253M 1s
+  7850K .......... .......... .......... .......... .......... 14%  256M 1s
+  7900K .......... .......... .......... .......... .......... 14%  239M 1s
+  7950K .......... .......... .......... .......... .......... 14% 52.7M 1s
+  8000K .......... .......... .......... .......... .......... 15% 69.0M 1s
+  8050K .......... .......... .......... .......... .......... 15% 84.0M 1s
+  8100K .......... .......... .......... .......... .......... 15% 76.5M 1s
+  8150K .......... .......... .......... .......... .......... 15% 78.4M 1s
+  8200K .......... .......... .......... .......... .......... 15% 84.7M 1s
+  8250K .......... .......... .......... .......... .......... 15% 78.1M 1s
+  8300K .......... .......... .......... .......... .......... 15% 77.4M 1s
+  8350K .......... .......... .......... .......... .......... 15% 78.3M 1s
+  8400K .......... .......... .......... .......... .......... 15%  253M 1s
+  8450K .......... .......... .......... .......... .......... 15%  232M 1s
+  8500K .......... .......... .......... .......... .......... 16% 39.4M 1s
+  8550K .......... .......... .......... .......... .......... 16% 75.9M 1s
+  8600K .......... .......... .......... .......... .......... 16% 84.1M 1s
+  8650K .......... .......... .......... .......... .......... 16%  173M 1s
+  8700K .......... .......... .......... .......... .......... 16%  233M 1s
+  8750K .......... .......... .......... .......... .......... 16%  215M 1s
+  8800K .......... .......... .......... .......... .......... 16%  221M 1s
+  8850K .......... .......... .......... .......... .......... 16%  219M 1s
+  8900K .......... .......... .......... .......... .......... 16%  214M 1s
+  8950K .......... .......... .......... .......... .......... 16%  221M 1s
+  9000K .......... .......... .......... .......... .......... 16%  256M 1s
+  9050K .......... .......... .......... .......... .......... 17%  260M 1s
+  9100K .......... .......... .......... .......... .......... 17%  232M 1s
+  9150K .......... .......... .......... .......... .......... 17% 99.4M 1s
+  9200K .......... .......... .......... .......... .......... 17% 83.9M 1s
+  9250K .......... .......... .......... .......... .......... 17% 70.6M 1s
+  9300K .......... .......... .......... .......... .......... 17% 81.5M 1s
+  9350K .......... .......... .......... .......... .......... 17% 67.9M 1s
+  9400K .......... .......... .......... .......... .......... 17% 88.7M 1s
+  9450K .......... .......... .......... .......... .......... 17%  143M 1s
+  9500K .......... .......... .......... .......... .......... 17%  240M 1s
+  9550K .......... .......... .......... .......... .......... 17%  205M 1s
+  9600K .......... .......... .......... .......... .......... 18% 39.4M 1s
+  9650K .......... .......... .......... .......... .......... 18% 79.8M 1s
+  9700K .......... .......... .......... .......... .......... 18% 77.0M 1s
+  9750K .......... .......... .......... .......... .......... 18% 66.2M 1s
+  9800K .......... .......... .......... .......... .......... 18%  212M 1s
+  9850K .......... .......... .......... .......... .......... 18% 87.6M 1s
+  9900K .......... .......... .......... .......... .......... 18%  126M 1s
+  9950K .......... .......... .......... .......... .......... 18% 64.1M 1s
+ 10000K .......... .......... .......... .......... .......... 18% 76.6M 1s
+ 10050K .......... .......... .......... .......... .......... 18%  110M 1s
+ 10100K .......... .......... .......... .......... .......... 19% 67.8M 1s
+ 10150K .......... .......... .......... .......... .......... 19% 68.8M 1s
+ 10200K .......... .......... .......... .......... .......... 19% 69.7M 1s
+ 10250K .......... .......... .......... .......... .......... 19% 89.6M 1s
+ 10300K .......... .......... .......... .......... .......... 19%  117M 1s
+ 10350K .......... .......... .......... .......... .......... 19%  238M 1s
+ 10400K .......... .......... .......... .......... .......... 19%  259M 1s
+ 10450K .......... .......... .......... .......... .......... 19%  208M 1s
+ 10500K .......... .......... .......... .......... .......... 19%  253M 1s
+ 10550K .......... .......... .......... .......... .......... 19%  254M 1s
+ 10600K .......... .......... .......... .......... .......... 19%  246M 1s
+ 10650K .......... .......... .......... .......... .......... 20%  103M 1s
+ 10700K .......... .......... .......... .......... .......... 20% 28.2M 1s
+ 10750K .......... .......... .......... .......... .......... 20% 81.3M 1s
+ 10800K .......... .......... .......... .......... .......... 20% 56.4M 1s
+ 10850K .......... .......... .......... .......... .......... 20% 81.0M 1s
+ 10900K .......... .......... .......... .......... .......... 20% 91.0M 1s
+ 10950K .......... .......... .......... .......... .......... 20% 74.7M 1s
+ 11000K .......... .......... .......... .......... .......... 20% 72.5M 1s
+ 11050K .......... .......... .......... .......... .......... 20%  104M 1s
+ 11100K .......... .......... .......... .......... .......... 20% 80.3M 1s
+ 11150K .......... .......... .......... .......... .......... 20%  108M 1s
+ 11200K .......... .......... .......... .......... .......... 21%  254M 1s
+ 11250K .......... .......... .......... .......... .......... 21%  217M 1s
+ 11300K .......... .......... .......... .......... .......... 21%  106M 1s
+ 11350K .......... .......... .......... .......... .......... 21%  250M 1s
+ 11400K .......... .......... .......... .......... .......... 21%  237M 1s
+ 11450K .......... .......... .......... .......... .......... 21% 39.8M 1s
+ 11500K .......... .......... .......... .......... .......... 21% 76.9M 1s
+ 11550K .......... .......... .......... .......... .......... 21%  113M 1s
+ 11600K .......... .......... .......... .......... .......... 21% 61.8M 1s
+ 11650K .......... .......... .......... .......... .......... 21%  143M 1s
+ 11700K .......... .......... .......... .......... .......... 22%  253M 1s
+ 11750K .......... .......... .......... .......... .......... 22%  254M 1s
+ 11800K .......... .......... .......... .......... .......... 22%  245M 1s
+ 11850K .......... .......... .......... .......... .......... 22%  219M 1s
+ 11900K .......... .......... .......... .......... .......... 22% 74.0M 1s
+ 11950K .......... .......... .......... .......... .......... 22% 74.4M 1s
+ 12000K .......... .......... .......... .......... .......... 22% 97.5M 1s
+ 12050K .......... .......... .......... .......... .......... 22% 84.2M 1s
+ 12100K .......... .......... .......... .......... .......... 22% 77.9M 1s
+ 12150K .......... .......... .......... .......... .......... 22% 82.6M 1s
+ 12200K .......... .......... .......... .......... .......... 22% 86.6M 1s
+ 12250K .......... .......... .......... .......... .......... 23% 98.7M 1s
+ 12300K .......... .......... .......... .......... .......... 23%  239M 1s
+ 12350K .......... .......... .......... .......... .......... 23%  226M 1s
+ 12400K .......... .......... .......... .......... .......... 23% 95.6M 1s
+ 12450K .......... .......... .......... .......... .......... 23% 93.1M 1s
+ 12500K .......... .......... .......... .......... .......... 23% 51.1M 1s
+ 12550K .......... .......... .......... .......... .......... 23%  249M 1s
+ 12600K .......... .......... .......... .......... .......... 23%  255M 1s
+ 12650K .......... .......... .......... .......... .......... 23%  175M 1s
+ 12700K .......... .......... .......... .......... .......... 23%  219M 1s
+ 12750K .......... .......... .......... .......... .......... 23%  178M 1s
+ 12800K .......... .......... .......... .......... .......... 24% 24.9M 1s
+ 12850K .......... .......... .......... .......... .......... 24% 62.3M 1s
+ 12900K .......... .......... .......... .......... .......... 24% 82.2M 1s
+ 12950K .......... .......... .......... .......... .......... 24% 79.1M 1s
+ 13000K .......... .......... .......... .......... .......... 24%  101M 1s
+ 13050K .......... .......... .......... .......... .......... 24% 78.3M 1s
+ 13100K .......... .......... .......... .......... .......... 24%  245M 1s
+ 13150K .......... .......... .......... .......... .......... 24%  246M 1s
+ 13200K .......... .......... .......... .......... .......... 24%  262M 1s
+ 13250K .......... .......... .......... .......... .......... 24%  210M 1s
+ 13300K .......... .......... .......... .......... .......... 24%  254M 1s
  13350K .......... .......... .......... .......... .......... 25%  255M 1s
- 13400K .......... .......... .......... .......... .......... 25%  256M 1s
- 13450K .......... .......... .......... .......... .......... 25%  261M 1s
- 13500K .......... .......... .......... .......... .......... 25%  183M 1s
- 13550K .......... .......... .......... .......... .......... 25% 30.8M 1s
- 13600K .......... .......... .......... .......... .......... 25%  250M 1s
- 13650K .......... .......... .......... .......... .......... 25%  235M 1s
- 13700K .......... .......... .......... .......... .......... 25% 62.9M 1s
- 13750K .......... .......... .......... .......... .......... 25% 69.4M 1s
- 13800K .......... .......... .......... .......... .......... 25% 71.6M 1s
- 13850K .......... .......... .......... .......... .......... 26% 89.7M 1s
- 13900K .......... .......... .......... .......... .......... 26% 68.5M 1s
- 13950K .......... .......... .......... .......... .......... 26%  109M 1s
- 14000K .......... .......... .......... .......... .......... 26% 72.2M 1s
- 14050K .......... .......... .......... .......... .......... 26%  236M 1s
- 14100K .......... .......... .......... .......... .......... 26%  218M 1s
- 14150K .......... .......... .......... .......... .......... 26%  228M 1s
- 14200K .......... .......... .......... .......... .......... 26%  254M 1s
- 14250K .......... .......... .......... .......... .......... 26%  241M 1s
- 14300K .......... .......... .......... .......... .......... 26%  213M 1s
- 14350K .......... .......... .......... .......... .......... 26%  232M 1s
- 14400K .......... .......... .......... .......... .......... 27% 27.3M 1s
- 14450K .......... .......... .......... .......... .......... 27% 67.8M 1s
- 14500K .......... .......... .......... .......... .......... 27%  224M 1s
- 14550K .......... .......... .......... .......... .......... 27% 52.8M 1s
- 14600K .......... .......... .......... .......... .......... 27% 67.3M 1s
- 14650K .......... .......... .......... .......... .......... 27% 85.9M 1s
- 14700K .......... .......... .......... .......... .......... 27% 90.0M 1s
- 14750K .......... .......... .......... .......... .......... 27% 97.3M 1s
- 14800K .......... .......... .......... .......... .......... 27% 81.9M 1s
- 14850K .......... .......... .......... .......... .......... 27% 74.3M 1s
- 14900K .......... .......... .......... .......... .......... 27% 79.2M 1s
- 14950K .......... .......... .......... .......... .......... 28% 76.6M 1s
- 15000K .......... .......... .......... .......... .......... 28%  204M 1s
- 15050K .......... .......... .......... .......... .......... 28%  252M 1s
- 15100K .......... .......... .......... .......... .......... 28% 52.2M 1s
- 15150K .......... .......... .......... .......... .......... 28% 63.6M 1s
- 15200K .......... .......... .......... .......... .......... 28% 66.6M 1s
- 15250K .......... .......... .......... .......... .......... 28%  221M 1s
- 15300K .......... .......... .......... .......... .......... 28%  255M 1s
- 15350K .......... .......... .......... .......... .......... 28%  112M 1s
- 15400K .......... .......... .......... .......... .......... 28%  106M 1s
- 15450K .......... .......... .......... .......... .......... 29%  253M 1s
- 15500K .......... .......... .......... .......... .......... 29%  179M 1s
- 15550K .......... .......... .......... .......... .......... 29% 48.5M 1s
- 15600K .......... .......... .......... .......... .......... 29% 64.7M 1s
- 15650K .......... .......... .......... .......... .......... 29%  128M 1s
- 15700K .......... .......... .......... .......... .......... 29% 87.7M 1s
- 15750K .......... .......... .......... .......... .......... 29%  241M 1s
- 15800K .......... .......... .......... .......... .......... 29% 66.5M 1s
- 15850K .......... .......... .......... .......... .......... 29% 74.9M 1s
- 15900K .......... .......... .......... .......... .......... 29%  100M 0s
- 15950K .......... .......... .......... .......... .......... 29%  224M 0s
- 16000K .......... .......... .......... .......... .......... 30%  215M 0s
- 16050K .......... .......... .......... .......... .......... 30%  258M 0s
- 16100K .......... .......... .......... .......... .......... 30%  234M 0s
- 16150K .......... .......... .......... .......... .......... 30%  216M 0s
- 16200K .......... .......... .......... .......... .......... 30% 67.6M 0s
- 16250K .......... .......... .......... .......... .......... 30%  240M 0s
- 16300K .......... .......... .......... .......... .......... 30%  206M 0s
- 16350K .......... .......... .......... .......... .......... 30% 47.8M 0s
- 16400K .......... .......... .......... .......... .......... 30% 46.2M 0s
- 16450K .......... .......... .......... .......... .......... 30% 75.5M 0s
- 16500K .......... .......... .......... .......... .......... 30% 76.9M 0s
- 16550K .......... .......... .......... .......... .......... 31%  146M 0s
- 16600K .......... .......... .......... .......... .......... 31% 89.9M 0s
- 16650K .......... .......... .......... .......... .......... 31% 66.3M 0s
- 16700K .......... .......... .......... .......... .......... 31% 75.6M 0s
- 16750K .......... .......... .......... .......... .......... 31% 82.2M 0s
- 16800K .......... .......... .......... .......... .......... 31%  198M 0s
- 16850K .......... .......... .......... .......... .......... 31%  223M 0s
- 16900K .......... .......... .......... .......... .......... 31%  229M 0s
- 16950K .......... .......... .......... .......... .......... 31% 29.2M 0s
- 17000K .......... .......... .......... .......... .......... 31% 89.1M 0s
- 17050K .......... .......... .......... .......... .......... 32%  250M 0s
- 17100K .......... .......... .......... .......... .......... 32%  251M 0s
- 17150K .......... .......... .......... .......... .......... 32% 35.9M 0s
- 17200K .......... .......... .......... .......... .......... 32%  143M 0s
- 17250K .......... .......... .......... .......... .......... 32%  250M 0s
- 17300K .......... .......... .......... .......... .......... 32%  240M 0s
- 17350K .......... .......... .......... .......... .......... 32%  258M 0s
- 17400K .......... .......... .......... .......... .......... 32% 94.4M 0s
- 17450K .......... .......... .......... .......... .......... 32%  148M 0s
- 17500K .......... .......... .......... .......... .......... 32% 31.5M 0s
- 17550K .......... .......... .......... .......... .......... 32% 73.5M 0s
- 17600K .......... .......... .......... .......... .......... 33% 88.0M 0s
- 17650K .......... .......... .......... .......... .......... 33% 73.8M 0s
- 17700K .......... .......... .......... .......... .......... 33% 80.3M 0s
- 17750K .......... .......... .......... .......... .......... 33%  209M 0s
- 17800K .......... .......... .......... .......... .......... 33%  210M 0s
- 17850K .......... .......... .......... .......... .......... 33%  256M 0s
- 17900K .......... .......... .......... .......... .......... 33%  213M 0s
- 17950K .......... .......... .......... .......... .......... 33%  246M 0s
- 18000K .......... .......... .......... .......... .......... 33%  183M 0s
- 18050K .......... .......... .......... .......... .......... 33%  230M 0s
- 18100K .......... .......... .......... .......... .......... 33% 29.6M 0s
- 18150K .......... .......... .......... .......... .......... 34% 43.2M 0s
- 18200K .......... .......... .......... .......... .......... 34% 81.6M 0s
- 18250K .......... .......... .......... .......... .......... 34% 81.2M 0s
- 18300K .......... .......... .......... .......... .......... 34% 65.1M 0s
- 18350K .......... .......... .......... .......... .......... 34% 79.9M 0s
- 18400K .......... .......... .......... .......... .......... 34% 71.7M 0s
- 18450K .......... .......... .......... .......... .......... 34% 73.8M 0s
- 18500K .......... .......... .......... .......... .......... 34% 86.8M 0s
- 18550K .......... .......... .......... .......... .......... 34%  220M 0s
- 18600K .......... .......... .......... .......... .......... 34%  242M 0s
- 18650K .......... .......... .......... .......... .......... 35%  234M 0s
- 18700K .......... .......... .......... .......... .......... 35%  218M 0s
- 18750K .......... .......... .......... .......... .......... 35%  252M 0s
- 18800K .......... .......... .......... .......... .......... 35%  227M 0s
- 18850K .......... .......... .......... .......... .......... 35%  183M 0s
- 18900K .......... .......... .......... .......... .......... 35%  223M 0s
- 18950K .......... .......... .......... .......... .......... 35% 21.9M 0s
- 19000K .......... .......... .......... .......... .......... 35% 55.1M 0s
- 19050K .......... .......... .......... .......... .......... 35%  190M 0s
- 19100K .......... .......... .......... .......... .......... 35% 55.9M 0s
- 19150K .......... .......... .......... .......... .......... 35% 71.8M 0s
- 19200K .......... .......... .......... .......... .......... 36% 91.0M 0s
- 19250K .......... .......... .......... .......... .......... 36% 82.9M 0s
- 19300K .......... .......... .......... .......... .......... 36% 70.8M 0s
- 19350K .......... .......... .......... .......... .......... 36% 86.4M 0s
- 19400K .......... .......... .......... .......... .......... 36%  249M 0s
- 19450K .......... .......... .......... .......... .......... 36%  228M 0s
- 19500K .......... .......... .......... .......... .......... 36%  213M 0s
- 19550K .......... .......... .......... .......... .......... 36%  233M 0s
- 19600K .......... .......... .......... .......... .......... 36%  261M 0s
- 19650K .......... .......... .......... .......... .......... 36%  254M 0s
- 19700K .......... .......... .......... .......... .......... 36% 27.8M 0s
- 19750K .......... .......... .......... .......... .......... 37% 43.1M 0s
- 19800K .......... .......... .......... .......... .......... 37% 69.4M 0s
- 19850K .......... .......... .......... .......... .......... 37%  100M 0s
- 19900K .......... .......... .......... .......... .......... 37% 79.2M 0s
- 19950K .......... .......... .......... .......... .......... 37% 66.6M 0s
- 20000K .......... .......... .......... .......... .......... 37% 81.2M 0s
- 20050K .......... .......... .......... .......... .......... 37% 84.1M 0s
+ 13400K .......... .......... .......... .......... .......... 25%  236M 1s
+ 13450K .......... .......... .......... .......... .......... 25%  208M 1s
+ 13500K .......... .......... .......... .......... .......... 25% 99.4M 1s
+ 13550K .......... .......... .......... .......... .......... 25% 85.7M 1s
+ 13600K .......... .......... .......... .......... .......... 25% 71.0M 1s
+ 13650K .......... .......... .......... .......... .......... 25% 87.7M 1s
+ 13700K .......... .......... .......... .......... .......... 25% 81.7M 1s
+ 13750K .......... .......... .......... .......... .......... 25% 92.1M 1s
+ 13800K .......... .......... .......... .......... .......... 25% 82.2M 1s
+ 13850K .......... .......... .......... .......... .......... 26% 73.7M 1s
+ 13900K .......... .......... .......... .......... .......... 26% 64.4M 1s
+ 13950K .......... .......... .......... .......... .......... 26% 73.5M 1s
+ 14000K .......... .......... .......... .......... .......... 26% 81.2M 1s
+ 14050K .......... .......... .......... .......... .......... 26% 69.9M 1s
+ 14100K .......... .......... .......... .......... .......... 26% 87.7M 1s
+ 14150K .......... .......... .......... .......... .......... 26%  159M 0s
+ 14200K .......... .......... .......... .......... .......... 26%  223M 0s
+ 14250K .......... .......... .......... .......... .......... 26%  189M 0s
+ 14300K .......... .......... .......... .......... .......... 26% 64.5M 0s
+ 14350K .......... .......... .......... .......... .......... 26% 65.3M 0s
+ 14400K .......... .......... .......... .......... .......... 27%  253M 0s
+ 14450K .......... .......... .......... .......... .......... 27%  187M 0s
+ 14500K .......... .......... .......... .......... .......... 27%  238M 0s
+ 14550K .......... .......... .......... .......... .......... 27%  119M 0s
+ 14600K .......... .......... .......... .......... .......... 27% 81.1M 0s
+ 14650K .......... .......... .......... .......... .......... 27% 97.7M 0s
+ 14700K .......... .......... .......... .......... .......... 27% 71.6M 0s
+ 14750K .......... .......... .......... .......... .......... 27% 69.6M 0s
+ 14800K .......... .......... .......... .......... .......... 27% 95.3M 0s
+ 14850K .......... .......... .......... .......... .......... 27% 69.8M 0s
+ 14900K .......... .......... .......... .......... .......... 27% 78.9M 0s
+ 14950K .......... .......... .......... .......... .......... 28% 63.6M 0s
+ 15000K .......... .......... .......... .......... .......... 28%  115M 0s
+ 15050K .......... .......... .......... .......... .......... 28% 83.0M 0s
+ 15100K .......... .......... .......... .......... .......... 28%  233M 0s
+ 15150K .......... .......... .......... .......... .......... 28%  231M 0s
+ 15200K .......... .......... .......... .......... .......... 28% 76.7M 0s
+ 15250K .......... .......... .......... .......... .......... 28% 75.3M 0s
+ 15300K .......... .......... .......... .......... .......... 28%  106M 0s
+ 15350K .......... .......... .......... .......... .......... 28%  157M 0s
+ 15400K .......... .......... .......... .......... .......... 28%  228M 0s
+ 15450K .......... .......... .......... .......... .......... 29%  207M 0s
+ 15500K .......... .......... .......... .......... .......... 29%  252M 0s
+ 15550K .......... .......... .......... .......... .......... 29%  247M 0s
+ 15600K .......... .......... .......... .......... .......... 29%  250M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  113M 0s
+ 15700K .......... .......... .......... .......... .......... 29% 87.6M 0s
+ 15750K .......... .......... .......... .......... .......... 29% 88.7M 0s
+ 15800K .......... .......... .......... .......... .......... 29% 83.7M 0s
+ 15850K .......... .......... .......... .......... .......... 29% 55.5M 0s
+ 15900K .......... .......... .......... .......... .......... 29% 72.5M 0s
+ 15950K .......... .......... .......... .......... .......... 29% 83.0M 0s
+ 16000K .......... .......... .......... .......... .......... 30% 69.2M 0s
+ 16050K .......... .......... .......... .......... .......... 30%  112M 0s
+ 16100K .......... .......... .......... .......... .......... 30%  251M 0s
+ 16150K .......... .......... .......... .......... .......... 30%  233M 0s
+ 16200K .......... .......... .......... .......... .......... 30% 93.0M 0s
+ 16250K .......... .......... .......... .......... .......... 30% 69.4M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  229M 0s
+ 16350K .......... .......... .......... .......... .......... 30%  242M 0s
+ 16400K .......... .......... .......... .......... .......... 30%  258M 0s
+ 16450K .......... .......... .......... .......... .......... 30%  218M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  253M 0s
+ 16550K .......... .......... .......... .......... .......... 31%  228M 0s
+ 16600K .......... .......... .......... .......... .......... 31%  249M 0s
+ 16650K .......... .......... .......... .......... .......... 31%  215M 0s
+ 16700K .......... .......... .......... .......... .......... 31%  237M 0s
+ 16750K .......... .......... .......... .......... .......... 31%  184M 0s
+ 16800K .......... .......... .......... .......... .......... 31% 68.5M 0s
+ 16850K .......... .......... .......... .......... .......... 31% 64.5M 0s
+ 16900K .......... .......... .......... .......... .......... 31% 98.1M 0s
+ 16950K .......... .......... .......... .......... .......... 31% 79.4M 0s
+ 17000K .......... .......... .......... .......... .......... 31% 65.5M 0s
+ 17050K .......... .......... .......... .......... .......... 32% 92.0M 0s
+ 17100K .......... .......... .......... .......... .......... 32% 75.3M 0s
+ 17150K .......... .......... .......... .......... .......... 32%  189M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  215M 0s
+ 17250K .......... .......... .......... .......... .......... 32% 70.5M 0s
+ 17300K .......... .......... .......... .......... .......... 32% 49.9M 0s
+ 17350K .......... .......... .......... .......... .......... 32%  111M 0s
+ 17400K .......... .......... .......... .......... .......... 32% 72.6M 0s
+ 17450K .......... .......... .......... .......... .......... 32% 65.6M 0s
+ 17500K .......... .......... .......... .......... .......... 32% 90.0M 0s
+ 17550K .......... .......... .......... .......... .......... 32% 98.4M 0s
+ 17600K .......... .......... .......... .......... .......... 33%  242M 0s
+ 17650K .......... .......... .......... .......... .......... 33%  209M 0s
+ 17700K .......... .......... .......... .......... .......... 33%  245M 0s
+ 17750K .......... .......... .......... .......... .......... 33%  241M 0s
+ 17800K .......... .......... .......... .......... .......... 33%  230M 0s
+ 17850K .......... .......... .......... .......... .......... 33%  180M 0s
+ 17900K .......... .......... .......... .......... .......... 33% 29.5M 0s
+ 17950K .......... .......... .......... .......... .......... 33% 47.7M 0s
+ 18000K .......... .......... .......... .......... .......... 33% 73.0M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  214M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  210M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  238M 0s
+ 18200K .......... .......... .......... .......... .......... 34% 31.4M 0s
+ 18250K .......... .......... .......... .......... .......... 34% 65.1M 0s
+ 18300K .......... .......... .......... .......... .......... 34% 99.5M 0s
+ 18350K .......... .......... .......... .......... .......... 34% 84.9M 0s
+ 18400K .......... .......... .......... .......... .......... 34%  174M 0s
+ 18450K .......... .......... .......... .......... .......... 34% 51.4M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  170M 0s
+ 18550K .......... .......... .......... .......... .......... 34%  234M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  253M 0s
+ 18650K .......... .......... .......... .......... .......... 35%  217M 0s
+ 18700K .......... .......... .......... .......... .......... 35%  242M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  245M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  199M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  119M 0s
+ 18900K .......... .......... .......... .......... .......... 35% 73.2M 0s
+ 18950K .......... .......... .......... .......... .......... 35% 71.3M 0s
+ 19000K .......... .......... .......... .......... .......... 35% 96.8M 0s
+ 19050K .......... .......... .......... .......... .......... 35%  124M 0s
+ 19100K .......... .......... .......... .......... .......... 35%  248M 0s
+ 19150K .......... .......... .......... .......... .......... 35%  122M 0s
+ 19200K .......... .......... .......... .......... .......... 36% 43.1M 0s
+ 19250K .......... .......... .......... .......... .......... 36% 64.7M 0s
+ 19300K .......... .......... .......... .......... .......... 36% 79.1M 0s
+ 19350K .......... .......... .......... .......... .......... 36% 74.9M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  161M 0s
+ 19450K .......... .......... .......... .......... .......... 36% 47.6M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  123M 0s
+ 19550K .......... .......... .......... .......... .......... 36%  252M 0s
+ 19600K .......... .......... .......... .......... .......... 36%  252M 0s
+ 19650K .......... .......... .......... .......... .......... 36%  218M 0s
+ 19700K .......... .......... .......... .......... .......... 36% 36.0M 0s
+ 19750K .......... .......... .......... .......... .......... 37% 59.5M 0s
+ 19800K .......... .......... .......... .......... .......... 37%  140M 0s
+ 19850K .......... .......... .......... .......... .......... 37% 76.7M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  114M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  254M 0s
+ 20000K .......... .......... .......... .......... .......... 37%  245M 0s
+ 20050K .......... .......... .......... .......... .......... 37% 40.0M 0s
  20100K .......... .......... .......... .......... .......... 37% 67.4M 0s
- 20150K .......... .......... .......... .......... .......... 37%  105M 0s
- 20200K .......... .......... .......... .......... .......... 37%  244M 0s
- 20250K .......... .......... .......... .......... .......... 38%  221M 0s
- 20300K .......... .......... .......... .......... .......... 38%  196M 0s
- 20350K .......... .......... .......... .......... .......... 38%  251M 0s
- 20400K .......... .......... .......... .......... .......... 38%  244M 0s
- 20450K .......... .......... .......... .......... .......... 38%  234M 0s
- 20500K .......... .......... .......... .......... .......... 38% 34.3M 0s
- 20550K .......... .......... .......... .......... .......... 38% 69.3M 0s
- 20600K .......... .......... .......... .......... .......... 38% 78.7M 0s
- 20650K .......... .......... .......... .......... .......... 38% 92.6M 0s
- 20700K .......... .......... .......... .......... .......... 38%  167M 0s
- 20750K .......... .......... .......... .......... .......... 38% 57.9M 0s
- 20800K .......... .......... .......... .......... .......... 39% 72.6M 0s
- 20850K .......... .......... .......... .......... .......... 39% 66.3M 0s
- 20900K .......... .......... .......... .......... .......... 39% 74.8M 0s
- 20950K .......... .......... .......... .......... .......... 39%  104M 0s
- 21000K .......... .......... .......... .......... .......... 39% 99.8M 0s
- 21050K .......... .......... .......... .......... .......... 39%  251M 0s
- 21100K .......... .......... .......... .......... .......... 39%  245M 0s
- 21150K .......... .......... .......... .......... .......... 39%  219M 0s
- 21200K .......... .......... .......... .......... .......... 39% 99.5M 0s
- 21250K .......... .......... .......... .......... .......... 39%  241M 0s
- 21300K .......... .......... .......... .......... .......... 39%  223M 0s
- 21350K .......... .......... .......... .......... .......... 40% 34.8M 0s
- 21400K .......... .......... .......... .......... .......... 40% 83.0M 0s
- 21450K .......... .......... .......... .......... .......... 40% 71.2M 0s
- 21500K .......... .......... .......... .......... .......... 40% 90.0M 0s
- 21550K .......... .......... .......... .......... .......... 40%  122M 0s
- 21600K .......... .......... .......... .......... .......... 40% 75.6M 0s
- 21650K .......... .......... .......... .......... .......... 40%  124M 0s
- 21700K .......... .......... .......... .......... .......... 40%  233M 0s
- 21750K .......... .......... .......... .......... .......... 40%  225M 0s
- 21800K .......... .......... .......... .......... .......... 40%  234M 0s
- 21850K .......... .......... .......... .......... .......... 41%  256M 0s
- 21900K .......... .......... .......... .......... .......... 41%  259M 0s
- 21950K .......... .......... .......... .......... .......... 41%  194M 0s
- 22000K .......... .......... .......... .......... .......... 41% 36.9M 0s
- 22050K .......... .......... .......... .......... .......... 41% 51.0M 0s
- 22100K .......... .......... .......... .......... .......... 41%  246M 0s
- 22150K .......... .......... .......... .......... .......... 41% 63.4M 0s
- 22200K .......... .......... .......... .......... .......... 41% 66.1M 0s
- 22250K .......... .......... .......... .......... .......... 41% 73.4M 0s
- 22300K .......... .......... .......... .......... .......... 41% 76.0M 0s
- 22350K .......... .......... .......... .......... .......... 41% 95.9M 0s
- 22400K .......... .......... .......... .......... .......... 42%  140M 0s
- 22450K .......... .......... .......... .......... .......... 42% 75.2M 0s
- 22500K .......... .......... .......... .......... .......... 42%  221M 0s
- 22550K .......... .......... .......... .......... .......... 42% 46.3M 0s
- 22600K .......... .......... .......... .......... .......... 42% 61.4M 0s
- 22650K .......... .......... .......... .......... .......... 42%  103M 0s
- 22700K .......... .......... .......... .......... .......... 42%  248M 0s
- 22750K .......... .......... .......... .......... .......... 42%  199M 0s
- 22800K .......... .......... .......... .......... .......... 42%  222M 0s
- 22850K .......... .......... .......... .......... .......... 42%  163M 0s
- 22900K .......... .......... .......... .......... .......... 42% 81.4M 0s
- 22950K .......... .......... .......... .......... .......... 43%  214M 0s
- 23000K .......... .......... .......... .......... .......... 43%  226M 0s
- 23050K .......... .......... .......... .......... .......... 43%  104M 0s
- 23100K .......... .......... .......... .......... .......... 43% 70.4M 0s
- 23150K .......... .......... .......... .......... .......... 43% 57.3M 0s
- 23200K .......... .......... .......... .......... .......... 43%  110M 0s
- 23250K .......... .......... .......... .......... .......... 43% 70.9M 0s
- 23300K .......... .......... .......... .......... .......... 43%  204M 0s
- 23350K .......... .......... .......... .......... .......... 43% 70.8M 0s
- 23400K .......... .......... .......... .......... .......... 43%  217M 0s
- 23450K .......... .......... .......... .......... .......... 44%  235M 0s
- 23500K .......... .......... .......... .......... .......... 44%  256M 0s
- 23550K .......... .......... .......... .......... .......... 44%  103M 0s
- 23600K .......... .......... .......... .......... .......... 44% 71.1M 0s
- 23650K .......... .......... .......... .......... .......... 44% 67.5M 0s
- 23700K .......... .......... .......... .......... .......... 44% 97.5M 0s
- 23750K .......... .......... .......... .......... .......... 44% 78.7M 0s
- 23800K .......... .......... .......... .......... .......... 44% 89.2M 0s
- 23850K .......... .......... .......... .......... .......... 44%  253M 0s
- 23900K .......... .......... .......... .......... .......... 44%  232M 0s
- 23950K .......... .......... .......... .......... .......... 44% 64.2M 0s
- 24000K .......... .......... .......... .......... .......... 45%  236M 0s
- 24050K .......... .......... .......... .......... .......... 45%  254M 0s
- 24100K .......... .......... .......... .......... .......... 45%  208M 0s
- 24150K .......... .......... .......... .......... .......... 45%  230M 0s
- 24200K .......... .......... .......... .......... .......... 45%  246M 0s
- 24250K .......... .......... .......... .......... .......... 45%  239M 0s
- 24300K .......... .......... .......... .......... .......... 45% 96.8M 0s
- 24350K .......... .......... .......... .......... .......... 45%  105M 0s
- 24400K .......... .......... .......... .......... .......... 45% 66.8M 0s
- 24450K .......... .......... .......... .......... .......... 45% 81.4M 0s
- 24500K .......... .......... .......... .......... .......... 45% 76.0M 0s
- 24550K .......... .......... .......... .......... .......... 46% 79.1M 0s
- 24600K .......... .......... .......... .......... .......... 46% 73.0M 0s
- 24650K .......... .......... .......... .......... .......... 46% 97.7M 0s
- 24700K .......... .......... .......... .......... .......... 46% 89.6M 0s
- 24750K .......... .......... .......... .......... .......... 46% 64.5M 0s
- 24800K .......... .......... .......... .......... .......... 46%  120M 0s
- 24850K .......... .......... .......... .......... .......... 46%  219M 0s
- 24900K .......... .......... .......... .......... .......... 46%  221M 0s
- 24950K .......... .......... .......... .......... .......... 46% 91.6M 0s
- 25000K .......... .......... .......... .......... .......... 46% 75.2M 0s
- 25050K .......... .......... .......... .......... .......... 47% 79.1M 0s
- 25100K .......... .......... .......... .......... .......... 47% 65.3M 0s
- 25150K .......... .......... .......... .......... .......... 47%  102M 0s
- 25200K .......... .......... .......... .......... .......... 47%  240M 0s
- 25250K .......... .......... .......... .......... .......... 47%  230M 0s
- 25300K .......... .......... .......... .......... .......... 47%  253M 0s
- 25350K .......... .......... .......... .......... .......... 47%  212M 0s
- 25400K .......... .......... .......... .......... .......... 47%  243M 0s
+ 20150K .......... .......... .......... .......... .......... 37% 85.9M 0s
+ 20200K .......... .......... .......... .......... .......... 37% 72.8M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  113M 0s
+ 20300K .......... .......... .......... .......... .......... 38% 80.0M 0s
+ 20350K .......... .......... .......... .......... .......... 38% 78.6M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  201M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  192M 0s
+ 20500K .......... .......... .......... .......... .......... 38%  246M 0s
+ 20550K .......... .......... .......... .......... .......... 38%  231M 0s
+ 20600K .......... .......... .......... .......... .......... 38%  245M 0s
+ 20650K .......... .......... .......... .......... .......... 38%  249M 0s
+ 20700K .......... .......... .......... .......... .......... 38% 20.5M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  130M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  233M 0s
+ 20850K .......... .......... .......... .......... .......... 39%  220M 0s
+ 20900K .......... .......... .......... .......... .......... 39%  217M 0s
+ 20950K .......... .......... .......... .......... .......... 39% 73.2M 0s
+ 21000K .......... .......... .......... .......... .......... 39% 72.2M 0s
+ 21050K .......... .......... .......... .......... .......... 39% 80.4M 0s
+ 21100K .......... .......... .......... .......... .......... 39% 53.4M 0s
+ 21150K .......... .......... .......... .......... .......... 39% 86.9M 0s
+ 21200K .......... .......... .......... .......... .......... 39%  183M 0s
+ 21250K .......... .......... .......... .......... .......... 39% 72.3M 0s
+ 21300K .......... .......... .......... .......... .......... 39% 59.6M 0s
+ 21350K .......... .......... .......... .......... .......... 40% 69.9M 0s
+ 21400K .......... .......... .......... .......... .......... 40% 99.4M 0s
+ 21450K .......... .......... .......... .......... .......... 40%  187M 0s
+ 21500K .......... .......... .......... .......... .......... 40%  203M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  252M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  243M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  249M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  117M 0s
+ 21750K .......... .......... .......... .......... .......... 40% 75.8M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  195M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  218M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  129M 0s
+ 21950K .......... .......... .......... .......... .......... 41% 58.0M 0s
+ 22000K .......... .......... .......... .......... .......... 41% 79.1M 0s
+ 22050K .......... .......... .......... .......... .......... 41% 71.7M 0s
+ 22100K .......... .......... .......... .......... .......... 41% 76.1M 0s
+ 22150K .......... .......... .......... .......... .......... 41%  113M 0s
+ 22200K .......... .......... .......... .......... .......... 41% 91.9M 0s
+ 22250K .......... .......... .......... .......... .......... 41%  235M 0s
+ 22300K .......... .......... .......... .......... .......... 41%  251M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  228M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  205M 0s
+ 22450K .......... .......... .......... .......... .......... 42%  224M 0s
+ 22500K .......... .......... .......... .......... .......... 42%  237M 0s
+ 22550K .......... .......... .......... .......... .......... 42%  119M 0s
+ 22600K .......... .......... .......... .......... .......... 42% 64.6M 0s
+ 22650K .......... .......... .......... .......... .......... 42% 66.4M 0s
+ 22700K .......... .......... .......... .......... .......... 42% 79.6M 0s
+ 22750K .......... .......... .......... .......... .......... 42% 95.2M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  130M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  247M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  225M 0s
+ 22950K .......... .......... .......... .......... .......... 43% 60.9M 0s
+ 23000K .......... .......... .......... .......... .......... 43% 81.6M 0s
+ 23050K .......... .......... .......... .......... .......... 43% 82.6M 0s
+ 23100K .......... .......... .......... .......... .......... 43% 59.5M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  111M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  144M 0s
+ 23250K .......... .......... .......... .......... .......... 43% 55.4M 0s
+ 23300K .......... .......... .......... .......... .......... 43% 66.3M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  214M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  248M 0s
+ 23450K .......... .......... .......... .......... .......... 44%  254M 0s
+ 23500K .......... .......... .......... .......... .......... 44%  185M 0s
+ 23550K .......... .......... .......... .......... .......... 44%  250M 0s
+ 23600K .......... .......... .......... .......... .......... 44% 25.9M 0s
+ 23650K .......... .......... .......... .......... .......... 44% 94.9M 0s
+ 23700K .......... .......... .......... .......... .......... 44%  209M 0s
+ 23750K .......... .......... .......... .......... .......... 44%  202M 0s
+ 23800K .......... .......... .......... .......... .......... 44% 77.1M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  106M 0s
+ 23900K .......... .......... .......... .......... .......... 44% 51.5M 0s
+ 23950K .......... .......... .......... .......... .......... 44% 94.5M 0s
+ 24000K .......... .......... .......... .......... .......... 45% 66.5M 0s
+ 24050K .......... .......... .......... .......... .......... 45%  172M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  103M 0s
+ 24150K .......... .......... .......... .......... .......... 45%  140M 0s
+ 24200K .......... .......... .......... .......... .......... 45% 66.0M 0s
+ 24250K .......... .......... .......... .......... .......... 45% 77.5M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  196M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  172M 0s
+ 24400K .......... .......... .......... .......... .......... 45% 45.3M 0s
+ 24450K .......... .......... .......... .......... .......... 45% 74.2M 0s
+ 24500K .......... .......... .......... .......... .......... 45% 67.6M 0s
+ 24550K .......... .......... .......... .......... .......... 46%  140M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  231M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  247M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  211M 0s
+ 24750K .......... .......... .......... .......... .......... 46%  223M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  255M 0s
+ 24850K .......... .......... .......... .......... .......... 46% 32.7M 0s
+ 24900K .......... .......... .......... .......... .......... 46% 45.2M 0s
+ 24950K .......... .......... .......... .......... .......... 46% 84.0M 0s
+ 25000K .......... .......... .......... .......... .......... 46% 83.0M 0s
+ 25050K .......... .......... .......... .......... .......... 47% 74.0M 0s
+ 25100K .......... .......... .......... .......... .......... 47% 73.4M 0s
+ 25150K .......... .......... .......... .......... .......... 47% 65.3M 0s
+ 25200K .......... .......... .......... .......... .......... 47% 77.4M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  151M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  192M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  207M 0s
+ 25400K .......... .......... .......... .......... .......... 47%  251M 0s
  25450K .......... .......... .......... .......... .......... 47%  254M 0s
- 25500K .......... .......... .......... .......... .......... 47% 79.3M 0s
- 25550K .......... .......... .......... .......... .......... 47% 62.5M 0s
- 25600K .......... .......... .......... .......... .......... 48% 78.5M 0s
- 25650K .......... .......... .......... .......... .......... 48% 65.2M 0s
- 25700K .......... .......... .......... .......... .......... 48% 78.5M 0s
- 25750K .......... .......... .......... .......... .......... 48% 73.4M 0s
- 25800K .......... .......... .......... .......... .......... 48%  243M 0s
- 25850K .......... .......... .......... .......... .......... 48%  243M 0s
- 25900K .......... .......... .......... .......... .......... 48%  109M 0s
- 25950K .......... .......... .......... .......... .......... 48% 60.5M 0s
- 26000K .......... .......... .......... .......... .......... 48% 72.1M 0s
- 26050K .......... .......... .......... .......... .......... 48% 99.5M 0s
- 26100K .......... .......... .......... .......... .......... 48% 74.9M 0s
- 26150K .......... .......... .......... .......... .......... 49%  112M 0s
- 26200K .......... .......... .......... .......... .......... 49%  228M 0s
- 26250K .......... .......... .......... .......... .......... 49%  244M 0s
- 26300K .......... .......... .......... .......... .......... 49%  253M 0s
- 26350K .......... .......... .......... .......... .......... 49%  177M 0s
- 26400K .......... .......... .......... .......... .......... 49%  150M 0s
- 26450K .......... .......... .......... .......... .......... 49% 77.4M 0s
- 26500K .......... .......... .......... .......... .......... 49%  118M 0s
- 26550K .......... .......... .......... .......... .......... 49%  145M 0s
- 26600K .......... .......... .......... .......... .......... 49%  160M 0s
- 26650K .......... .......... .......... .......... .......... 49%  158M 0s
- 26700K .......... .......... .......... .......... .......... 50%  166M 0s
- 26750K .......... .......... .......... .......... .......... 50%  138M 0s
- 26800K .......... .......... .......... .......... .......... 50%  171M 0s
- 26850K .......... .......... .......... .......... .......... 50%  169M 0s
- 26900K .......... .......... .......... .......... .......... 50%  172M 0s
- 26950K .......... .......... .......... .......... .......... 50%  165M 0s
- 27000K .......... .......... .......... .......... .......... 50%  174M 0s
- 27050K .......... .......... .......... .......... .......... 50%  202M 0s
- 27100K .......... .......... .......... .......... .......... 50%  178M 0s
- 27150K .......... .......... .......... .......... .......... 50%  152M 0s
- 27200K .......... .......... .......... .......... .......... 51%  184M 0s
- 27250K .......... .......... .......... .......... .......... 51%  218M 0s
- 27300K .......... .......... .......... .......... .......... 51%  241M 0s
- 27350K .......... .......... .......... .......... .......... 51%  208M 0s
- 27400K .......... .......... .......... .......... .......... 51%  173M 0s
- 27450K .......... .......... .......... .......... .......... 51%  191M 0s
- 27500K .......... .......... .......... .......... .......... 51%  165M 0s
- 27550K .......... .......... .......... .......... .......... 51%  151M 0s
- 27600K .......... .......... .......... .......... .......... 51%  178M 0s
- 27650K .......... .......... .......... .......... .......... 51%  172M 0s
- 27700K .......... .......... .......... .......... .......... 51%  158M 0s
- 27750K .......... .......... .......... .......... .......... 52%  148M 0s
- 27800K .......... .......... .......... .......... .......... 52%  161M 0s
- 27850K .......... .......... .......... .......... .......... 52%  208M 0s
- 27900K .......... .......... .......... .......... .......... 52%  226M 0s
- 27950K .......... .......... .......... .......... .......... 52%  212M 0s
- 28000K .......... .......... .......... .......... .......... 52%  253M 0s
- 28050K .......... .......... .......... .......... .......... 52%  239M 0s
- 28100K .......... .......... .......... .......... .......... 52%  251M 0s
- 28150K .......... .......... .......... .......... .......... 52%  167M 0s
- 28200K .......... .......... .......... .......... .......... 52%  177M 0s
+ 25500K .......... .......... .......... .......... .......... 47%  202M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  188M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  238M 0s
+ 25650K .......... .......... .......... .......... .......... 48% 68.1M 0s
+ 25700K .......... .......... .......... .......... .......... 48% 21.4M 0s
+ 25750K .......... .......... .......... .......... .......... 48% 82.7M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  118M 0s
+ 25850K .......... .......... .......... .......... .......... 48% 78.3M 0s
+ 25900K .......... .......... .......... .......... .......... 48% 61.6M 0s
+ 25950K .......... .......... .......... .......... .......... 48% 72.1M 0s
+ 26000K .......... .......... .......... .......... .......... 48% 67.5M 0s
+ 26050K .......... .......... .......... .......... .......... 48% 79.5M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  104M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  240M 0s
+ 26200K .......... .......... .......... .......... .......... 49%  254M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  231M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  129M 0s
+ 26350K .......... .......... .......... .......... .......... 49%  248M 0s
+ 26400K .......... .......... .......... .......... .......... 49%  222M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  219M 0s
+ 26500K .......... .......... .......... .......... .......... 49% 30.9M 0s
+ 26550K .......... .......... .......... .......... .......... 49% 95.7M 0s
+ 26600K .......... .......... .......... .......... .......... 49% 77.8M 0s
+ 26650K .......... .......... .......... .......... .......... 49% 73.0M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  113M 0s
+ 26750K .......... .......... .......... .......... .......... 50% 55.7M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  139M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  130M 0s
+ 26900K .......... .......... .......... .......... .......... 50% 49.1M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  137M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  231M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  230M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  135M 0s
+ 27150K .......... .......... .......... .......... .......... 50%  156M 0s
+ 27200K .......... .......... .......... .......... .......... 51%  168M 0s
+ 27250K .......... .......... .......... .......... .......... 51%  166M 0s
+ 27300K .......... .......... .......... .......... .......... 51%  157M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  185M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  165M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  201M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  215M 0s
+ 27550K .......... .......... .......... .......... .......... 51%  236M 0s
+ 27600K .......... .......... .......... .......... .......... 51%  175M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  197M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  143M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  142M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  178M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  172M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  155M 0s
+ 27950K .......... .......... .......... .......... .......... 52%  169M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  169M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  164M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  196M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  161M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  165M 0s
  28250K .......... .......... .......... .......... .......... 52%  164M 0s
- 28300K .......... .......... .......... .......... .......... 53%  178M 0s
- 28350K .......... .......... .......... .......... .......... 53%  152M 0s
- 28400K .......... .......... .......... .......... .......... 53%  172M 0s
+ 28300K .......... .......... .......... .......... .......... 53%  183M 0s
+ 28350K .......... .......... .......... .......... .......... 53%  193M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  177M 0s
  28450K .......... .......... .......... .......... .......... 53%  186M 0s
- 28500K .......... .......... .......... .......... .......... 53%  174M 0s
- 28550K .......... .......... .......... .......... .......... 53%  151M 0s
- 28600K .......... .......... .......... .......... .......... 53%  187M 0s
- 28650K .......... .......... .......... .......... .......... 53%  153M 0s
- 28700K .......... .......... .......... .......... .......... 53%  163M 0s
- 28750K .......... .......... .......... .......... .......... 53%  129M 0s
- 28800K .......... .......... .......... .......... .......... 54%  172M 0s
- 28850K .......... .......... .......... .......... .......... 54%  180M 0s
- 28900K .......... .......... .......... .......... .......... 54%  151M 0s
- 28950K .......... .......... .......... .......... .......... 54%  171M 0s
- 29000K .......... .......... .......... .......... .......... 54%  165M 0s
- 29050K .......... .......... .......... .......... .......... 54%  188M 0s
- 29100K .......... .......... .......... .......... .......... 54%  172M 0s
- 29150K .......... .......... .......... .......... .......... 54%  148M 0s
- 29200K .......... .......... .......... .......... .......... 54%  187M 0s
- 29250K .......... .......... .......... .......... .......... 54%  184M 0s
- 29300K .......... .......... .......... .......... .......... 54%  191M 0s
- 29350K .......... .......... .......... .......... .......... 55%  151M 0s
- 29400K .......... .......... .......... .......... .......... 55%  182M 0s
- 29450K .......... .......... .......... .......... .......... 55%  174M 0s
- 29500K .......... .......... .......... .......... .......... 55%  174M 0s
- 29550K .......... .......... .......... .......... .......... 55%  152M 0s
+ 28500K .......... .......... .......... .......... .......... 53%  150M 0s
+ 28550K .......... .......... .......... .......... .......... 53%  184M 0s
+ 28600K .......... .......... .......... .......... .......... 53%  186M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  190M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  154M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  174M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  253M 0s
+ 28850K .......... .......... .......... .......... .......... 54%  184M 0s
+ 28900K .......... .......... .......... .......... .......... 54%  164M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  172M 0s
+ 29000K .......... .......... .......... .......... .......... 54%  179M 0s
+ 29050K .......... .......... .......... .......... .......... 54%  170M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  142M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  146M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  175M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  180M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  147M 0s
+ 29350K .......... .......... .......... .......... .......... 55%  171M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  167M 0s
+ 29450K .......... .......... .......... .......... .......... 55%  160M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  164M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  171M 0s
  29600K .......... .......... .......... .......... .......... 55%  182M 0s
- 29650K .......... .......... .......... .......... .......... 55%  180M 0s
- 29700K .......... .......... .......... .......... .......... 55%  182M 0s
- 29750K .......... .......... .......... .......... .......... 55%  150M 0s
- 29800K .......... .......... .......... .......... .......... 55%  174M 0s
- 29850K .......... .......... .......... .......... .......... 55%  170M 0s
- 29900K .......... .......... .......... .......... .......... 56%  189M 0s
- 29950K .......... .......... .......... .......... .......... 56%  157M 0s
- 30000K .......... .......... .......... .......... .......... 56%  258M 0s
- 30050K .......... .......... .......... .......... .......... 56%  233M 0s
- 30100K .......... .......... .......... .......... .......... 56%  231M 0s
- 30150K .......... .......... .......... .......... .......... 56%  162M 0s
- 30200K .......... .......... .......... .......... .......... 56%  176M 0s
- 30250K .......... .......... .......... .......... .......... 56%  164M 0s
- 30300K .......... .......... .......... .......... .......... 56%  181M 0s
- 30350K .......... .......... .......... .......... .......... 56%  137M 0s
- 30400K .......... .......... .......... .......... .......... 57%  162M 0s
- 30450K .......... .......... .......... .......... .......... 57%  175M 0s
- 30500K .......... .......... .......... .......... .......... 57%  154M 0s
- 30550K .......... .......... .......... .......... .......... 57%  152M 0s
- 30600K .......... .......... .......... .......... .......... 57%  178M 0s
- 30650K .......... .......... .......... .......... .......... 57%  192M 0s
- 30700K .......... .......... .......... .......... .......... 57%  181M 0s
- 30750K .......... .......... .......... .......... .......... 57%  184M 0s
- 30800K .......... .......... .......... .......... .......... 57%  150M 0s
- 30850K .......... .......... .......... .......... .......... 57%  186M 0s
- 30900K .......... .......... .......... .......... .......... 57%  145M 0s
- 30950K .......... .......... .......... .......... .......... 58%  170M 0s
- 31000K .......... .......... .......... .......... .......... 58%  158M 0s
- 31050K .......... .......... .......... .......... .......... 58%  190M 0s
- 31100K .......... .......... .......... .......... .......... 58%  208M 0s
- 31150K .......... .......... .......... .......... .......... 58%  183M 0s
- 31200K .......... .......... .......... .......... .......... 58%  142M 0s
- 31250K .......... .......... .......... .......... .......... 58%  174M 0s
- 31300K .......... .......... .......... .......... .......... 58%  174M 0s
- 31350K .......... .......... .......... .......... .......... 58%  198M 0s
- 31400K .......... .......... .......... .......... .......... 58%  170M 0s
- 31450K .......... .......... .......... .......... .......... 58%  262M 0s
- 31500K .......... .......... .......... .......... .......... 59%  246M 0s
- 31550K .......... .......... .......... .......... .......... 59%  265M 0s
- 31600K .......... .......... .......... .......... .......... 59%  220M 0s
- 31650K .......... .......... .......... .......... .......... 59%  201M 0s
- 31700K .......... .......... .......... .......... .......... 59%  178M 0s
- 31750K .......... .......... .......... .......... .......... 59%  170M 0s
- 31800K .......... .......... .......... .......... .......... 59%  153M 0s
- 31850K .......... .......... .......... .......... .......... 59%  195M 0s
- 31900K .......... .......... .......... .......... .......... 59%  180M 0s
- 31950K .......... .......... .......... .......... .......... 59%  172M 0s
- 32000K .......... .......... .......... .......... .......... 60%  139M 0s
- 32050K .......... .......... .......... .......... .......... 60%  162M 0s
- 32100K .......... .......... .......... .......... .......... 60%  190M 0s
- 32150K .......... .......... .......... .......... .......... 60%  175M 0s
- 32200K .......... .......... .......... .......... .......... 60%  176M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  175M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  158M 0s
+ 29750K .......... .......... .......... .......... .......... 55%  189M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  185M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  248M 0s
+ 29900K .......... .......... .......... .......... .......... 56%  168M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  172M 0s
+ 30000K .......... .......... .......... .......... .......... 56%  182M 0s
+ 30050K .......... .......... .......... .......... .......... 56%  169M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  164M 0s
+ 30150K .......... .......... .......... .......... .......... 56%  188M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  244M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  246M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  136M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  166M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  161M 0s
+ 30450K .......... .......... .......... .......... .......... 57%  172M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  158M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  178M 0s
+ 30600K .......... .......... .......... .......... .......... 57%  171M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  181M 0s
+ 30700K .......... .......... .......... .......... .......... 57%  172M 0s
+ 30750K .......... .......... .......... .......... .......... 57%  157M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  149M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  254M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  244M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  222M 0s
+ 31000K .......... .......... .......... .......... .......... 58%  212M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  196M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  186M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  149M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  165M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  211M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  165M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  140M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  167M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  159M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  164M 0s
+ 31550K .......... .......... .......... .......... .......... 59%  158M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  182M 0s
+ 31650K .......... .......... .......... .......... .......... 59%  176M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  177M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  168M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  183M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  173M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  172M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  142M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  160M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  169M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  163M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  153M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  180M 0s
  32250K .......... .......... .......... .......... .......... 60%  174M 0s
- 32300K .......... .......... .......... .......... .......... 60%  181M 0s
- 32350K .......... .......... .......... .......... .......... 60%  194M 0s
- 32400K .......... .......... .......... .......... .......... 60%  210M 0s
- 32450K .......... .......... .......... .......... .......... 60%  239M 0s
- 32500K .......... .......... .......... .......... .......... 60%  242M 0s
- 32550K .......... .......... .......... .......... .......... 61%  152M 0s
- 32600K .......... .......... .......... .......... .......... 61%  194M 0s
- 32650K .......... .......... .......... .......... .......... 61%  173M 0s
- 32700K .......... .......... .......... .......... .......... 61%  179M 0s
- 32750K .......... .......... .......... .......... .......... 61%  163M 0s
+ 32300K .......... .......... .......... .......... .......... 60%  182M 0s
+ 32350K .......... .......... .......... .......... .......... 60%  139M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  159M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  125M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  157M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  157M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  170M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  169M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  162M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  159M 0s
  32800K .......... .......... .......... .......... .......... 61%  174M 0s
- 32850K .......... .......... .......... .......... .......... 61%  183M 0s
- 32900K .......... .......... .......... .......... .......... 61%  183M 0s
- 32950K .......... .......... .......... .......... .......... 61%  155M 0s
- 33000K .......... .......... .......... .......... .......... 61%  175M 0s
- 33050K .......... .......... .......... .......... .......... 61%  189M 0s
- 33100K .......... .......... .......... .......... .......... 62%  177M 0s
- 33150K .......... .......... .......... .......... .......... 62%  175M 0s
- 33200K .......... .......... .......... .......... .......... 62%  181M 0s
- 33250K .......... .......... .......... .......... .......... 62%  169M 0s
- 33300K .......... .......... .......... .......... .......... 62%  168M 0s
- 33350K .......... .......... .......... .......... .......... 62%  150M 0s
- 33400K .......... .......... .......... .......... .......... 62%  186M 0s
- 33450K .......... .......... .......... .......... .......... 62%  173M 0s
- 33500K .......... .......... .......... .......... .......... 62%  178M 0s
- 33550K .......... .......... .......... .......... .......... 62%  168M 0s
- 33600K .......... .......... .......... .......... .......... 63%  180M 0s
- 33650K .......... .......... .......... .......... .......... 63%  186M 0s
- 33700K .......... .......... .......... .......... .......... 63%  174M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  184M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  232M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  228M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  226M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  231M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  174M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  153M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  174M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  154M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  170M 0s
+ 33350K .......... .......... .......... .......... .......... 62%  145M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  165M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  176M 0s
+ 33500K .......... .......... .......... .......... .......... 62% 88.9M 0s
+ 33550K .......... .......... .......... .......... .......... 62%  122M 0s
+ 33600K .......... .......... .......... .......... .......... 63%  167M 0s
+ 33650K .......... .......... .......... .......... .......... 63%  176M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  185M 0s
  33750K .......... .......... .......... .......... .......... 63%  161M 0s
- 33800K .......... .......... .......... .......... .......... 63%  172M 0s
- 33850K .......... .......... .......... .......... .......... 63%  194M 0s
- 33900K .......... .......... .......... .......... .......... 63%  236M 0s
- 33950K .......... .......... .......... .......... .......... 63%  146M 0s
- 34000K .......... .......... .......... .......... .......... 63%  171M 0s
- 34050K .......... .......... .......... .......... .......... 63%  171M 0s
- 34100K .......... .......... .......... .......... .......... 63%  183M 0s
- 34150K .......... .......... .......... .......... .......... 64%  143M 0s
+ 33800K .......... .......... .......... .......... .......... 63%  189M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  190M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  158M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  130M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  215M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  193M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  187M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  167M 0s
  34200K .......... .......... .......... .......... .......... 64%  175M 0s
- 34250K .......... .......... .......... .......... .......... 64%  169M 0s
- 34300K .......... .......... .......... .......... .......... 64%  179M 0s
- 34350K .......... .......... .......... .......... .......... 64%  158M 0s
- 34400K .......... .......... .......... .......... .......... 64%  178M 0s
- 34450K .......... .......... .......... .......... .......... 64%  188M 0s
- 34500K .......... .......... .......... .......... .......... 64%  173M 0s
- 34550K .......... .......... .......... .......... .......... 64%  171M 0s
- 34600K .......... .......... .......... .......... .......... 64%  184M 0s
- 34650K .......... .......... .......... .......... .......... 64%  187M 0s
- 34700K .......... .......... .......... .......... .......... 65%  164M 0s
- 34750K .......... .......... .......... .......... .......... 65%  159M 0s
- 34800K .......... .......... .......... .......... .......... 65%  185M 0s
- 34850K .......... .......... .......... .......... .......... 65%  173M 0s
- 34900K .......... .......... .......... .......... .......... 65%  181M 0s
- 34950K .......... .......... .......... .......... .......... 65%  199M 0s
- 35000K .......... .......... .......... .......... .......... 65%  249M 0s
- 35050K .......... .......... .......... .......... .......... 65%  259M 0s
- 35100K .......... .......... .......... .......... .......... 65%  226M 0s
- 35150K .......... .......... .......... .......... .......... 65%  174M 0s
- 35200K .......... .......... .......... .......... .......... 66%  166M 0s
- 35250K .......... .......... .......... .......... .......... 66%  171M 0s
- 35300K .......... .......... .......... .......... .......... 66%  167M 0s
- 35350K .......... .......... .......... .......... .......... 66%  155M 0s
- 35400K .......... .......... .......... .......... .......... 66%  211M 0s
- 35450K .......... .......... .......... .......... .......... 66%  230M 0s
- 35500K .......... .......... .......... .......... .......... 66%  254M 0s
- 35550K .......... .......... .......... .......... .......... 66%  183M 0s
- 35600K .......... .......... .......... .......... .......... 66%  199M 0s
- 35650K .......... .......... .......... .......... .......... 66%  185M 0s
- 35700K .......... .......... .......... .......... .......... 66%  184M 0s
- 35750K .......... .......... .......... .......... .......... 67%  153M 0s
- 35800K .......... .......... .......... .......... .......... 67%  183M 0s
- 35850K .......... .......... .......... .......... .......... 67%  172M 0s
- 35900K .......... .......... .......... .......... .......... 67%  186M 0s
- 35950K .......... .......... .......... .......... .......... 67%  148M 0s
- 36000K .......... .......... .......... .......... .......... 67%  182M 0s
- 36050K .......... .......... .......... .......... .......... 67%  188M 0s
- 36100K .......... .......... .......... .......... .......... 67%  177M 0s
- 36150K .......... .......... .......... .......... .......... 67%  168M 0s
- 36200K .......... .......... .......... .......... .......... 67%  172M 0s
- 36250K .......... .......... .......... .......... .......... 67%  187M 0s
- 36300K .......... .......... .......... .......... .......... 68%  179M 0s
- 36350K .......... .......... .......... .......... .......... 68%  142M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  193M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  174M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  132M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  158M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  162M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  150M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  147M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  177M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  161M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  179M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  140M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  180M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  185M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  191M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  158M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  167M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  201M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  162M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  176M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  240M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  256M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  233M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  222M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  261M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  250M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  255M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  178M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  253M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  143M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  156M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  151M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  168M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  167M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  168M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  145M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  175M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  176M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  160M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  152M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  200M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  166M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  184M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  153M 0s
  36400K .......... .......... .......... .......... .......... 68%  167M 0s
- 36450K .......... .......... .......... .......... .......... 68%  178M 0s
- 36500K .......... .......... .......... .......... .......... 68%  183M 0s
- 36550K .......... .......... .......... .......... .......... 68%  164M 0s
- 36600K .......... .......... .......... .......... .......... 68%  194M 0s
- 36650K .......... .......... .......... .......... .......... 68%  180M 0s
- 36700K .......... .......... .......... .......... .......... 68%  175M 0s
- 36750K .......... .......... .......... .......... .......... 68%  171M 0s
- 36800K .......... .......... .......... .......... .......... 69%  173M 0s
- 36850K .......... .......... .......... .......... .......... 69%  164M 0s
- 36900K .......... .......... .......... .......... .......... 69%  241M 0s
- 36950K .......... .......... .......... .......... .......... 69%  167M 0s
- 37000K .......... .......... .......... .......... .......... 69%  181M 0s
- 37050K .......... .......... .......... .......... .......... 69%  143M 0s
- 37100K .......... .......... .......... .......... .......... 69%  165M 0s
- 37150K .......... .......... .......... .......... .......... 69%  163M 0s
- 37200K .......... .......... .......... .......... .......... 69%  186M 0s
- 37250K .......... .......... .......... .......... .......... 69%  102M 0s
- 37300K .......... .......... .......... .......... .......... 69%  171M 0s
- 37350K .......... .......... .......... .......... .......... 70%  181M 0s
- 37400K .......... .......... .......... .......... .......... 70%  167M 0s
- 37450K .......... .......... .......... .......... .......... 70%  141M 0s
- 37500K .......... .......... .......... .......... .......... 70%  198M 0s
- 37550K .......... .......... .......... .......... .......... 70%  160M 0s
- 37600K .......... .......... .......... .......... .......... 70%  164M 0s
- 37650K .......... .......... .......... .......... .......... 70%  170M 0s
- 37700K .......... .......... .......... .......... .......... 70%  184M 0s
- 37750K .......... .......... .......... .......... .......... 70%  145M 0s
- 37800K .......... .......... .......... .......... .......... 70%  253M 0s
- 37850K .......... .......... .......... .......... .......... 70%  230M 0s
- 37900K .......... .......... .......... .......... .......... 71%  258M 0s
- 37950K .......... .......... .......... .......... .......... 71%  227M 0s
- 38000K .......... .......... .......... .......... .......... 71%  224M 0s
- 38050K .......... .......... .......... .......... .......... 71%  202M 0s
- 38100K .......... .......... .......... .......... .......... 71%  173M 0s
- 38150K .......... .......... .......... .......... .......... 71%  147M 0s
- 38200K .......... .......... .......... .......... .......... 71%  193M 0s
- 38250K .......... .......... .......... .......... .......... 71%  174M 0s
- 38300K .......... .......... .......... .......... .......... 71%  181M 0s
- 38350K .......... .......... .......... .......... .......... 71%  151M 0s
- 38400K .......... .......... .......... .......... .......... 71%  176M 0s
- 38450K .......... .......... .......... .......... .......... 72%  163M 0s
- 38500K .......... .......... .......... .......... .......... 72%  181M 0s
- 38550K .......... .......... .......... .......... .......... 72%  171M 0s
- 38600K .......... .......... .......... .......... .......... 72%  234M 0s
- 38650K .......... .......... .......... .......... .......... 72%  251M 0s
- 38700K .......... .......... .......... .......... .......... 72%  219M 0s
- 38750K .......... .......... .......... .......... .......... 72%  152M 0s
- 38800K .......... .......... .......... .......... .......... 72%  163M 0s
- 38850K .......... .......... .......... .......... .......... 72%  170M 0s
- 38900K .......... .......... .......... .......... .......... 72%  171M 0s
- 38950K .......... .......... .......... .......... .......... 73%  166M 0s
- 39000K .......... .......... .......... .......... .......... 73%  182M 0s
- 39050K .......... .......... .......... .......... .......... 73%  190M 0s
- 39100K .......... .......... .......... .......... .......... 73%  165M 0s
- 39150K .......... .......... .......... .......... .......... 73%  158M 0s
- 39200K .......... .......... .......... .......... .......... 73%  197M 0s
- 39250K .......... .......... .......... .......... .......... 73%  171M 0s
- 39300K .......... .......... .......... .......... .......... 73%  196M 0s
- 39350K .......... .......... .......... .......... .......... 73%  144M 0s
- 39400K .......... .......... .......... .......... .......... 73%  205M 0s
- 39450K .......... .......... .......... .......... .......... 73%  158M 0s
- 39500K .......... .......... .......... .......... .......... 74%  185M 0s
- 39550K .......... .......... .......... .......... .......... 74%  166M 0s
- 39600K .......... .......... .......... .......... .......... 74%  159M 0s
- 39650K .......... .......... .......... .......... .......... 74%  158M 0s
- 39700K .......... .......... .......... .......... .......... 74%  168M 0s
- 39750K .......... .......... .......... .......... .......... 74%  191M 0s
- 39800K .......... .......... .......... .......... .......... 74%  165M 0s
- 39850K .......... .......... .......... .......... .......... 74%  175M 0s
- 39900K .......... .......... .......... .......... .......... 74%  189M 0s
- 39950K .......... .......... .......... .......... .......... 74%  167M 0s
- 40000K .......... .......... .......... .......... .......... 74%  183M 0s
- 40050K .......... .......... .......... .......... .......... 75%  181M 0s
- 40100K .......... .......... .......... .......... .......... 75%  189M 0s
- 40150K .......... .......... .......... .......... .......... 75%  149M 0s
- 40200K .......... .......... .......... .......... .......... 75%  183M 0s
- 40250K .......... .......... .......... .......... .......... 75%  190M 0s
- 40300K .......... .......... .......... .......... .......... 75%  154M 0s
- 40350K .......... .......... .......... .......... .......... 75%  169M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  182M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  158M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  165M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  185M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  164M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  160M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  152M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  145M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  203M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  119M 0s
+ 36950K .......... .......... .......... .......... .......... 69%  156M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  196M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  174M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  145M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  149M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  193M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  175M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  186M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  155M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  156M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  180M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  167M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  135M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  187M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  184M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  179M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  156M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  196M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  169M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  190M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  148M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  212M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  161M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  186M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  161M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  167M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  185M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  156M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  144M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  192M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  229M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  248M 0s
+ 38550K .......... .......... .......... .......... .......... 72%  176M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  190M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  174M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  203M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  154M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  176M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  180M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  188M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  155M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  198M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  245M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  228M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  208M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  253M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  189M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  173M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  175M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  208M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  184M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  207M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  141M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  185M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  176M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  181M 0s
+ 39750K .......... .......... .......... .......... .......... 74%  165M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  181M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  184M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  179M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  155M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  172M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  190M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  132M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  150M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  162M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  161M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  166M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  153M 0s
  40400K .......... .......... .......... .......... .......... 75%  168M 0s
- 40450K .......... .......... .......... .......... .......... 75%  175M 0s
- 40500K .......... .......... .......... .......... .......... 75%  178M 0s
- 40550K .......... .......... .......... .......... .......... 76%  149M 0s
- 40600K .......... .......... .......... .......... .......... 76%  191M 0s
- 40650K .......... .......... .......... .......... .......... 76%  171M 0s
- 40700K .......... .......... .......... .......... .......... 76%  168M 0s
- 40750K .......... .......... .......... .......... .......... 76%  148M 0s
- 40800K .......... .......... .......... .......... .......... 76%  177M 0s
- 40850K .......... .......... .......... .......... .......... 76%  162M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  173M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  180M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  169M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  185M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  191M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  172M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  133M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  170M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  190M 0s
  40900K .......... .......... .......... .......... .......... 76%  175M 0s
- 40950K .......... .......... .......... .......... .......... 76%  166M 0s
- 41000K .......... .......... .......... .......... .......... 76%  152M 0s
- 41050K .......... .......... .......... .......... .......... 76%  174M 0s
- 41100K .......... .......... .......... .......... .......... 77%  187M 0s
- 41150K .......... .......... .......... .......... .......... 77%  169M 0s
- 41200K .......... .......... .......... .......... .......... 77%  239M 0s
- 41250K .......... .......... .......... .......... .......... 77%  237M 0s
- 41300K .......... .......... .......... .......... .......... 77%  220M 0s
- 41350K .......... .......... .......... .......... .......... 77%  196M 0s
- 41400K .......... .......... .......... .......... .......... 77%  215M 0s
- 41450K .......... .......... .......... .......... .......... 77%  246M 0s
- 41500K .......... .......... .......... .......... .......... 77%  215M 0s
- 41550K .......... .......... .......... .......... .......... 77%  189M 0s
- 41600K .......... .......... .......... .......... .......... 77%  176M 0s
- 41650K .......... .......... .......... .......... .......... 78%  187M 0s
- 41700K .......... .......... .......... .......... .......... 78%  169M 0s
- 41750K .......... .......... .......... .......... .......... 78%  172M 0s
- 41800K .......... .......... .......... .......... .......... 78%  178M 0s
- 41850K .......... .......... .......... .......... .......... 78%  182M 0s
- 41900K .......... .......... .......... .......... .......... 78%  179M 0s
- 41950K .......... .......... .......... .......... .......... 78%  134M 0s
- 42000K .......... .......... .......... .......... .......... 78%  161M 0s
- 42050K .......... .......... .......... .......... .......... 78%  173M 0s
- 42100K .......... .......... .......... .......... .......... 78%  174M 0s
- 42150K .......... .......... .......... .......... .......... 79%  156M 0s
- 42200K .......... .......... .......... .......... .......... 79%  169M 0s
- 42250K .......... .......... .......... .......... .......... 79%  157M 0s
- 42300K .......... .......... .......... .......... .......... 79%  196M 0s
- 42350K .......... .......... .......... .......... .......... 79%  191M 0s
- 42400K .......... .......... .......... .......... .......... 79%  175M 0s
- 42450K .......... .......... .......... .......... .......... 79%  167M 0s
- 42500K .......... .......... .......... .......... .......... 79%  181M 0s
- 42550K .......... .......... .......... .......... .......... 79%  240M 0s
- 42600K .......... .......... .......... .......... .......... 79%  188M 0s
- 42650K .......... .......... .......... .......... .......... 79%  158M 0s
- 42700K .......... .......... .......... .......... .......... 80%  180M 0s
- 42750K .......... .......... .......... .......... .......... 80%  187M 0s
- 42800K .......... .......... .......... .......... .......... 80%  191M 0s
- 42850K .......... .......... .......... .......... .......... 80%  142M 0s
- 42900K .......... .......... .......... .......... .......... 80%  175M 0s
- 42950K .......... .......... .......... .......... .......... 80%  172M 0s
- 43000K .......... .......... .......... .......... .......... 80%  167M 0s
- 43050K .......... .......... .......... .......... .......... 80%  141M 0s
- 43100K .......... .......... .......... .......... .......... 80%  159M 0s
- 43150K .......... .......... .......... .......... .......... 80%  172M 0s
- 43200K .......... .......... .......... .......... .......... 80%  162M 0s
- 43250K .......... .......... .......... .......... .......... 81%  181M 0s
- 43300K .......... .......... .......... .......... .......... 81%  172M 0s
- 43350K .......... .......... .......... .......... .......... 81%  182M 0s
- 43400K .......... .......... .......... .......... .......... 81%  178M 0s
- 43450K .......... .......... .......... .......... .......... 81%  150M 0s
- 43500K .......... .......... .......... .......... .......... 81%  197M 0s
- 43550K .......... .......... .......... .......... .......... 81%  157M 0s
- 43600K .......... .......... .......... .......... .......... 81%  177M 0s
- 43650K .......... .......... .......... .......... .......... 81%  190M 0s
- 43700K .......... .......... .......... .......... .......... 81%  187M 0s
- 43750K .......... .......... .......... .......... .......... 82%  159M 0s
- 43800K .......... .......... .......... .......... .......... 82%  193M 0s
- 43850K .......... .......... .......... .......... .......... 82%  178M 0s
- 43900K .......... .......... .......... .......... .......... 82%  190M 0s
- 43950K .......... .......... .......... .......... .......... 82%  159M 0s
- 44000K .......... .......... .......... .......... .......... 82%  155M 0s
- 44050K .......... .......... .......... .......... .......... 82%  174M 0s
- 44100K .......... .......... .......... .......... .......... 82%  178M 0s
- 44150K .......... .......... .......... .......... .......... 82%  158M 0s
- 44200K .......... .......... .......... .......... .......... 82%  201M 0s
- 44250K .......... .......... .......... .......... .......... 82%  264M 0s
- 44300K .......... .......... .......... .......... .......... 83%  171M 0s
- 44350K .......... .......... .......... .......... .......... 83%  181M 0s
- 44400K .......... .......... .......... .......... .......... 83%  194M 0s
- 44450K .......... .......... .......... .......... .......... 83%  182M 0s
- 44500K .......... .......... .......... .......... .......... 83%  182M 0s
- 44550K .......... .......... .......... .......... .......... 83%  151M 0s
- 44600K .......... .......... .......... .......... .......... 83%  194M 0s
- 44650K .......... .......... .......... .......... .......... 83%  166M 0s
- 44700K .......... .......... .......... .......... .......... 83%  166M 0s
- 44750K .......... .......... .......... .......... .......... 83%  155M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  182M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  164M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  190M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  175M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  171M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  141M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  179M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  172M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  209M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  185M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  259M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  212M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  188M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  177M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  193M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  155M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  168M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  181M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  174M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  158M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  174M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  207M 0s
+ 42050K .......... .......... .......... .......... .......... 78%  230M 0s
+ 42100K .......... .......... .......... .......... .......... 78%  212M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  233M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  251M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  252M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  188M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  205M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  176M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  176M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  201M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  165M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  202M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  159M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  146M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  181M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  192M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  169M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  159M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  190M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  159M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  154M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  144M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  158M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  160M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  183M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  158M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  181M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  194M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  188M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  150M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  193M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  164M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  153M 0s
+ 43700K .......... .......... .......... .......... .......... 81%  164M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  169M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  171M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  160M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  147M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  210M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  175M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  177M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  150M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  184M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  189M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  165M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  137M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  194M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  238M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  232M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  194M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  186M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  177M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  168M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  145M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  164M 0s
  44800K .......... .......... .......... .......... .......... 83%  182M 0s
- 44850K .......... .......... .......... .......... .......... 84%  186M 0s
- 44900K .......... .......... .......... .......... .......... 84%  183M 0s
- 44950K .......... .......... .......... .......... .......... 84%  162M 0s
- 45000K .......... .......... .......... .......... .......... 84%  159M 0s
- 45050K .......... .......... .......... .......... .......... 84%  163M 0s
- 45100K .......... .......... .......... .......... .......... 84%  213M 0s
- 45150K .......... .......... .......... .......... .......... 84%  211M 0s
- 45200K .......... .......... .......... .......... .......... 84%  217M 0s
- 45250K .......... .......... .......... .......... .......... 84%  219M 0s
- 45300K .......... .......... .......... .......... .......... 84%  205M 0s
- 45350K .......... .......... .......... .......... .......... 85%  228M 0s
- 45400K .......... .......... .......... .......... .......... 85%  259M 0s
- 45450K .......... .......... .......... .......... .......... 85%  246M 0s
- 45500K .......... .......... .......... .......... .......... 85%  205M 0s
- 45550K .......... .......... .......... .......... .......... 85%  152M 0s
- 45600K .......... .......... .......... .......... .......... 85%  166M 0s
- 45650K .......... .......... .......... .......... .......... 85%  180M 0s
- 45700K .......... .......... .......... .......... .......... 85%  173M 0s
- 45750K .......... .......... .......... .......... .......... 85%  167M 0s
- 45800K .......... .......... .......... .......... .......... 85%  171M 0s
- 45850K .......... .......... .......... .......... .......... 85%  180M 0s
- 45900K .......... .......... .......... .......... .......... 86%  185M 0s
- 45950K .......... .......... .......... .......... .......... 86%  159M 0s
- 46000K .......... .......... .......... .......... .......... 86%  170M 0s
- 46050K .......... .......... .......... .......... .......... 86%  162M 0s
- 46100K .......... .......... .......... .......... .......... 86%  201M 0s
- 46150K .......... .......... .......... .......... .......... 86%  161M 0s
- 46200K .......... .......... .......... .......... .......... 86%  195M 0s
- 46250K .......... .......... .......... .......... .......... 86%  175M 0s
- 46300K .......... .......... .......... .......... .......... 86%  172M 0s
- 46350K .......... .......... .......... .......... .......... 86%  140M 0s
- 46400K .......... .......... .......... .......... .......... 86%  175M 0s
- 46450K .......... .......... .......... .......... .......... 87%  188M 0s
- 46500K .......... .......... .......... .......... .......... 87%  182M 0s
- 46550K .......... .......... .......... .......... .......... 87%  180M 0s
- 46600K .......... .......... .......... .......... .......... 87%  190M 0s
- 46650K .......... .......... .......... .......... .......... 87%  157M 0s
- 46700K .......... .......... .......... .......... .......... 87%  164M 0s
- 46750K .......... .......... .......... .......... .......... 87%  171M 0s
- 46800K .......... .......... .......... .......... .......... 87%  190M 0s
- 46850K .......... .......... .......... .......... .......... 87%  150M 0s
- 46900K .......... .......... .......... .......... .......... 87%  173M 0s
- 46950K .......... .......... .......... .......... .......... 88%  173M 0s
- 47000K .......... .......... .......... .......... .......... 88%  183M 0s
- 47050K .......... .......... .......... .......... .......... 88%  152M 0s
- 47100K .......... .......... .......... .......... .......... 88%  179M 0s
- 47150K .......... .......... .......... .......... .......... 88%  234M 0s
- 47200K .......... .......... .......... .......... .......... 88%  241M 0s
- 47250K .......... .......... .......... .......... .......... 88%  201M 0s
- 47300K .......... .......... .......... .......... .......... 88%  169M 0s
- 47350K .......... .......... .......... .......... .......... 88%  195M 0s
- 47400K .......... .......... .......... .......... .......... 88%  174M 0s
- 47450K .......... .......... .......... .......... .......... 88%  164M 0s
- 47500K .......... .......... .......... .......... .......... 89%  178M 0s
- 47550K .......... .......... .......... .......... .......... 89%  180M 0s
- 47600K .......... .......... .......... .......... .......... 89%  168M 0s
- 47650K .......... .......... .......... .......... .......... 89%  152M 0s
- 47700K .......... .......... .......... .......... .......... 89%  196M 0s
- 47750K .......... .......... .......... .......... .......... 89%  192M 0s
- 47800K .......... .......... .......... .......... .......... 89%  165M 0s
- 47850K .......... .......... .......... .......... .......... 89%  149M 0s
- 47900K .......... .......... .......... .......... .......... 89%  181M 0s
- 47950K .......... .......... .......... .......... .......... 89%  169M 0s
- 48000K .......... .......... .......... .......... .......... 89%  176M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  171M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  149M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  154M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  158M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  168M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  135M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  171M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  183M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  180M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  169M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  167M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  188M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  222M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  149M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  189M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  167M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  117M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  165M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  183M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  189M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  186M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  155M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  239M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  250M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  218M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  225M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  242M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  221M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  236M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  145M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  175M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  179M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  181M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  157M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  184M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  182M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  171M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  160M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  178M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  167M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  180M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  154M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  160M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  168M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  173M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  176M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  233M 0s
+ 47200K .......... .......... .......... .......... .......... 88%  240M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  194M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  179M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  175M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  178M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  182M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  157M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  177M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  176M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  181M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  152M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  188M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  173M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  175M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  148M 0s
+ 47950K .......... .......... .......... .......... .......... 89%  161M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  162M 0s
  48050K .......... .......... .......... .......... .......... 90%  164M 0s
- 48100K .......... .......... .......... .......... .......... 90%  175M 0s
- 48150K .......... .......... .......... .......... .......... 90%  190M 0s
- 48200K .......... .......... .......... .......... .......... 90%  164M 0s
- 48250K .......... .......... .......... .......... .......... 90%  181M 0s
- 48300K .......... .......... .......... .......... .......... 90%  178M 0s
- 48350K .......... .......... .......... .......... .......... 90%  164M 0s
- 48400K .......... .......... .......... .......... .......... 90%  228M 0s
- 48450K .......... .......... .......... .......... .......... 90%  176M 0s
- 48500K .......... .......... .......... .......... .......... 90%  182M 0s
- 48550K .......... .......... .......... .......... .......... 91%  145M 0s
- 48600K .......... .......... .......... .......... .......... 91%  195M 0s
- 48650K .......... .......... .......... .......... .......... 91%  164M 0s
- 48700K .......... .......... .......... .......... .......... 91%  166M 0s
- 48750K .......... .......... .......... .......... .......... 91%  145M 0s
- 48800K .......... .......... .......... .......... .......... 91%  174M 0s
- 48850K .......... .......... .......... .......... .......... 91%  163M 0s
- 48900K .......... .......... .......... .......... .......... 91%  176M 0s
- 48950K .......... .......... .......... .......... .......... 91%  162M 0s
- 49000K .......... .......... .......... .......... .......... 91%  198M 0s
- 49050K .......... .......... .......... .......... .......... 91%  182M 0s
- 49100K .......... .......... .......... .......... .......... 92%  183M 0s
- 49150K .......... .......... .......... .......... .......... 92%  168M 0s
- 49200K .......... .......... .......... .......... .......... 92%  163M 0s
- 49250K .......... .......... .......... .......... .......... 92%  172M 0s
- 49300K .......... .......... .......... .......... .......... 92%  190M 0s
- 49350K .......... .......... .......... .......... .......... 92%  159M 0s
- 49400K .......... .......... .......... .......... .......... 92%  198M 0s
- 49450K .......... .......... .......... .......... .......... 92%  186M 0s
- 49500K .......... .......... .......... .......... .......... 92%  251M 0s
- 49550K .......... .......... .......... .......... .......... 92%  214M 0s
- 49600K .......... .......... .......... .......... .......... 92%  248M 0s
- 49650K .......... .......... .......... .......... .......... 93%  238M 0s
- 49700K .......... .......... .......... .......... .......... 93%  262M 0s
- 49750K .......... .......... .......... .......... .......... 93%  236M 0s
- 49800K .......... .......... .......... .......... .......... 93%  265M 0s
- 49850K .......... .......... .......... .......... .......... 93%  258M 0s
- 49900K .......... .......... .......... .......... .......... 93%  239M 0s
- 49950K .......... .......... .......... .......... .......... 93%  202M 0s
- 50000K .......... .......... .......... .......... .......... 93%  212M 0s
- 50050K .......... .......... .......... .......... .......... 93%  150M 0s
- 50100K .......... .......... .......... .......... .......... 93%  183M 0s
- 50150K .......... .......... .......... .......... .......... 94%  169M 0s
- 50200K .......... .......... .......... .......... .......... 94%  182M 0s
- 50250K .......... .......... .......... .......... .......... 94%  189M 0s
- 50300K .......... .......... .......... .......... .......... 94%  187M 0s
- 50350K .......... .......... .......... .......... .......... 94%  160M 0s
- 50400K .......... .......... .......... .......... .......... 94%  180M 0s
- 50450K .......... .......... .......... .......... .......... 94%  176M 0s
- 50500K .......... .......... .......... .......... .......... 94%  172M 0s
- 50550K .......... .......... .......... .......... .......... 94%  141M 0s
- 50600K .......... .......... .......... .......... .......... 94%  177M 0s
- 50650K .......... .......... .......... .......... .......... 94%  186M 0s
- 50700K .......... .......... .......... .......... .......... 95%  210M 0s
- 50750K .......... .......... .......... .......... .......... 95%  148M 0s
- 50800K .......... .......... .......... .......... .......... 95%  183M 0s
- 50850K .......... .......... .......... .......... .......... 95%  183M 0s
- 50900K .......... .......... .......... .......... .......... 95%  193M 0s
- 50950K .......... .......... .......... .......... .......... 95%  166M 0s
- 51000K .......... .......... .......... .......... .......... 95%  197M 0s
- 51050K .......... .......... .......... .......... .......... 95%  221M 0s
- 51100K .......... .......... .......... .......... .......... 95%  183M 0s
- 51150K .......... .......... .......... .......... .......... 95%  141M 0s
- 51200K .......... .......... .......... .......... .......... 95%  165M 0s
- 51250K .......... .......... .......... .......... .......... 96%  194M 0s
- 51300K .......... .......... .......... .......... .......... 96%  180M 0s
- 51350K .......... .......... .......... .......... .......... 96%  167M 0s
- 51400K .......... .......... .......... .......... .......... 96%  189M 0s
- 51450K .......... .......... .......... .......... .......... 96%  187M 0s
- 51500K .......... .......... .......... .......... .......... 96%  185M 0s
- 51550K .......... .......... .......... .......... .......... 96%  131M 0s
- 51600K .......... .......... .......... .......... .......... 96%  181M 0s
- 51650K .......... .......... .......... .......... .......... 96%  164M 0s
- 51700K .......... .......... .......... .......... .......... 96%  158M 0s
- 51750K .......... .......... .......... .......... .......... 96%  171M 0s
- 51800K .......... .......... .......... .......... .......... 97%  184M 0s
- 51850K .......... .......... .......... .......... .......... 97%  176M 0s
- 51900K .......... .......... .......... .......... .......... 97%  189M 0s
- 51950K .......... .......... .......... .......... .......... 97%  148M 0s
- 52000K .......... .......... .......... .......... .......... 97%  167M 0s
- 52050K .......... .......... .......... .......... .......... 97%  162M 0s
- 52100K .......... .......... .......... .......... .......... 97%  163M 0s
- 52150K .......... .......... .......... .......... .......... 97% 89.6M 0s
- 52200K .......... .......... .......... .......... .......... 97%  106M 0s
- 52250K .......... .......... .......... .......... .......... 97%  188M 0s
- 52300K .......... .......... .......... .......... .......... 98%  164M 0s
- 52350K .......... .......... .......... .......... .......... 98%  153M 0s
- 52400K .......... .......... .......... .......... .......... 98%  182M 0s
- 52450K .......... .......... .......... .......... .......... 98%  192M 0s
- 52500K .......... .......... .......... .......... .......... 98%  162M 0s
- 52550K .......... .......... .......... .......... .......... 98%  154M 0s
- 52600K .......... .......... .......... .......... .......... 98%  193M 0s
- 52650K .......... .......... .......... .......... .......... 98%  186M 0s
- 52700K .......... .......... .......... .......... .......... 98%  233M 0s
- 52750K .......... .......... .......... .......... .......... 98%  206M 0s
- 52800K .......... .......... .......... .......... .......... 98%  193M 0s
- 52850K .......... .......... .......... .......... .......... 99%  177M 0s
- 52900K .......... .......... .......... .......... .......... 99%  174M 0s
- 52950K .......... .......... .......... .......... .......... 99%  160M 0s
- 53000K .......... .......... .......... .......... .......... 99%  169M 0s
- 53050K .......... .......... .......... .......... .......... 99%  154M 0s
- 53100K .......... .......... .......... .......... .......... 99%  172M 0s
- 53150K .......... .......... .......... .......... .......... 99%  139M 0s
- 53200K .......... .......... .......... .......... .......... 99%  166M 0s
- 53250K .......... .......... .......... .......... .......... 99%  187M 0s
- 53300K .......... .......... .......... .......... .......... 99%  179M 0s
- 53350K .......... .......... .......... .......... .......... 99%  153M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  172M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  181M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  185M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  172M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  150M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  165M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  164M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  185M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  159M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  193M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  180M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  188M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  168M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  167M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  164M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  165M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  146M 0s
+ 48950K .......... .......... .......... .......... .......... 91%  161M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  168M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  156M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  151M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  194M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  181M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  191M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  155M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  193M 0s
+ 49400K .......... .......... .......... .......... .......... 92%  175M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  170M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  151M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  180M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  174M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  182M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  159M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  179M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  166M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  168M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  143M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  178M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  165M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  167M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  181M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  224M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  225M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  227M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  146M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  171M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  182M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  186M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  149M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  182M 0s
+ 50600K .......... .......... .......... .......... .......... 94%  219M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  239M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  193M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  247M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  254M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  257M 0s
+ 50900K .......... .......... .......... .......... .......... 95%  219M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  222M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  182M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  187M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  179M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  189M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  158M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  167M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  192M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  147M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  168M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  154M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  174M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  151M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  183M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  174M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  186M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  170M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  181M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  164M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  163M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  131M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  172M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  182M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  168M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  157M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  145M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  168M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  170M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  139M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  174M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  162M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  170M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  167M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  182M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  193M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  206M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  210M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  258M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  172M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  154M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  149M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  160M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  170M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  186M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  140M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  170M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  167M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  187M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  145M 0s
  53400K ...                                                   100% 6.31T=0.5s
 
-2024-11-06 09:47:04 (112 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.3’ saved [54685068/54685068]
+2024-11-11 09:58:12 (114 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.3’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -18587,8 +18713,8 @@ six                                                                          1.1
 subscription-manager                                                         1.29.40                                   python     
 systemd-python                                                               234                                       python     
 urllib3                                                                      1.26.5                                    python     
-+/tmp/grype
 +docker sbom --format spdx-json registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/grype
 +tee /tmp/cve-base.txt
 NAME        INSTALLED  FIXED-IN  TYPE    VULNERABILITY        SEVERITY 
 idna        2.10       3.7       python  GHSA-jjg7-2v4v-x38h  Medium    
@@ -18608,74 +18734,74 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-2c2d764c30e5: Mounted from noirolabs/cnideploy
-c6ce05a09977: Mounted from noirolabs/cnideploy
+d242d05d20ef: Mounted from noirolabs/cnideploy
 797935172f32: Layer already exists
-611522ffcc45: Pushed
-7c7c26581ea5: Pushed
-6d3a021a5cd6: Pushed
-6.0.4.4.81c2369: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+1a6b532927e3: Mounted from noirolabs/cnideploy
+dc86bf9d2ef5: Pushed
+7c54dd988557: Pushed
+4cebad533e35: Pushed
+6.0.4.4.81c2369: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-611522ffcc45: Layer already exists
-6d3a021a5cd6: Layer already exists
-2c2d764c30e5: Layer already exists
-7c7c26581ea5: Layer already exists
+7c54dd988557: Layer already exists
+4cebad533e35: Layer already exists
+1a6b532927e3: Layer already exists
+dc86bf9d2ef5: Layer already exists
 797935172f32: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+d242d05d20ef: Layer already exists
+6.0.4.4.81c2369: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-2c2d764c30e5: Layer already exists
-6d3a021a5cd6: Layer already exists
+d242d05d20ef: Layer already exists
+1a6b532927e3: Layer already exists
+dc86bf9d2ef5: Layer already exists
 797935172f32: Layer already exists
-7c7c26581ea5: Layer already exists
-c6ce05a09977: Layer already exists
-611522ffcc45: Layer already exists
-6.0.4.4.81c2369.110624.10022: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+4cebad533e35: Layer already exists
+7c54dd988557: Layer already exists
+6.0.4.4.81c2369.111124.10031: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-6d3a021a5cd6: Layer already exists
-7c7c26581ea5: Layer already exists
-2c2d764c30e5: Layer already exists
-611522ffcc45: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+1a6b532927e3: Layer already exists
+7c54dd988557: Layer already exists
+dc86bf9d2ef5: Layer already exists
+4cebad533e35: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +docker login -u=[secure] -p=[secure] quay.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -18683,40 +18809,40 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-c6ce05a09977: Mounted from noiro/cnideploy
-6d3a021a5cd6: Mounted from noirolabs/aci-containers-operator
-611522ffcc45: Mounted from noirolabs/aci-containers-operator
-2c2d764c30e5: Mounted from noiro/cnideploy
+dc86bf9d2ef5: Mounted from noirolabs/aci-containers-operator
+7c54dd988557: Mounted from noirolabs/aci-containers-operator
 797935172f32: Layer already exists
-7c7c26581ea5: Mounted from noirolabs/aci-containers-operator
-6.0.4.4.81c2369.110624.10022: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+1a6b532927e3: Mounted from noiro/cnideploy
+d242d05d20ef: Mounted from noiro/cnideploy
+4cebad533e35: Mounted from noirolabs/aci-containers-operator
+6.0.4.4.81c2369.111124.10031: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-6d3a021a5cd6: Layer already exists
-611522ffcc45: Layer already exists
-7c7c26581ea5: Layer already exists
-2c2d764c30e5: Layer already exists
-c6ce05a09977: Layer already exists
+4cebad533e35: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+1a6b532927e3: Layer already exists
+dc86bf9d2ef5: Layer already exists
+7c54dd988557: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -18724,43 +18850,43 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-2c2d764c30e5: Mounted from noiro/cnideploy
-c6ce05a09977: Mounted from noiro/cnideploy
+1a6b532927e3: Mounted from noiro/cnideploy
+d242d05d20ef: Mounted from noiro/cnideploy
 797935172f32: Layer already exists
-7c7c26581ea5: Pushed
-611522ffcc45: Pushed
-6d3a021a5cd6: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+7c54dd988557: Pushed
+dc86bf9d2ef5: Pushed
+4cebad533e35: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 +docker tag quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369 docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/aci-containers-operator]
-7c7c26581ea5: Preparing
-c6ce05a09977: Preparing
-611522ffcc45: Preparing
-6d3a021a5cd6: Preparing
-2c2d764c30e5: Preparing
+7c54dd988557: Preparing
+1a6b532927e3: Preparing
+dc86bf9d2ef5: Preparing
+4cebad533e35: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Waiting
-6d3a021a5cd6: Layer already exists
-2c2d764c30e5: Layer already exists
-611522ffcc45: Layer already exists
-c6ce05a09977: Layer already exists
-7c7c26581ea5: Layer already exists
+d242d05d20ef: Layer already exists
+7c54dd988557: Layer already exists
+dc86bf9d2ef5: Layer already exists
+1a6b532927e3: Layer already exists
+4cebad533e35: Layer already exists
 797935172f32: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080 size: 1584
+6.0.4.4.81c2369.z: digest: sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89 size: 1584
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-operator 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417 registry.access.redhat.com/ubi9/ubi:9.3
++IMAGE_SHA=sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-operator 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -18768,9 +18894,9 @@ c6ce05a09977: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -18788,8 +18914,8 @@ c6ce05a09977: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=aci-containers-operator
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -18808,43 +18934,81 @@ fatal: destination path 'cicd-status' already exists and is not an empty directo
 +add_artifacts
 +cd /tmp/cicd-status
 +git pull --rebase origin main
-error: cannot pull with rebase: You have unstaged changes.
-error: Please commit or stash them.
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-operator
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1129k  100 1129k    0     0  5828k      0 --:--:-- --:--:-- --:--:-- 5853k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1139k  100 1139k    0     0  6672k      0 --:--:-- --:--:-- --:--:-- 6662k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
-Untagged: noiro/aci-containers-operator:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128
+Untagged: noiro/aci-containers-operator:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/aci-containers-operator:6.0.4.4.81c2369.z
-Untagged: noiro/aci-containers-operator@sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080
-Untagged: quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/aci-containers-operator@sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89
+Untagged: quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/aci-containers-operator@sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080
+Untagged: quay.io/noiro/aci-containers-operator@sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89
 Untagged: quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/aci-containers-operator:6.0.4.4.81c2369.z
-Untagged: quay.io/noirolabs/aci-containers-operator@sha256:75743bad7a14db37e8ce0019765999d0c7bd4ffb4b26e1a0b647cef921030080
-Deleted: sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
-+python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-operator 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
+Untagged: quay.io/noirolabs/aci-containers-operator@sha256:5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89
+Deleted: sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128
++python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-operator 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
-2024-11-06T09:48:44.890Z	[34mINFO[0m	Need to update DB
-2024-11-06T09:48:44.890Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
-2024-11-06T09:48:44.890Z	[34mINFO[0m	Downloading DB...
-2024-11-06T09:48:45.028Z	[31mFATAL[0m	init error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:
-	* GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 673.741µs, allowed: 44000/minute
+2024-11-11T09:59:48.609Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T09:59:48.609Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T09:59:48.609Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T09:59:48.609Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T10:00:00.241Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T10:00:00.241Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T10:00:00.484Z	[34mINFO[0m	Number of language-specific files: 1
+2024-11-11T10:00:00.484Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
++git_add_commit_push
++cd /tmp/cicd-status
++git config --local user.email test@cisco.com
++git config --local user.name travis-tagger
++git stash
+Saved working directory and index state WIP on main: fb304fb2 6.0.4.4.z-cnideploy-10031-2024-11-11_09:58:05
++git pull --rebase origin main
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
++git stash pop
+On branch main
+Your branch is up to date with 'origin/main'.
 
+Changes not staged for commit:
+  (use "git add <file>..." to update what will be committed)
+  (use "git restore <file>..." to discard changes in working directory)
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-cve.txt
+	modified:   docs/release_artifacts/releases.yaml
 
+no changes added to commit (use "git add" and/or "git commit -a")
+Dropped refs/stash@{0} (bf93b4d01f0e451b330b5fd1c4ece188604ba45b)
++git add .
++[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
+++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
++DOCKER_REPO_DIGEST_SHA=5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89
+++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/aci-containers-operator:6.0.4.4.81c2369.z
++QUAY_REPO_DIGEST_SHA=5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89
+++date +%F_%H:%M:%S
++git commit -a -m 6.0.4.4.z-aci-containers-operator-10031-2024-11-11_10:00:01 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:ab7cabebc916f78279c484c2f4d0bb57fc487f826c9a300b74a05c1aff67d128' -m 'DockerSha: 5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89' -m 'QuaySha: 5b1d96c53cad0c92a00e42703ad68a293f94c5f805980d394f806182e7cfdb89'
+[main 0a008ebb] 6.0.4.4.z-aci-containers-operator-10031-2024-11-11_10:00:01
+ 3 files changed, 10309 insertions(+), 9478 deletions(-)
++git push origin main
+To https://github.com/noironetworks/cicd-status.git
+   fb304fb2..0a008ebb  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ openvswitch != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs openvswitch 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi-minimal:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs openvswitch 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi-minimal:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -18852,9 +19016,9 @@ Deleted: sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -18869,9 +19033,9 @@ Deleted: sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=openvswitch
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/openvswitch:6.0.4.4.81c2369
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 +sh -s -- -b /tmp
@@ -18886,9 +19050,9 @@ Deleted: sha256:79675933efd3b4f44ad8237142f5242dcdf5bc204dab6d631873a882d82bc417
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:48:50--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
-Resolving github.com (github.com)... 140.82.112.3
-Connecting to github.com (github.com)|140.82.112.3|:443... connected.
+--2024-11-11 10:00:08--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+Resolving github.com (github.com)... 140.82.113.4
+Connecting to github.com (github.com)|140.82.113.4|:443... connected.
 HTTP request sent, awaiting response... 302 Found
 Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
 Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
@@ -18896,1077 +19060,1077 @@ HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.4’
 
-     0K .......... .......... .......... .......... ..........  0% 3.65M 14s
-    50K .......... .......... .......... .......... ..........  0% 3.73M 14s
-   100K .......... .......... .......... .......... ..........  0% 13.5M 11s
-   150K .......... .......... .......... .......... ..........  0% 17.3M 9s
-   200K .......... .......... .......... .......... ..........  0% 7.04M 8s
-   250K .......... .......... .......... .......... ..........  0% 20.1M 7s
-   300K .......... .......... .......... .......... ..........  0% 34.1M 7s
-   350K .......... .......... .......... .......... ..........  0% 27.3M 6s
-   400K .......... .......... .......... .......... ..........  0% 43.9M 5s
-   450K .......... .......... .......... .......... ..........  0% 7.50M 6s
-   500K .......... .......... .......... .......... ..........  1% 55.0M 5s
-   550K .......... .......... .......... .......... ..........  1% 41.7M 5s
-   600K .......... .......... .......... .......... ..........  1% 64.8M 5s
-   650K .......... .......... .......... .......... ..........  1% 61.0M 4s
-   700K .......... .......... .......... .......... ..........  1% 42.1M 4s
-   750K .......... .......... .......... .......... ..........  1% 45.5M 4s
-   800K .......... .......... .......... .......... ..........  1%  140M 4s
+     0K .......... .......... .......... .......... ..........  0% 4.36M 12s
+    50K .......... .......... .......... .......... ..........  0% 4.63M 12s
+   100K .......... .......... .......... .......... ..........  0% 20.8M 9s
+   150K .......... .......... .......... .......... ..........  0% 23.5M 7s
+   200K .......... .......... .......... .......... ..........  0% 7.91M 7s
+   250K .......... .......... .......... .......... ..........  0% 30.9M 6s
+   300K .......... .......... .......... .......... ..........  0% 53.3M 5s
+   350K .......... .......... .......... .......... ..........  0% 29.9M 5s
+   400K .......... .......... .......... .......... ..........  0% 39.0M 4s
+   450K .......... .......... .......... .......... ..........  0% 8.21M 5s
+   500K .......... .......... .......... .......... ..........  1%  140M 4s
+   550K .......... .......... .......... .......... ..........  1% 45.5M 4s
+   600K .......... .......... .......... .......... ..........  1% 59.5M 4s
+   650K .......... .......... .......... .......... ..........  1%  149M 3s
+   700K .......... .......... .......... .......... ..........  1%  252M 3s
+   750K .......... .......... .......... .......... ..........  1% 48.0M 3s
+   800K .......... .......... .......... .......... ..........  1% 53.8M 3s
    850K .......... .......... .......... .......... ..........  1%  230M 3s
-   900K .......... .......... .......... .......... ..........  1% 49.9M 3s
-   950K .......... .......... .......... .......... ..........  1% 8.03M 3s
-  1000K .......... .......... .......... .......... ..........  1%  184M 3s
-  1050K .......... .......... .......... .......... ..........  2% 62.1M 3s
-  1100K .......... .......... .......... .......... ..........  2% 68.0M 3s
-  1150K .......... .......... .......... .......... ..........  2%  246M 3s
-  1200K .......... .......... .......... .......... ..........  2%  129M 3s
-  1250K .......... .......... .......... .......... ..........  2% 95.3M 3s
-  1300K .......... .......... .......... .......... ..........  2% 57.7M 3s
-  1350K .......... .......... .......... .......... ..........  2%  107M 3s
-  1400K .......... .......... .......... .......... ..........  2%  234M 3s
-  1450K .......... .......... .......... .......... ..........  2% 73.1M 2s
-  1500K .......... .......... .......... .......... ..........  2% 50.3M 2s
-  1550K .......... .......... .......... .......... ..........  2% 67.5M 2s
-  1600K .......... .......... .......... .......... ..........  3%  213M 2s
-  1650K .......... .......... .......... .......... ..........  3%  246M 2s
-  1700K .......... .......... .......... .......... ..........  3%  158M 2s
-  1750K .......... .......... .......... .......... ..........  3% 33.1M 2s
-  1800K .......... .......... .......... .......... ..........  3% 53.9M 2s
-  1850K .......... .......... .......... .......... ..........  3%  226M 2s
-  1900K .......... .......... .......... .......... ..........  3%  203M 2s
-  1950K .......... .......... .......... .......... ..........  3% 15.3M 2s
-  2000K .......... .......... .......... .......... ..........  3%  235M 2s
-  2050K .......... .......... .......... .......... ..........  3%  249M 2s
-  2100K .......... .......... .......... .......... ..........  4%  223M 2s
-  2150K .......... .......... .......... .......... ..........  4%  234M 2s
-  2200K .......... .......... .......... .......... ..........  4% 39.7M 2s
-  2250K .......... .......... .......... .......... ..........  4% 29.4M 2s
-  2300K .......... .......... .......... .......... ..........  4%  176M 2s
-  2350K .......... .......... .......... .......... ..........  4%  233M 2s
-  2400K .......... .......... .......... .......... ..........  4%  119M 2s
-  2450K .......... .......... .......... .......... ..........  4%  227M 2s
-  2500K .......... .......... .......... .......... ..........  4%  210M 2s
-  2550K .......... .......... .......... .......... ..........  4%  220M 2s
-  2600K .......... .......... .......... .......... ..........  4%  248M 2s
-  2650K .......... .......... .......... .......... ..........  5%  238M 2s
-  2700K .......... .......... .......... .......... ..........  5% 39.4M 2s
-  2750K .......... .......... .......... .......... ..........  5%  102M 2s
-  2800K .......... .......... .......... .......... ..........  5% 50.5M 2s
-  2850K .......... .......... .......... .......... ..........  5% 45.1M 2s
-  2900K .......... .......... .......... .......... ..........  5% 42.7M 2s
-  2950K .......... .......... .......... .......... ..........  5% 44.2M 2s
-  3000K .......... .......... .......... .......... ..........  5%  151M 2s
-  3050K .......... .......... .......... .......... ..........  5% 38.5M 2s
-  3100K .......... .......... .......... .......... ..........  5%  157M 1s
-  3150K .......... .......... .......... .......... ..........  5% 58.5M 1s
-  3200K .......... .......... .......... .......... ..........  6% 64.7M 1s
-  3250K .......... .......... .......... .......... ..........  6%  114M 1s
-  3300K .......... .......... .......... .......... ..........  6%  219M 1s
-  3350K .......... .......... .......... .......... ..........  6%  219M 1s
-  3400K .......... .......... .......... .......... ..........  6%  211M 1s
-  3450K .......... .......... .......... .......... ..........  6%  245M 1s
-  3500K .......... .......... .......... .......... ..........  6%  220M 1s
-  3550K .......... .......... .......... .......... ..........  6%  185M 1s
-  3600K .......... .......... .......... .......... ..........  6% 34.3M 1s
-  3650K .......... .......... .......... .......... ..........  6% 35.3M 1s
-  3700K .......... .......... .......... .......... ..........  7% 69.1M 1s
-  3750K .......... .......... .......... .......... ..........  7%  233M 1s
-  3800K .......... .......... .......... .......... ..........  7% 78.8M 1s
-  3850K .......... .......... .......... .......... ..........  7% 74.9M 1s
-  3900K .......... .......... .......... .......... ..........  7%  208M 1s
-  3950K .......... .......... .......... .......... ..........  7% 30.3M 1s
-  4000K .......... .......... .......... .......... ..........  7% 72.8M 1s
+   900K .......... .......... .......... .......... ..........  1%  108M 3s
+   950K .......... .......... .......... .......... ..........  1% 52.1M 3s
+  1000K .......... .......... .......... .......... ..........  1% 15.1M 3s
+  1050K .......... .......... .......... .......... ..........  2% 30.9M 3s
+  1100K .......... .......... .......... .......... ..........  2% 74.7M 3s
+  1150K .......... .......... .......... .......... ..........  2% 54.9M 2s
+  1200K .......... .......... .......... .......... ..........  2%  156M 2s
+  1250K .......... .......... .......... .......... ..........  2%  227M 2s
+  1300K .......... .......... .......... .......... ..........  2%  251M 2s
+  1350K .......... .......... .......... .......... ..........  2%  189M 2s
+  1400K .......... .......... .......... .......... ..........  2%  251M 2s
+  1450K .......... .......... .......... .......... ..........  2%  253M 2s
+  1500K .......... .......... .......... .......... ..........  2% 75.5M 2s
+  1550K .......... .......... .......... .......... ..........  2% 43.4M 2s
+  1600K .......... .......... .......... .......... ..........  3% 74.5M 2s
+  1650K .......... .......... .......... .......... ..........  3%  243M 2s
+  1700K .......... .......... .......... .......... ..........  3%  250M 2s
+  1750K .......... .......... .......... .......... ..........  3%  217M 2s
+  1800K .......... .......... .......... .......... ..........  3%  106M 2s
+  1850K .......... .......... .......... .......... ..........  3%  250M 2s
+  1900K .......... .......... .......... .......... ..........  3%  182M 2s
+  1950K .......... .......... .......... .......... ..........  3%  187M 2s
+  2000K .......... .......... .......... .......... ..........  3% 15.9M 2s
+  2050K .......... .......... .......... .......... ..........  3%  227M 2s
+  2100K .......... .......... .......... .......... ..........  4%  241M 2s
+  2150K .......... .......... .......... .......... ..........  4%  212M 2s
+  2200K .......... .......... .......... .......... ..........  4%  242M 1s
+  2250K .......... .......... .......... .......... ..........  4% 85.4M 1s
+  2300K .......... .......... .......... .......... ..........  4% 68.7M 1s
+  2350K .......... .......... .......... .......... ..........  4% 45.3M 1s
+  2400K .......... .......... .......... .......... ..........  4% 61.2M 1s
+  2450K .......... .......... .......... .......... ..........  4% 61.4M 1s
+  2500K .......... .......... .......... .......... ..........  4%  135M 1s
+  2550K .......... .......... .......... .......... ..........  4%  222M 1s
+  2600K .......... .......... .......... .......... ..........  4%  236M 1s
+  2650K .......... .......... .......... .......... ..........  5%  130M 1s
+  2700K .......... .......... .......... .......... ..........  5%  219M 1s
+  2750K .......... .......... .......... .......... ..........  5%  204M 1s
+  2800K .......... .......... .......... .......... ..........  5%  244M 1s
+  2850K .......... .......... .......... .......... ..........  5%  246M 1s
+  2900K .......... .......... .......... .......... ..........  5%  258M 1s
+  2950K .......... .......... .......... .......... ..........  5%  215M 1s
+  3000K .......... .......... .......... .......... ..........  5%  261M 1s
+  3050K .......... .......... .......... .......... ..........  5%  267M 1s
+  3100K .......... .......... .......... .......... ..........  5%  242M 1s
+  3150K .......... .......... .......... .......... ..........  5%  221M 1s
+  3200K .......... .......... .......... .......... ..........  6% 79.2M 1s
+  3250K .......... .......... .......... .......... ..........  6% 57.4M 1s
+  3300K .......... .......... .......... .......... ..........  6% 62.1M 1s
+  3350K .......... .......... .......... .......... ..........  6% 76.1M 1s
+  3400K .......... .......... .......... .......... ..........  6% 66.5M 1s
+  3450K .......... .......... .......... .......... ..........  6% 94.1M 1s
+  3500K .......... .......... .......... .......... ..........  6% 57.9M 1s
+  3550K .......... .......... .......... .......... ..........  6%  171M 1s
+  3600K .......... .......... .......... .......... ..........  6%  260M 1s
+  3650K .......... .......... .......... .......... ..........  6% 32.9M 1s
+  3700K .......... .......... .......... .......... ..........  7% 66.0M 1s
+  3750K .......... .......... .......... .......... ..........  7% 61.1M 1s
+  3800K .......... .......... .......... .......... ..........  7%  115M 1s
+  3850K .......... .......... .......... .......... ..........  7% 53.0M 1s
+  3900K .......... .......... .......... .......... ..........  7%  166M 1s
+  3950K .......... .......... .......... .......... ..........  7%  205M 1s
+  4000K .......... .......... .......... .......... ..........  7%  242M 1s
   4050K .......... .......... .......... .......... ..........  7%  251M 1s
-  4100K .......... .......... .......... .......... ..........  7% 34.8M 1s
-  4150K .......... .......... .......... .......... ..........  7% 59.4M 1s
-  4200K .......... .......... .......... .......... ..........  7% 79.3M 1s
-  4250K .......... .......... .......... .......... ..........  8%  217M 1s
-  4300K .......... .......... .......... .......... ..........  8%  187M 1s
-  4350K .......... .......... .......... .......... ..........  8%  245M 1s
-  4400K .......... .......... .......... .......... ..........  8%  246M 1s
-  4450K .......... .......... .......... .......... ..........  8%  254M 1s
-  4500K .......... .......... .......... .......... ..........  8%  231M 1s
-  4550K .......... .......... .......... .......... ..........  8%  163M 1s
-  4600K .......... .......... .......... .......... ..........  8%  154M 1s
-  4650K .......... .......... .......... .......... ..........  8% 18.6M 1s
-  4700K .......... .......... .......... .......... ..........  8% 53.2M 1s
-  4750K .......... .......... .......... .......... ..........  8%  218M 1s
-  4800K .......... .......... .......... .......... ..........  9% 39.8M 1s
-  4850K .......... .......... .......... .......... ..........  9% 47.7M 1s
-  4900K .......... .......... .......... .......... ..........  9%  117M 1s
-  4950K .......... .......... .......... .......... ..........  9%  239M 1s
-  5000K .......... .......... .......... .......... ..........  9%  253M 1s
-  5050K .......... .......... .......... .......... ..........  9%  256M 1s
-  5100K .......... .......... .......... .......... ..........  9%  220M 1s
-  5150K .......... .......... .......... .......... ..........  9%  187M 1s
-  5200K .......... .......... .......... .......... ..........  9% 19.9M 1s
-  5250K .......... .......... .......... .......... ..........  9% 50.4M 1s
-  5300K .......... .......... .......... .......... .......... 10% 45.2M 1s
-  5350K .......... .......... .......... .......... .......... 10% 59.9M 1s
-  5400K .......... .......... .......... .......... .......... 10% 60.4M 1s
-  5450K .......... .......... .......... .......... .......... 10%  241M 1s
-  5500K .......... .......... .......... .......... .......... 10%  206M 1s
-  5550K .......... .......... .......... .......... .......... 10%  258M 1s
-  5600K .......... .......... .......... .......... .......... 10%  185M 1s
-  5650K .......... .......... .......... .......... .......... 10% 26.9M 1s
-  5700K .......... .......... .......... .......... .......... 10% 49.2M 1s
-  5750K .......... .......... .......... .......... .......... 10% 63.3M 1s
-  5800K .......... .......... .......... .......... .......... 10% 46.4M 1s
-  5850K .......... .......... .......... .......... .......... 11% 51.2M 1s
-  5900K .......... .......... .......... .......... .......... 11% 61.5M 1s
-  5950K .......... .......... .......... .......... .......... 11%  215M 1s
-  6000K .......... .......... .......... .......... .......... 11%  254M 1s
-  6050K .......... .......... .......... .......... .......... 11%  123M 1s
-  6100K .......... .......... .......... .......... .......... 11%  215M 1s
-  6150K .......... .......... .......... .......... .......... 11% 26.5M 1s
-  6200K .......... .......... .......... .......... .......... 11%  226M 1s
-  6250K .......... .......... .......... .......... .......... 11%  245M 1s
-  6300K .......... .......... .......... .......... .......... 11%  158M 1s
-  6350K .......... .......... .......... .......... .......... 11% 52.5M 1s
-  6400K .......... .......... .......... .......... .......... 12% 54.2M 1s
-  6450K .......... .......... .......... .......... .......... 12% 71.4M 1s
-  6500K .......... .......... .......... .......... .......... 12% 51.3M 1s
-  6550K .......... .......... .......... .......... .......... 12% 69.7M 1s
-  6600K .......... .......... .......... .......... .......... 12%  239M 1s
-  6650K .......... .......... .......... .......... .......... 12%  230M 1s
-  6700K .......... .......... .......... .......... .......... 12%  217M 1s
-  6750K .......... .......... .......... .......... .......... 12%  227M 1s
-  6800K .......... .......... .......... .......... .......... 12%  248M 1s
-  6850K .......... .......... .......... .......... .......... 12%  260M 1s
-  6900K .......... .......... .......... .......... .......... 13%  234M 1s
-  6950K .......... .......... .......... .......... .......... 13%  248M 1s
-  7000K .......... .......... .......... .......... .......... 13%  206M 1s
-  7050K .......... .......... .......... .......... .......... 13%  257M 1s
-  7100K .......... .......... .......... .......... .......... 13%  237M 1s
-  7150K .......... .......... .......... .......... .......... 13%  256M 1s
-  7200K .......... .......... .......... .......... .......... 13%  218M 1s
-  7250K .......... .......... .......... .......... .......... 13% 11.4M 1s
-  7300K .......... .......... .......... .......... .......... 13%  253M 1s
-  7350K .......... .......... .......... .......... .......... 13% 36.4M 1s
-  7400K .......... .......... .......... .......... .......... 13% 43.7M 1s
-  7450K .......... .......... .......... .......... .......... 14% 57.1M 1s
-  7500K .......... .......... .......... .......... .......... 14% 58.4M 1s
-  7550K .......... .......... .......... .......... .......... 14%  167M 1s
-  7600K .......... .......... .......... .......... .......... 14%  181M 1s
-  7650K .......... .......... .......... .......... .......... 14%  239M 1s
-  7700K .......... .......... .......... .......... .......... 14%  259M 1s
-  7750K .......... .......... .......... .......... .......... 14%  256M 1s
-  7800K .......... .......... .......... .......... .......... 14%  224M 1s
-  7850K .......... .......... .......... .......... .......... 14% 31.9M 1s
-  7900K .......... .......... .......... .......... .......... 14%  230M 1s
-  7950K .......... .......... .......... .......... .......... 14% 34.2M 1s
-  8000K .......... .......... .......... .......... .......... 15% 68.0M 1s
-  8050K .......... .......... .......... .......... .......... 15% 67.1M 1s
-  8100K .......... .......... .......... .......... .......... 15% 30.6M 1s
-  8150K .......... .......... .......... .......... .......... 15% 46.5M 1s
-  8200K .......... .......... .......... .......... .......... 15% 43.5M 1s
-  8250K .......... .......... .......... .......... .......... 15%  104M 1s
-  8300K .......... .......... .......... .......... .......... 15%  191M 1s
-  8350K .......... .......... .......... .......... .......... 15% 64.4M 1s
-  8400K .......... .......... .......... .......... .......... 15%  212M 1s
-  8450K .......... .......... .......... .......... .......... 15%  250M 1s
-  8500K .......... .......... .......... .......... .......... 16%  230M 1s
-  8550K .......... .......... .......... .......... .......... 16%  256M 1s
-  8600K .......... .......... .......... .......... .......... 16%  246M 1s
-  8650K .......... .......... .......... .......... .......... 16% 83.4M 1s
-  8700K .......... .......... .......... .......... .......... 16% 52.3M 1s
-  8750K .......... .......... .......... .......... .......... 16% 56.5M 1s
-  8800K .......... .......... .......... .......... .......... 16% 47.8M 1s
-  8850K .......... .......... .......... .......... .......... 16% 49.0M 1s
-  8900K .......... .......... .......... .......... .......... 16% 72.5M 1s
-  8950K .......... .......... .......... .......... .......... 16%  202M 1s
-  9000K .......... .......... .......... .......... .......... 16%  143M 1s
-  9050K .......... .......... .......... .......... .......... 17% 46.5M 1s
-  9100K .......... .......... .......... .......... .......... 17% 43.5M 1s
-  9150K .......... .......... .......... .......... .......... 17% 89.9M 1s
-  9200K .......... .......... .......... .......... .......... 17% 45.6M 1s
-  9250K .......... .......... .......... .......... .......... 17% 59.0M 1s
-  9300K .......... .......... .......... .......... .......... 17%  207M 1s
-  9350K .......... .......... .......... .......... .......... 17%  254M 1s
-  9400K .......... .......... .......... .......... .......... 17%  249M 1s
-  9450K .......... .......... .......... .......... .......... 17%  255M 1s
-  9500K .......... .......... .......... .......... .......... 17%  180M 1s
-  9550K .......... .......... .......... .......... .......... 17%  252M 1s
-  9600K .......... .......... .......... .......... .......... 18%  257M 1s
-  9650K .......... .......... .......... .......... .......... 18%  253M 1s
-  9700K .......... .......... .......... .......... .......... 18%  205M 1s
-  9750K .......... .......... .......... .......... .......... 18%  211M 1s
-  9800K .......... .......... .......... .......... .......... 18%  175M 1s
-  9850K .......... .......... .......... .......... .......... 18%  116M 1s
-  9900K .......... .......... .......... .......... .......... 18% 97.2M 1s
-  9950K .......... .......... .......... .......... .......... 18%  133M 1s
- 10000K .......... .......... .......... .......... .......... 18%  130M 1s
- 10050K .......... .......... .......... .......... .......... 18%  165M 1s
- 10100K .......... .......... .......... .......... .......... 19%  146M 1s
- 10150K .......... .......... .......... .......... .......... 19%  154M 1s
- 10200K .......... .......... .......... .......... .......... 19%  144M 1s
- 10250K .......... .......... .......... .......... .......... 19%  172M 1s
- 10300K .......... .......... .......... .......... .......... 19%  104M 1s
- 10350K .......... .......... .......... .......... .......... 19%  133M 1s
- 10400K .......... .......... .......... .......... .......... 19%  142M 1s
- 10450K .......... .......... .......... .......... .......... 19%  172M 1s
- 10500K .......... .......... .......... .......... .......... 19%  156M 1s
- 10550K .......... .......... .......... .......... .......... 19%  169M 1s
- 10600K .......... .......... .......... .......... .......... 19%  173M 1s
- 10650K .......... .......... .......... .......... .......... 20%  134M 1s
- 10700K .......... .......... .......... .......... .......... 20%  112M 1s
- 10750K .......... .......... .......... .......... .......... 20%  113M 1s
- 10800K .......... .......... .......... .......... .......... 20%  107M 1s
- 10850K .......... .......... .......... .......... .......... 20%  114M 1s
- 10900K .......... .......... .......... .......... .......... 20%  132M 1s
- 10950K .......... .......... .......... .......... .......... 20%  167M 1s
- 11000K .......... .......... .......... .......... .......... 20%  149M 1s
- 11050K .......... .......... .......... .......... .......... 20%  153M 1s
- 11100K .......... .......... .......... .......... .......... 20%  114M 1s
- 11150K .......... .......... .......... .......... .......... 20%  140M 1s
- 11200K .......... .......... .......... .......... .......... 21%  146M 1s
- 11250K .......... .......... .......... .......... .......... 21%  166M 1s
- 11300K .......... .......... .......... .......... .......... 21%  139M 1s
- 11350K .......... .......... .......... .......... .......... 21%  179M 1s
- 11400K .......... .......... .......... .......... .......... 21%  219M 1s
- 11450K .......... .......... .......... .......... .......... 21%  236M 1s
- 11500K .......... .......... .......... .......... .......... 21%  196M 1s
- 11550K .......... .......... .......... .......... .......... 21%  250M 1s
- 11600K .......... .......... .......... .......... .......... 21%  256M 1s
- 11650K .......... .......... .......... .......... .......... 21%  258M 1s
- 11700K .......... .......... .......... .......... .......... 22%  147M 1s
- 11750K .......... .......... .......... .......... .......... 22%  124M 1s
- 11800K .......... .......... .......... .......... .......... 22%  156M 1s
- 11850K .......... .......... .......... .......... .......... 22%  119M 1s
- 11900K .......... .......... .......... .......... .......... 22% 97.7M 1s
- 11950K .......... .......... .......... .......... .......... 22%  121M 1s
- 12000K .......... .......... .......... .......... .......... 22%  164M 1s
+  4100K .......... .......... .......... .......... ..........  7%  263M 1s
+  4150K .......... .......... .......... .......... ..........  7% 25.1M 1s
+  4200K .......... .......... .......... .......... ..........  7%  218M 1s
+  4250K .......... .......... .......... .......... ..........  8% 70.9M 1s
+  4300K .......... .......... .......... .......... ..........  8% 65.5M 1s
+  4350K .......... .......... .......... .......... ..........  8% 99.8M 1s
+  4400K .......... .......... .......... .......... ..........  8%  221M 1s
+  4450K .......... .......... .......... .......... ..........  8%  258M 1s
+  4500K .......... .......... .......... .......... ..........  8%  241M 1s
+  4550K .......... .......... .......... .......... ..........  8%  206M 1s
+  4600K .......... .......... .......... .......... ..........  8% 21.4M 1s
+  4650K .......... .......... .......... .......... ..........  8% 68.0M 1s
+  4700K .......... .......... .......... .......... ..........  8% 52.0M 1s
+  4750K .......... .......... .......... .......... ..........  8% 58.2M 1s
+  4800K .......... .......... .......... .......... ..........  9%  235M 1s
+  4850K .......... .......... .......... .......... ..........  9%  147M 1s
+  4900K .......... .......... .......... .......... ..........  9% 89.4M 1s
+  4950K .......... .......... .......... .......... ..........  9%  228M 1s
+  5000K .......... .......... .......... .......... ..........  9%  232M 1s
+  5050K .......... .......... .......... .......... ..........  9%  239M 1s
+  5100K .......... .......... .......... .......... ..........  9%  239M 1s
+  5150K .......... .......... .......... .......... ..........  9%  207M 1s
+  5200K .......... .......... .......... .......... ..........  9%  263M 1s
+  5250K .......... .......... .......... .......... ..........  9% 19.3M 1s
+  5300K .......... .......... .......... .......... .......... 10% 68.0M 1s
+  5350K .......... .......... .......... .......... .......... 10% 65.7M 1s
+  5400K .......... .......... .......... .......... .......... 10% 55.4M 1s
+  5450K .......... .......... .......... .......... .......... 10%  172M 1s
+  5500K .......... .......... .......... .......... .......... 10%  233M 1s
+  5550K .......... .......... .......... .......... .......... 10% 77.4M 1s
+  5600K .......... .......... .......... .......... .......... 10% 57.1M 1s
+  5650K .......... .......... .......... .......... .......... 10% 91.4M 1s
+  5700K .......... .......... .......... .......... .......... 10%  247M 1s
+  5750K .......... .......... .......... .......... .......... 10%  210M 1s
+  5800K .......... .......... .......... .......... .......... 10%  245M 1s
+  5850K .......... .......... .......... .......... .......... 11%  250M 1s
+  5900K .......... .......... .......... .......... .......... 11%  266M 1s
+  5950K .......... .......... .......... .......... .......... 11%  219M 1s
+  6000K .......... .......... .......... .......... .......... 11%  239M 1s
+  6050K .......... .......... .......... .......... .......... 11%  129M 1s
+  6100K .......... .......... .......... .......... .......... 11% 72.4M 1s
+  6150K .......... .......... .......... .......... .......... 11% 56.4M 1s
+  6200K .......... .......... .......... .......... .......... 11% 56.3M 1s
+  6250K .......... .......... .......... .......... .......... 11% 64.0M 1s
+  6300K .......... .......... .......... .......... .......... 11%  206M 1s
+  6350K .......... .......... .......... .......... .......... 11% 89.8M 1s
+  6400K .......... .......... .......... .......... .......... 12% 64.5M 1s
+  6450K .......... .......... .......... .......... .......... 12% 58.5M 1s
+  6500K .......... .......... .......... .......... .......... 12% 91.9M 1s
+  6550K .......... .......... .......... .......... .......... 12%  228M 1s
+  6600K .......... .......... .......... .......... .......... 12%  261M 1s
+  6650K .......... .......... .......... .......... .......... 12%  248M 1s
+  6700K .......... .......... .......... .......... .......... 12% 29.5M 1s
+  6750K .......... .......... .......... .......... .......... 12% 47.7M 1s
+  6800K .......... .......... .......... .......... .......... 12% 66.4M 1s
+  6850K .......... .......... .......... .......... .......... 12% 82.2M 1s
+  6900K .......... .......... .......... .......... .......... 13%  132M 1s
+  6950K .......... .......... .......... .......... .......... 13%  204M 1s
+  7000K .......... .......... .......... .......... .......... 13%  179M 1s
+  7050K .......... .......... .......... .......... .......... 13%  252M 1s
+  7100K .......... .......... .......... .......... .......... 13% 35.2M 1s
+  7150K .......... .......... .......... .......... .......... 13% 84.1M 1s
+  7200K .......... .......... .......... .......... .......... 13%  236M 1s
+  7250K .......... .......... .......... .......... .......... 13%  238M 1s
+  7300K .......... .......... .......... .......... .......... 13%  256M 1s
+  7350K .......... .......... .......... .......... .......... 13%  228M 1s
+  7400K .......... .......... .......... .......... .......... 13%  260M 1s
+  7450K .......... .......... .......... .......... .......... 14% 19.4M 1s
+  7500K .......... .......... .......... .......... .......... 14% 66.2M 1s
+  7550K .......... .......... .......... .......... .......... 14%  151M 1s
+  7600K .......... .......... .......... .......... .......... 14%  247M 1s
+  7650K .......... .......... .......... .......... .......... 14% 62.2M 1s
+  7700K .......... .......... .......... .......... .......... 14% 60.8M 1s
+  7750K .......... .......... .......... .......... .......... 14% 51.6M 1s
+  7800K .......... .......... .......... .......... .......... 14%  144M 1s
+  7850K .......... .......... .......... .......... .......... 14% 66.0M 1s
+  7900K .......... .......... .......... .......... .......... 14% 63.6M 1s
+  7950K .......... .......... .......... .......... .......... 14%  187M 1s
+  8000K .......... .......... .......... .......... .......... 15%  262M 1s
+  8050K .......... .......... .......... .......... .......... 15%  222M 1s
+  8100K .......... .......... .......... .......... .......... 15%  260M 1s
+  8150K .......... .......... .......... .......... .......... 15%  213M 1s
+  8200K .......... .......... .......... .......... .......... 15%  260M 1s
+  8250K .......... .......... .......... .......... .......... 15%  248M 1s
+  8300K .......... .......... .......... .......... .......... 15%  252M 1s
+  8350K .......... .......... .......... .......... .......... 15%  213M 1s
+  8400K .......... .......... .......... .......... .......... 15% 85.0M 1s
+  8450K .......... .......... .......... .......... .......... 15%  247M 1s
+  8500K .......... .......... .......... .......... .......... 16%  116M 1s
+  8550K .......... .......... .......... .......... .......... 16% 62.1M 1s
+  8600K .......... .......... .......... .......... .......... 16% 47.2M 1s
+  8650K .......... .......... .......... .......... .......... 16%  103M 1s
+  8700K .......... .......... .......... .......... .......... 16% 54.6M 1s
+  8750K .......... .......... .......... .......... .......... 16% 42.4M 1s
+  8800K .......... .......... .......... .......... .......... 16% 59.8M 1s
+  8850K .......... .......... .......... .......... .......... 16% 68.9M 1s
+  8900K .......... .......... .......... .......... .......... 16%  236M 1s
+  8950K .......... .......... .......... .......... .......... 16%  211M 1s
+  9000K .......... .......... .......... .......... .......... 16%  251M 1s
+  9050K .......... .......... .......... .......... .......... 17%  255M 1s
+  9100K .......... .......... .......... .......... .......... 17%  182M 1s
+  9150K .......... .......... .......... .......... .......... 17% 19.6M 1s
+  9200K .......... .......... .......... .......... .......... 17%  117M 1s
+  9250K .......... .......... .......... .......... .......... 17% 81.5M 1s
+  9300K .......... .......... .......... .......... .......... 17% 61.0M 1s
+  9350K .......... .......... .......... .......... .......... 17% 62.1M 1s
+  9400K .......... .......... .......... .......... .......... 17%  235M 1s
+  9450K .......... .......... .......... .......... .......... 17%  257M 1s
+  9500K .......... .......... .......... .......... .......... 17%  232M 1s
+  9550K .......... .......... .......... .......... .......... 17% 32.7M 1s
+  9600K .......... .......... .......... .......... .......... 18%  193M 1s
+  9650K .......... .......... .......... .......... .......... 18% 70.7M 1s
+  9700K .......... .......... .......... .......... .......... 18% 61.7M 1s
+  9750K .......... .......... .......... .......... .......... 18% 65.1M 1s
+  9800K .......... .......... .......... .......... .......... 18%  218M 1s
+  9850K .......... .......... .......... .......... .......... 18%  230M 1s
+  9900K .......... .......... .......... .......... .......... 18%  263M 1s
+  9950K .......... .......... .......... .......... .......... 18%  207M 1s
+ 10000K .......... .......... .......... .......... .......... 18%  247M 1s
+ 10050K .......... .......... .......... .......... .......... 18% 20.5M 1s
+ 10100K .......... .......... .......... .......... .......... 19% 65.1M 1s
+ 10150K .......... .......... .......... .......... .......... 19% 68.4M 1s
+ 10200K .......... .......... .......... .......... .......... 19%  234M 1s
+ 10250K .......... .......... .......... .......... .......... 19% 35.5M 1s
+ 10300K .......... .......... .......... .......... .......... 19% 53.8M 1s
+ 10350K .......... .......... .......... .......... .......... 19% 91.4M 1s
+ 10400K .......... .......... .......... .......... .......... 19% 54.9M 1s
+ 10450K .......... .......... .......... .......... .......... 19%  141M 1s
+ 10500K .......... .......... .......... .......... .......... 19%  225M 1s
+ 10550K .......... .......... .......... .......... .......... 19%  225M 1s
+ 10600K .......... .......... .......... .......... .......... 19%  260M 1s
+ 10650K .......... .......... .......... .......... .......... 20%  246M 1s
+ 10700K .......... .......... .......... .......... .......... 20%  258M 1s
+ 10750K .......... .......... .......... .......... .......... 20% 25.7M 1s
+ 10800K .......... .......... .......... .......... .......... 20% 60.4M 1s
+ 10850K .......... .......... .......... .......... .......... 20% 57.1M 1s
+ 10900K .......... .......... .......... .......... .......... 20% 56.7M 1s
+ 10950K .......... .......... .......... .......... .......... 20% 66.7M 1s
+ 11000K .......... .......... .......... .......... .......... 20% 58.8M 1s
+ 11050K .......... .......... .......... .......... .......... 20% 66.5M 1s
+ 11100K .......... .......... .......... .......... .......... 20% 92.1M 1s
+ 11150K .......... .......... .......... .......... .......... 20%  146M 1s
+ 11200K .......... .......... .......... .......... .......... 21%  158M 1s
+ 11250K .......... .......... .......... .......... .......... 21%  171M 1s
+ 11300K .......... .......... .......... .......... .......... 21%  167M 1s
+ 11350K .......... .......... .......... .......... .......... 21%  139M 1s
+ 11400K .......... .......... .......... .......... .......... 21%  178M 1s
+ 11450K .......... .......... .......... .......... .......... 21%  146M 1s
+ 11500K .......... .......... .......... .......... .......... 21%  143M 1s
+ 11550K .......... .......... .......... .......... .......... 21%  159M 1s
+ 11600K .......... .......... .......... .......... .......... 21%  259M 1s
+ 11650K .......... .......... .......... .......... .......... 21%  193M 1s
+ 11700K .......... .......... .......... .......... .......... 22%  219M 1s
+ 11750K .......... .......... .......... .......... .......... 22%  230M 1s
+ 11800K .......... .......... .......... .......... .......... 22%  174M 1s
+ 11850K .......... .......... .......... .......... .......... 22%  160M 1s
+ 11900K .......... .......... .......... .......... .......... 22%  135M 1s
+ 11950K .......... .......... .......... .......... .......... 22%  122M 1s
+ 12000K .......... .......... .......... .......... .......... 22%  170M 1s
  12050K .......... .......... .......... .......... .......... 22%  138M 1s
- 12100K .......... .......... .......... .......... .......... 22%  102M 1s
- 12150K .......... .......... .......... .......... .......... 22%  159M 1s
- 12200K .......... .......... .......... .......... .......... 22%  171M 1s
- 12250K .......... .......... .......... .......... .......... 23%  190M 1s
- 12300K .......... .......... .......... .......... .......... 23%  154M 1s
- 12350K .......... .......... .......... .......... .......... 23%  125M 1s
- 12400K .......... .......... .......... .......... .......... 23%  137M 1s
- 12450K .......... .......... .......... .......... .......... 23%  132M 1s
- 12500K .......... .......... .......... .......... .......... 23%  130M 1s
- 12550K .......... .......... .......... .......... .......... 23%  156M 1s
- 12600K .......... .......... .......... .......... .......... 23%  189M 1s
- 12650K .......... .......... .......... .......... .......... 23%  176M 1s
- 12700K .......... .......... .......... .......... .......... 23%  119M 1s
- 12750K .......... .......... .......... .......... .......... 23%  146M 1s
- 12800K .......... .......... .......... .......... .......... 24%  143M 1s
- 12850K .......... .......... .......... .......... .......... 24%  136M 1s
- 12900K .......... .......... .......... .......... .......... 24%  124M 1s
- 12950K .......... .......... .......... .......... .......... 24%  144M 1s
- 13000K .......... .......... .......... .......... .......... 24%  139M 1s
- 13050K .......... .......... .......... .......... .......... 24%  134M 1s
- 13100K .......... .......... .......... .......... .......... 24%  125M 1s
- 13150K .......... .......... .......... .......... .......... 24%  139M 1s
- 13200K .......... .......... .......... .......... .......... 24%  155M 1s
- 13250K .......... .......... .......... .......... .......... 24%  129M 1s
- 13300K .......... .......... .......... .......... .......... 24%  146M 1s
- 13350K .......... .......... .......... .......... .......... 25%  184M 1s
- 13400K .......... .......... .......... .......... .......... 25%  183M 1s
- 13450K .......... .......... .......... .......... .......... 25%  158M 1s
- 13500K .......... .......... .......... .......... .......... 25%  217M 1s
- 13550K .......... .......... .......... .......... .......... 25%  230M 1s
- 13600K .......... .......... .......... .......... .......... 25%  138M 1s
- 13650K .......... .......... .......... .......... .......... 25%  116M 1s
- 13700K .......... .......... .......... .......... .......... 25%  142M 1s
- 13750K .......... .......... .......... .......... .......... 25%  142M 1s
- 13800K .......... .......... .......... .......... .......... 25%  127M 1s
- 13850K .......... .......... .......... .......... .......... 26%  167M 1s
- 13900K .......... .......... .......... .......... .......... 26%  137M 1s
- 13950K .......... .......... .......... .......... .......... 26%  142M 1s
- 14000K .......... .......... .......... .......... .......... 26%  152M 1s
- 14050K .......... .......... .......... .......... .......... 26%  135M 1s
- 14100K .......... .......... .......... .......... .......... 26%  164M 1s
- 14150K .......... .......... .......... .......... .......... 26%  257M 1s
- 14200K .......... .......... .......... .......... .......... 26%  249M 1s
- 14250K .......... .......... .......... .......... .......... 26%  196M 1s
- 14300K .......... .......... .......... .......... .......... 26%  163M 1s
- 14350K .......... .......... .......... .......... .......... 26%  175M 1s
- 14400K .......... .......... .......... .......... .......... 27%  160M 1s
- 14450K .......... .......... .......... .......... .......... 27%  144M 1s
- 14500K .......... .......... .......... .......... .......... 27%  108M 1s
- 14550K .......... .......... .......... .......... .......... 27%  133M 1s
- 14600K .......... .......... .......... .......... .......... 27%  106M 1s
- 14650K .......... .......... .......... .......... .......... 27%  164M 1s
- 14700K .......... .......... .......... .......... .......... 27%  128M 1s
- 14750K .......... .......... .......... .......... .......... 27%  138M 1s
- 14800K .......... .......... .......... .......... .......... 27%  120M 1s
- 14850K .......... .......... .......... .......... .......... 27%  150M 1s
- 14900K .......... .......... .......... .......... .......... 27%  120M 1s
- 14950K .......... .......... .......... .......... .......... 28%  151M 1s
- 15000K .......... .......... .......... .......... .......... 28%  144M 1s
- 15050K .......... .......... .......... .......... .......... 28%  174M 1s
- 15100K .......... .......... .......... .......... .......... 28%  160M 1s
- 15150K .......... .......... .......... .......... .......... 28%  140M 1s
- 15200K .......... .......... .......... .......... .......... 28%  209M 1s
- 15250K .......... .......... .......... .......... .......... 28%  227M 1s
- 15300K .......... .......... .......... .......... .......... 28%  195M 1s
- 15350K .......... .......... .......... .......... .......... 28%  245M 1s
- 15400K .......... .......... .......... .......... .......... 28%  228M 1s
- 15450K .......... .......... .......... .......... .......... 29%  259M 1s
- 15500K .......... .......... .......... .......... .......... 29%  184M 1s
- 15550K .......... .......... .......... .......... .......... 29%  173M 1s
- 15600K .......... .......... .......... .......... .......... 29%  149M 1s
- 15650K .......... .......... .......... .......... .......... 29%  129M 1s
- 15700K .......... .......... .......... .......... .......... 29%  119M 1s
- 15750K .......... .......... .......... .......... .......... 29%  142M 1s
- 15800K .......... .......... .......... .......... .......... 29%  146M 1s
- 15850K .......... .......... .......... .......... .......... 29%  177M 1s
- 15900K .......... .......... .......... .......... .......... 29%  152M 1s
- 15950K .......... .......... .......... .......... .......... 29%  167M 1s
- 16000K .......... .......... .......... .......... .......... 30%  137M 1s
- 16050K .......... .......... .......... .......... .......... 30%  126M 0s
- 16100K .......... .......... .......... .......... .......... 30%  107M 0s
- 16150K .......... .......... .......... .......... .......... 30%  150M 0s
- 16200K .......... .......... .......... .......... .......... 30%  126M 0s
- 16250K .......... .......... .......... .......... .......... 30%  127M 0s
- 16300K .......... .......... .......... .......... .......... 30%  144M 0s
- 16350K .......... .......... .......... .......... .......... 30%  180M 0s
- 16400K .......... .......... .......... .......... .......... 30%  140M 0s
- 16450K .......... .......... .......... .......... .......... 30%  117M 0s
- 16500K .......... .......... .......... .......... .......... 30%  118M 0s
- 16550K .......... .......... .......... .......... .......... 31%  163M 0s
- 16600K .......... .......... .......... .......... .......... 31%  167M 0s
- 16650K .......... .......... .......... .......... .......... 31%  164M 0s
- 16700K .......... .......... .......... .......... .......... 31%  137M 0s
- 16750K .......... .......... .......... .......... .......... 31%  164M 0s
- 16800K .......... .......... .......... .......... .......... 31%  163M 0s
- 16850K .......... .......... .......... .......... .......... 31%  133M 0s
- 16900K .......... .......... .......... .......... .......... 31%  128M 0s
- 16950K .......... .......... .......... .......... .......... 31%  137M 0s
- 17000K .......... .......... .......... .......... .......... 31%  149M 0s
- 17050K .......... .......... .......... .......... .......... 32%  134M 0s
- 17100K .......... .......... .......... .......... .......... 32%  109M 0s
- 17150K .......... .......... .......... .......... .......... 32%  128M 0s
- 17200K .......... .......... .......... .......... .......... 32%  122M 0s
- 17250K .......... .......... .......... .......... .......... 32%  148M 0s
- 17300K .......... .......... .......... .......... .......... 32%  124M 0s
- 17350K .......... .......... .......... .......... .......... 32%  144M 0s
- 17400K .......... .......... .......... .......... .......... 32%  152M 0s
- 17450K .......... .......... .......... .......... .......... 32%  207M 0s
- 17500K .......... .......... .......... .......... .......... 32%  214M 0s
- 17550K .......... .......... .......... .......... .......... 32%  206M 0s
- 17600K .......... .......... .......... .......... .......... 33%  167M 0s
- 17650K .......... .......... .......... .......... .......... 33%  170M 0s
- 17700K .......... .......... .......... .......... .......... 33%  153M 0s
- 17750K .......... .......... .......... .......... .......... 33%  147M 0s
- 17800K .......... .......... .......... .......... .......... 33%  130M 0s
- 17850K .......... .......... .......... .......... .......... 33%  168M 0s
- 17900K .......... .......... .......... .......... .......... 33%  104M 0s
- 17950K .......... .......... .......... .......... .......... 33%  120M 0s
- 18000K .......... .......... .......... .......... .......... 33%  109M 0s
- 18050K .......... .......... .......... .......... .......... 33%  138M 0s
- 18100K .......... .......... .......... .......... .......... 33%  134M 0s
- 18150K .......... .......... .......... .......... .......... 34%  147M 0s
- 18200K .......... .......... .......... .......... .......... 34%  151M 0s
- 18250K .......... .......... .......... .......... .......... 34%  232M 0s
- 18300K .......... .......... .......... .......... .......... 34%  134M 0s
- 18350K .......... .......... .......... .......... .......... 34%  169M 0s
- 18400K .......... .......... .......... .......... .......... 34%  169M 0s
- 18450K .......... .......... .......... .......... .......... 34%  170M 0s
- 18500K .......... .......... .......... .......... .......... 34%  203M 0s
- 18550K .......... .......... .......... .......... .......... 34%  257M 0s
- 18600K .......... .......... .......... .......... .......... 34%  261M 0s
- 18650K .......... .......... .......... .......... .......... 35%  257M 0s
- 18700K .......... .......... .......... .......... .......... 35%  153M 0s
- 18750K .......... .......... .......... .......... .......... 35%  158M 0s
- 18800K .......... .......... .......... .......... .......... 35%  197M 0s
- 18850K .......... .......... .......... .......... .......... 35%  155M 0s
- 18900K .......... .......... .......... .......... .......... 35%  155M 0s
- 18950K .......... .......... .......... .......... .......... 35%  165M 0s
- 19000K .......... .......... .......... .......... .......... 35%  143M 0s
- 19050K .......... .......... .......... .......... .......... 35%  165M 0s
- 19100K .......... .......... .......... .......... .......... 35%  143M 0s
- 19150K .......... .......... .......... .......... .......... 35%  168M 0s
- 19200K .......... .......... .......... .......... .......... 36%  150M 0s
+ 12100K .......... .......... .......... .......... .......... 22%  157M 1s
+ 12150K .......... .......... .......... .......... .......... 22%  145M 1s
+ 12200K .......... .......... .......... .......... .......... 22%  155M 1s
+ 12250K .......... .......... .......... .......... .......... 23%  169M 1s
+ 12300K .......... .......... .......... .......... .......... 23%  151M 1s
+ 12350K .......... .......... .......... .......... .......... 23%  143M 1s
+ 12400K .......... .......... .......... .......... .......... 23%  180M 1s
+ 12450K .......... .......... .......... .......... .......... 23%  212M 1s
+ 12500K .......... .......... .......... .......... .......... 23%  150M 1s
+ 12550K .......... .......... .......... .......... .......... 23%  151M 1s
+ 12600K .......... .......... .......... .......... .......... 23%  144M 1s
+ 12650K .......... .......... .......... .......... .......... 23%  172M 1s
+ 12700K .......... .......... .......... .......... .......... 23%  242M 1s
+ 12750K .......... .......... .......... .......... .......... 23%  203M 1s
+ 12800K .......... .......... .......... .......... .......... 24%  258M 1s
+ 12850K .......... .......... .......... .......... .......... 24%  261M 1s
+ 12900K .......... .......... .......... .......... .......... 24%  238M 1s
+ 12950K .......... .......... .......... .......... .......... 24%  227M 1s
+ 13000K .......... .......... .......... .......... .......... 24%  206M 1s
+ 13050K .......... .......... .......... .......... .......... 24%  175M 1s
+ 13100K .......... .......... .......... .......... .......... 24%  133M 1s
+ 13150K .......... .......... .......... .......... .......... 24%  136M 1s
+ 13200K .......... .......... .......... .......... .......... 24%  153M 1s
+ 13250K .......... .......... .......... .......... .......... 24%  168M 1s
+ 13300K .......... .......... .......... .......... .......... 24%  154M 1s
+ 13350K .......... .......... .......... .......... .......... 25%  148M 1s
+ 13400K .......... .......... .......... .......... .......... 25%  149M 1s
+ 13450K .......... .......... .......... .......... .......... 25%  134M 1s
+ 13500K .......... .......... .......... .......... .......... 25%  167M 1s
+ 13550K .......... .......... .......... .......... .......... 25%  256M 1s
+ 13600K .......... .......... .......... .......... .......... 25%  262M 1s
+ 13650K .......... .......... .......... .......... .......... 25%  148M 1s
+ 13700K .......... .......... .......... .......... .......... 25%  146M 1s
+ 13750K .......... .......... .......... .......... .......... 25%  158M 1s
+ 13800K .......... .......... .......... .......... .......... 25%  139M 1s
+ 13850K .......... .......... .......... .......... .......... 26%  133M 1s
+ 13900K .......... .......... .......... .......... .......... 26%  146M 1s
+ 13950K .......... .......... .......... .......... .......... 26%  138M 1s
+ 14000K .......... .......... .......... .......... .......... 26%  180M 1s
+ 14050K .......... .......... .......... .......... .......... 26%  160M 1s
+ 14100K .......... .......... .......... .......... .......... 26%  163M 1s
+ 14150K .......... .......... .......... .......... .......... 26%  154M 1s
+ 14200K .......... .......... .......... .......... .......... 26%  164M 1s
+ 14250K .......... .......... .......... .......... .......... 26%  132M 1s
+ 14300K .......... .......... .......... .......... .......... 26%  149M 1s
+ 14350K .......... .......... .......... .......... .......... 26%  143M 1s
+ 14400K .......... .......... .......... .......... .......... 27%  175M 0s
+ 14450K .......... .......... .......... .......... .......... 27%  184M 0s
+ 14500K .......... .......... .......... .......... .......... 27%  161M 0s
+ 14550K .......... .......... .......... .......... .......... 27%  129M 0s
+ 14600K .......... .......... .......... .......... .......... 27%  163M 0s
+ 14650K .......... .......... .......... .......... .......... 27%  132M 0s
+ 14700K .......... .......... .......... .......... .......... 27%  155M 0s
+ 14750K .......... .......... .......... .......... .......... 27%  178M 0s
+ 14800K .......... .......... .......... .......... .......... 27%  171M 0s
+ 14850K .......... .......... .......... .......... .......... 27%  155M 0s
+ 14900K .......... .......... .......... .......... .......... 27%  155M 0s
+ 14950K .......... .......... .......... .......... .......... 28%  161M 0s
+ 15000K .......... .......... .......... .......... .......... 28%  164M 0s
+ 15050K .......... .......... .......... .......... .......... 28%  138M 0s
+ 15100K .......... .......... .......... .......... .......... 28%  158M 0s
+ 15150K .......... .......... .......... .......... .......... 28%  152M 0s
+ 15200K .......... .......... .......... .......... .......... 28%  146M 0s
+ 15250K .......... .......... .......... .......... .......... 28%  133M 0s
+ 15300K .......... .......... .......... .......... .......... 28%  180M 0s
+ 15350K .......... .......... .......... .......... .......... 28%  144M 0s
+ 15400K .......... .......... .......... .......... .......... 28%  161M 0s
+ 15450K .......... .......... .......... .......... .......... 29%  115M 0s
+ 15500K .......... .......... .......... .......... .......... 29%  158M 0s
+ 15550K .......... .......... .......... .......... .......... 29%  153M 0s
+ 15600K .......... .......... .......... .......... .......... 29%  242M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  234M 0s
+ 15700K .......... .......... .......... .......... .......... 29%  245M 0s
+ 15750K .......... .......... .......... .......... .......... 29%  229M 0s
+ 15800K .......... .......... .......... .......... .......... 29%  207M 0s
+ 15850K .......... .......... .......... .......... .......... 29%  255M 0s
+ 15900K .......... .......... .......... .......... .......... 29%  245M 0s
+ 15950K .......... .......... .......... .......... .......... 29%  215M 0s
+ 16000K .......... .......... .......... .......... .......... 30%  163M 0s
+ 16050K .......... .......... .......... .......... .......... 30%  176M 0s
+ 16100K .......... .......... .......... .......... .......... 30%  137M 0s
+ 16150K .......... .......... .......... .......... .......... 30%  128M 0s
+ 16200K .......... .......... .......... .......... .......... 30%  154M 0s
+ 16250K .......... .......... .......... .......... .......... 30%  146M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  165M 0s
+ 16350K .......... .......... .......... .......... .......... 30%  140M 0s
+ 16400K .......... .......... .......... .......... .......... 30%  164M 0s
+ 16450K .......... .......... .......... .......... .......... 30%  121M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  198M 0s
+ 16550K .......... .......... .......... .......... .......... 31%  192M 0s
+ 16600K .......... .......... .......... .......... .......... 31%  149M 0s
+ 16650K .......... .......... .......... .......... .......... 31%  186M 0s
+ 16700K .......... .......... .......... .......... .......... 31%  128M 0s
+ 16750K .......... .......... .......... .......... .......... 31%  147M 0s
+ 16800K .......... .......... .......... .......... .......... 31%  166M 0s
+ 16850K .......... .......... .......... .......... .......... 31%  142M 0s
+ 16900K .......... .......... .......... .......... .......... 31%  154M 0s
+ 16950K .......... .......... .......... .......... .......... 31%  179M 0s
+ 17000K .......... .......... .......... .......... .......... 31%  150M 0s
+ 17050K .......... .......... .......... .......... .......... 32%  139M 0s
+ 17100K .......... .......... .......... .......... .......... 32%  163M 0s
+ 17150K .......... .......... .......... .......... .......... 32%  163M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  154M 0s
+ 17250K .......... .......... .......... .......... .......... 32%  134M 0s
+ 17300K .......... .......... .......... .......... .......... 32%  169M 0s
+ 17350K .......... .......... .......... .......... .......... 32%  160M 0s
+ 17400K .......... .......... .......... .......... .......... 32%  174M 0s
+ 17450K .......... .......... .......... .......... .......... 32%  138M 0s
+ 17500K .......... .......... .......... .......... .......... 32%  158M 0s
+ 17550K .......... .......... .......... .......... .......... 32%  183M 0s
+ 17600K .......... .......... .......... .......... .......... 33%  145M 0s
+ 17650K .......... .......... .......... .......... .......... 33%  116M 0s
+ 17700K .......... .......... .......... .......... .......... 33%  163M 0s
+ 17750K .......... .......... .......... .......... .......... 33%  149M 0s
+ 17800K .......... .......... .......... .......... .......... 33%  143M 0s
+ 17850K .......... .......... .......... .......... .......... 33%  152M 0s
+ 17900K .......... .......... .......... .......... .......... 33%  225M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  235M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  212M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  137M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  254M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  257M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  236M 0s
+ 18250K .......... .......... .......... .......... .......... 34%  250M 0s
+ 18300K .......... .......... .......... .......... .......... 34%  239M 0s
+ 18350K .......... .......... .......... .......... .......... 34%  217M 0s
+ 18400K .......... .......... .......... .......... .......... 34%  237M 0s
+ 18450K .......... .......... .......... .......... .......... 34%  241M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  225M 0s
+ 18550K .......... .......... .......... .......... .......... 34%  151M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  216M 0s
+ 18650K .......... .......... .......... .......... .......... 35%  162M 0s
+ 18700K .......... .......... .......... .......... .......... 35%  158M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  136M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  172M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  136M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  141M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  134M 0s
+ 19000K .......... .......... .......... .......... .......... 35%  167M 0s
+ 19050K .......... .......... .......... .......... .......... 35%  162M 0s
+ 19100K .......... .......... .......... .......... .......... 35%  159M 0s
+ 19150K .......... .......... .......... .......... .......... 35%  140M 0s
+ 19200K .......... .......... .......... .......... .......... 36%  153M 0s
  19250K .......... .......... .......... .......... .......... 36%  161M 0s
- 19300K .......... .......... .......... .......... .......... 36%  156M 0s
- 19350K .......... .......... .......... .......... .......... 36%  164M 0s
- 19400K .......... .......... .......... .......... .......... 36%  185M 0s
- 19450K .......... .......... .......... .......... .......... 36%  182M 0s
- 19500K .......... .......... .......... .......... .......... 36%  132M 0s
- 19550K .......... .......... .......... .......... .......... 36%  168M 0s
- 19600K .......... .......... .......... .......... .......... 36%  251M 0s
- 19650K .......... .......... .......... .......... .......... 36%  250M 0s
- 19700K .......... .......... .......... .......... .......... 36%  150M 0s
- 19750K .......... .......... .......... .......... .......... 37%  171M 0s
- 19800K .......... .......... .......... .......... .......... 37%  176M 0s
- 19850K .......... .......... .......... .......... .......... 37%  172M 0s
- 19900K .......... .......... .......... .......... .......... 37%  116M 0s
- 19950K .......... .......... .......... .......... .......... 37%  161M 0s
- 20000K .......... .......... .......... .......... .......... 37%  173M 0s
- 20050K .......... .......... .......... .......... .......... 37%  165M 0s
- 20100K .......... .......... .......... .......... .......... 37%  163M 0s
- 20150K .......... .......... .......... .......... .......... 37%  162M 0s
- 20200K .......... .......... .......... .......... .......... 37%  153M 0s
- 20250K .......... .......... .......... .......... .......... 38%  125M 0s
- 20300K .......... .......... .......... .......... .......... 38%  142M 0s
- 20350K .......... .......... .......... .......... .......... 38%  168M 0s
- 20400K .......... .......... .......... .......... .......... 38%  111M 0s
- 20450K .......... .......... .......... .......... .......... 38%  118M 0s
- 20500K .......... .......... .......... .......... .......... 38%  117M 0s
- 20550K .......... .......... .......... .......... .......... 38%  149M 0s
- 20600K .......... .......... .......... .......... .......... 38%  136M 0s
- 20650K .......... .......... .......... .......... .......... 38%  157M 0s
- 20700K .......... .......... .......... .......... .......... 38%  230M 0s
- 20750K .......... .......... .......... .......... .......... 38%  218M 0s
- 20800K .......... .......... .......... .......... .......... 39%  234M 0s
- 20850K .......... .......... .......... .......... .......... 39%  261M 0s
- 20900K .......... .......... .......... .......... .......... 39%  263M 0s
- 20950K .......... .......... .......... .......... .......... 39%  234M 0s
- 21000K .......... .......... .......... .......... .......... 39%  252M 0s
- 21050K .......... .......... .......... .......... .......... 39%  185M 0s
- 21100K .......... .......... .......... .......... .......... 39%  152M 0s
- 21150K .......... .......... .......... .......... .......... 39%  112M 0s
- 21200K .......... .......... .......... .......... .......... 39%  125M 0s
- 21250K .......... .......... .......... .......... .......... 39%  172M 0s
- 21300K .......... .......... .......... .......... .......... 39%  174M 0s
- 21350K .......... .......... .......... .......... .......... 40%  148M 0s
- 21400K .......... .......... .......... .......... .......... 40%  220M 0s
- 21450K .......... .......... .......... .......... .......... 40%  241M 0s
- 21500K .......... .......... .......... .......... .......... 40%  247M 0s
- 21550K .......... .......... .......... .......... .......... 40%  113M 0s
- 21600K .......... .......... .......... .......... .......... 40% 97.2M 0s
- 21650K .......... .......... .......... .......... .......... 40%  136M 0s
- 21700K .......... .......... .......... .......... .......... 40%  171M 0s
- 21750K .......... .......... .......... .......... .......... 40%  139M 0s
- 21800K .......... .......... .......... .......... .......... 40%  121M 0s
- 21850K .......... .......... .......... .......... .......... 41%  162M 0s
- 21900K .......... .......... .......... .......... .......... 41%  174M 0s
- 21950K .......... .......... .......... .......... .......... 41%  131M 0s
- 22000K .......... .......... .......... .......... .......... 41%  142M 0s
- 22050K .......... .......... .......... .......... .......... 41%  153M 0s
- 22100K .......... .......... .......... .......... .......... 41%  136M 0s
- 22150K .......... .......... .......... .......... .......... 41%  129M 0s
- 22200K .......... .......... .......... .......... .......... 41%  171M 0s
- 22250K .......... .......... .......... .......... .......... 41%  146M 0s
- 22300K .......... .......... .......... .......... .......... 41%  245M 0s
- 22350K .......... .......... .......... .......... .......... 41%  147M 0s
- 22400K .......... .......... .......... .......... .......... 42%  162M 0s
- 22450K .......... .......... .......... .......... .......... 42%  165M 0s
- 22500K .......... .......... .......... .......... .......... 42%  154M 0s
- 22550K .......... .......... .......... .......... .......... 42%  140M 0s
- 22600K .......... .......... .......... .......... .......... 42%  133M 0s
- 22650K .......... .......... .......... .......... .......... 42%  135M 0s
- 22700K .......... .......... .......... .......... .......... 42%  143M 0s
- 22750K .......... .......... .......... .......... .......... 42%  118M 0s
- 22800K .......... .......... .......... .......... .......... 42%  157M 0s
- 22850K .......... .......... .......... .......... .......... 42%  173M 0s
- 22900K .......... .......... .......... .......... .......... 42%  148M 0s
- 22950K .......... .......... .......... .......... .......... 43%  125M 0s
- 23000K .......... .......... .......... .......... .......... 43%  136M 0s
- 23050K .......... .......... .......... .......... .......... 43%  173M 0s
- 23100K .......... .......... .......... .......... .......... 43%  187M 0s
- 23150K .......... .......... .......... .......... .......... 43%  129M 0s
- 23200K .......... .......... .......... .......... .......... 43%  159M 0s
- 23250K .......... .......... .......... .......... .......... 43%  166M 0s
- 23300K .......... .......... .......... .......... .......... 43%  185M 0s
- 23350K .......... .......... .......... .......... .......... 43%  139M 0s
- 23400K .......... .......... .......... .......... .......... 43%  142M 0s
- 23450K .......... .......... .......... .......... .......... 44%  139M 0s
- 23500K .......... .......... .......... .......... .......... 44%  204M 0s
- 23550K .......... .......... .......... .......... .......... 44%  209M 0s
- 23600K .......... .......... .......... .......... .......... 44%  178M 0s
- 23650K .......... .......... .......... .......... .......... 44%  115M 0s
- 23700K .......... .......... .......... .......... .......... 44%  144M 0s
- 23750K .......... .......... .......... .......... .......... 44%  153M 0s
- 23800K .......... .......... .......... .......... .......... 44%  158M 0s
- 23850K .......... .......... .......... .......... .......... 44%  202M 0s
- 23900K .......... .......... .......... .......... .......... 44%  261M 0s
- 23950K .......... .......... .......... .......... .......... 44%  221M 0s
- 24000K .......... .......... .......... .......... .......... 45%  262M 0s
- 24050K .......... .......... .......... .......... .......... 45%  210M 0s
- 24100K .......... .......... .......... .......... .......... 45%  262M 0s
- 24150K .......... .......... .......... .......... .......... 45%  235M 0s
- 24200K .......... .......... .......... .......... .......... 45%  261M 0s
- 24250K .......... .......... .......... .......... .......... 45%  258M 0s
- 24300K .......... .......... .......... .......... .......... 45%  163M 0s
- 24350K .......... .......... .......... .......... .......... 45%  107M 0s
- 24400K .......... .......... .......... .......... .......... 45%  120M 0s
- 24450K .......... .......... .......... .......... .......... 45%  145M 0s
- 24500K .......... .......... .......... .......... .......... 45%  134M 0s
- 24550K .......... .......... .......... .......... .......... 46% 97.3M 0s
- 24600K .......... .......... .......... .......... .......... 46%  130M 0s
- 24650K .......... .......... .......... .......... .......... 46%  160M 0s
- 24700K .......... .......... .......... .......... .......... 46%  107M 0s
- 24750K .......... .......... .......... .......... .......... 46%  136M 0s
- 24800K .......... .......... .......... .......... .......... 46%  151M 0s
- 24850K .......... .......... .......... .......... .......... 46%  185M 0s
- 24900K .......... .......... .......... .......... .......... 46%  179M 0s
- 24950K .......... .......... .......... .......... .......... 46%  156M 0s
- 25000K .......... .......... .......... .......... .......... 46%  143M 0s
- 25050K .......... .......... .......... .......... .......... 47%  133M 0s
- 25100K .......... .......... .......... .......... .......... 47%  143M 0s
- 25150K .......... .......... .......... .......... .......... 47%  111M 0s
- 25200K .......... .......... .......... .......... .......... 47%  115M 0s
- 25250K .......... .......... .......... .......... .......... 47%  123M 0s
- 25300K .......... .......... .......... .......... .......... 47%  124M 0s
- 25350K .......... .......... .......... .......... .......... 47%  115M 0s
- 25400K .......... .......... .......... .......... .......... 47%  126M 0s
- 25450K .......... .......... .......... .......... .......... 47%  188M 0s
- 25500K .......... .......... .......... .......... .......... 47%  255M 0s
- 25550K .......... .......... .......... .......... .......... 47%  177M 0s
- 25600K .......... .......... .......... .......... .......... 48%  167M 0s
- 25650K .......... .......... .......... .......... .......... 48%  171M 0s
- 25700K .......... .......... .......... .......... .......... 48%  173M 0s
- 25750K .......... .......... .......... .......... .......... 48%  135M 0s
- 25800K .......... .......... .......... .......... .......... 48%  138M 0s
- 25850K .......... .......... .......... .......... .......... 48%  141M 0s
- 25900K .......... .......... .......... .......... .......... 48%  190M 0s
- 25950K .......... .......... .......... .......... .......... 48%  134M 0s
- 26000K .......... .......... .......... .......... .......... 48%  116M 0s
- 26050K .......... .......... .......... .......... .......... 48%  153M 0s
- 26100K .......... .......... .......... .......... .......... 48%  133M 0s
- 26150K .......... .......... .......... .......... .......... 49%  117M 0s
- 26200K .......... .......... .......... .......... .......... 49%  176M 0s
- 26250K .......... .......... .......... .......... .......... 49%  194M 0s
- 26300K .......... .......... .......... .......... .......... 49%  124M 0s
- 26350K .......... .......... .......... .......... .......... 49%  120M 0s
- 26400K .......... .......... .......... .......... .......... 49%  137M 0s
- 26450K .......... .......... .......... .......... .......... 49%  123M 0s
- 26500K .......... .......... .......... .......... .......... 49%  124M 0s
- 26550K .......... .......... .......... .......... .......... 49%  132M 0s
- 26600K .......... .......... .......... .......... .......... 49%  166M 0s
- 26650K .......... .......... .......... .......... .......... 49%  170M 0s
- 26700K .......... .......... .......... .......... .......... 50%  172M 0s
- 26750K .......... .......... .......... .......... .......... 50%  127M 0s
- 26800K .......... .......... .......... .......... .......... 50%  141M 0s
- 26850K .......... .......... .......... .......... .......... 50%  155M 0s
- 26900K .......... .......... .......... .......... .......... 50%  132M 0s
- 26950K .......... .......... .......... .......... .......... 50%  133M 0s
- 27000K .......... .......... .......... .......... .......... 50%  120M 0s
- 27050K .......... .......... .......... .......... .......... 50%  138M 0s
- 27100K .......... .......... .......... .......... .......... 50%  160M 0s
- 27150K .......... .......... .......... .......... .......... 50%  142M 0s
- 27200K .......... .......... .......... .......... .......... 51%  168M 0s
- 27250K .......... .......... .......... .......... .......... 51%  121M 0s
- 27300K .......... .......... .......... .......... .......... 51%  113M 0s
- 27350K .......... .......... .......... .......... .......... 51%  135M 0s
- 27400K .......... .......... .......... .......... .......... 51%  218M 0s
- 27450K .......... .......... .......... .......... .......... 51%  231M 0s
- 27500K .......... .......... .......... .......... .......... 51%  251M 0s
- 27550K .......... .......... .......... .......... .......... 51%  148M 0s
- 27600K .......... .......... .......... .......... .......... 51%  141M 0s
- 27650K .......... .......... .......... .......... .......... 51%  125M 0s
- 27700K .......... .......... .......... .......... .......... 51%  144M 0s
- 27750K .......... .......... .......... .......... .......... 52%  116M 0s
- 27800K .......... .......... .......... .......... .......... 52%  161M 0s
- 27850K .......... .......... .......... .......... .......... 52%  163M 0s
- 27900K .......... .......... .......... .......... .......... 52%  187M 0s
- 27950K .......... .......... .......... .......... .......... 52%  120M 0s
- 28000K .......... .......... .......... .......... .......... 52%  138M 0s
- 28050K .......... .......... .......... .......... .......... 52%  123M 0s
- 28100K .......... .......... .......... .......... .......... 52%  154M 0s
- 28150K .......... .......... .......... .......... .......... 52%  169M 0s
- 28200K .......... .......... .......... .......... .......... 52%  154M 0s
- 28250K .......... .......... .......... .......... .......... 52%  187M 0s
- 28300K .......... .......... .......... .......... .......... 53%  218M 0s
- 28350K .......... .......... .......... .......... .......... 53%  142M 0s
- 28400K .......... .......... .......... .......... .......... 53%  109M 0s
- 28450K .......... .......... .......... .......... .......... 53%  143M 0s
- 28500K .......... .......... .......... .......... .......... 53%  225M 0s
- 28550K .......... .......... .......... .......... .......... 53%  201M 0s
- 28600K .......... .......... .......... .......... .......... 53%  251M 0s
- 28650K .......... .......... .......... .......... .......... 53%  231M 0s
- 28700K .......... .......... .......... .......... .......... 53%  265M 0s
- 28750K .......... .......... .......... .......... .......... 53%  221M 0s
- 28800K .......... .......... .......... .......... .......... 54%  150M 0s
- 28850K .......... .......... .......... .......... .......... 54%  152M 0s
- 28900K .......... .......... .......... .......... .......... 54%  139M 0s
- 28950K .......... .......... .......... .......... .......... 54%  115M 0s
- 29000K .......... .......... .......... .......... .......... 54%  171M 0s
- 29050K .......... .......... .......... .......... .......... 54%  179M 0s
- 29100K .......... .......... .......... .......... .......... 54%  141M 0s
- 29150K .......... .......... .......... .......... .......... 54% 39.5M 0s
- 29200K .......... .......... .......... .......... .......... 54%  231M 0s
- 29250K .......... .......... .......... .......... .......... 54%  256M 0s
- 29300K .......... .......... .......... .......... .......... 54% 30.9M 0s
- 29350K .......... .......... .......... .......... .......... 55% 61.8M 0s
- 29400K .......... .......... .......... .......... .......... 55%  113M 0s
- 29450K .......... .......... .......... .......... .......... 55% 45.1M 0s
- 29500K .......... .......... .......... .......... .......... 55%  137M 0s
- 29550K .......... .......... .......... .......... .......... 55% 47.0M 0s
- 29600K .......... .......... .......... .......... .......... 55% 64.5M 0s
- 29650K .......... .......... .......... .......... .......... 55% 57.4M 0s
- 29700K .......... .......... .......... .......... .......... 55%  135M 0s
- 29750K .......... .......... .......... .......... .......... 55%  230M 0s
- 29800K .......... .......... .......... .......... .......... 55%  250M 0s
- 29850K .......... .......... .......... .......... .......... 55%  262M 0s
- 29900K .......... .......... .......... .......... .......... 56%  243M 0s
- 29950K .......... .......... .......... .......... .......... 56% 62.1M 0s
- 30000K .......... .......... .......... .......... .......... 56% 53.7M 0s
- 30050K .......... .......... .......... .......... .......... 56% 57.2M 0s
- 30100K .......... .......... .......... .......... .......... 56% 65.7M 0s
- 30150K .......... .......... .......... .......... .......... 56% 58.1M 0s
- 30200K .......... .......... .......... .......... .......... 56% 65.2M 0s
- 30250K .......... .......... .......... .......... .......... 56% 70.2M 0s
- 30300K .......... .......... .......... .......... .......... 56% 52.5M 0s
- 30350K .......... .......... .......... .......... .......... 56%  195M 0s
- 30400K .......... .......... .......... .......... .......... 57%  269M 0s
- 30450K .......... .......... .......... .......... .......... 57%  218M 0s
- 30500K .......... .......... .......... .......... .......... 57%  259M 0s
- 30550K .......... .......... .......... .......... .......... 57% 34.9M 0s
- 30600K .......... .......... .......... .......... .......... 57% 70.4M 0s
- 30650K .......... .......... .......... .......... .......... 57% 72.0M 0s
- 30700K .......... .......... .......... .......... .......... 57% 84.3M 0s
- 30750K .......... .......... .......... .......... .......... 57% 96.4M 0s
- 30800K .......... .......... .......... .......... .......... 57%  257M 0s
- 30850K .......... .......... .......... .......... .......... 57%  258M 0s
- 30900K .......... .......... .......... .......... .......... 57%  263M 0s
- 30950K .......... .......... .......... .......... .......... 58%  235M 0s
- 31000K .......... .......... .......... .......... .......... 58% 22.2M 0s
- 31050K .......... .......... .......... .......... .......... 58%  148M 0s
- 31100K .......... .......... .......... .......... .......... 58%  251M 0s
- 31150K .......... .......... .......... .......... .......... 58% 75.4M 0s
- 31200K .......... .......... .......... .......... .......... 58% 56.6M 0s
- 31250K .......... .......... .......... .......... .......... 58% 69.6M 0s
- 31300K .......... .......... .......... .......... .......... 58%  110M 0s
- 31350K .......... .......... .......... .......... .......... 58% 74.8M 0s
- 31400K .......... .......... .......... .......... .......... 58%  228M 0s
- 31450K .......... .......... .......... .......... .......... 58%  258M 0s
- 31500K .......... .......... .......... .......... .......... 59%  224M 0s
- 31550K .......... .......... .......... .......... .......... 59%  216M 0s
- 31600K .......... .......... .......... .......... .......... 59% 83.1M 0s
- 31650K .......... .......... .......... .......... .......... 59% 23.6M 0s
- 31700K .......... .......... .......... .......... .......... 59%  243M 0s
- 31750K .......... .......... .......... .......... .......... 59%  110M 0s
- 31800K .......... .......... .......... .......... .......... 59% 69.4M 0s
- 31850K .......... .......... .......... .......... .......... 59% 57.4M 0s
- 31900K .......... .......... .......... .......... .......... 59%  106M 0s
- 31950K .......... .......... .......... .......... .......... 59%  219M 0s
- 32000K .......... .......... .......... .......... .......... 60%  261M 0s
- 32050K .......... .......... .......... .......... .......... 60%  263M 0s
- 32100K .......... .......... .......... .......... .......... 60%  243M 0s
- 32150K .......... .......... .......... .......... .......... 60% 21.5M 0s
- 32200K .......... .......... .......... .......... .......... 60% 65.9M 0s
- 32250K .......... .......... .......... .......... .......... 60% 73.5M 0s
- 32300K .......... .......... .......... .......... .......... 60%  153M 0s
- 32350K .......... .......... .......... .......... .......... 60%  193M 0s
- 32400K .......... .......... .......... .......... .......... 60% 40.9M 0s
- 32450K .......... .......... .......... .......... .......... 60% 67.7M 0s
- 32500K .......... .......... .......... .......... .......... 60% 67.7M 0s
- 32550K .......... .......... .......... .......... .......... 61%  178M 0s
- 32600K .......... .......... .......... .......... .......... 61% 47.5M 0s
- 32650K .......... .......... .......... .......... .......... 61%  251M 0s
- 32700K .......... .......... .......... .......... .......... 61%  262M 0s
- 32750K .......... .......... .......... .......... .......... 61%  219M 0s
- 32800K .......... .......... .......... .......... .......... 61%  268M 0s
- 32850K .......... .......... .......... .......... .......... 61% 85.6M 0s
- 32900K .......... .......... .......... .......... .......... 61% 55.5M 0s
- 32950K .......... .......... .......... .......... .......... 61% 59.4M 0s
- 33000K .......... .......... .......... .......... .......... 61%  233M 0s
- 33050K .......... .......... .......... .......... .......... 61%  233M 0s
- 33100K .......... .......... .......... .......... .......... 62% 70.3M 0s
- 33150K .......... .......... .......... .......... .......... 62% 47.8M 0s
- 33200K .......... .......... .......... .......... .......... 62% 59.8M 0s
- 33250K .......... .......... .......... .......... .......... 62% 71.9M 0s
- 33300K .......... .......... .......... .......... .......... 62%  128M 0s
- 33350K .......... .......... .......... .......... .......... 62%  204M 0s
- 33400K .......... .......... .......... .......... .......... 62%  264M 0s
- 33450K .......... .......... .......... .......... .......... 62%  264M 0s
- 33500K .......... .......... .......... .......... .......... 62%  263M 0s
- 33550K .......... .......... .......... .......... .......... 62% 23.1M 0s
- 33600K .......... .......... .......... .......... .......... 63%  121M 0s
- 33650K .......... .......... .......... .......... .......... 63%  256M 0s
- 33700K .......... .......... .......... .......... .......... 63% 42.4M 0s
- 33750K .......... .......... .......... .......... .......... 63% 65.3M 0s
- 33800K .......... .......... .......... .......... .......... 63%  228M 0s
- 33850K .......... .......... .......... .......... .......... 63% 90.0M 0s
- 33900K .......... .......... .......... .......... .......... 63% 59.6M 0s
- 33950K .......... .......... .......... .......... .......... 63% 74.0M 0s
- 34000K .......... .......... .......... .......... .......... 63% 61.3M 0s
- 34050K .......... .......... .......... .......... .......... 63% 93.2M 0s
- 34100K .......... .......... .......... .......... .......... 63%  243M 0s
- 34150K .......... .......... .......... .......... .......... 64%  236M 0s
- 34200K .......... .......... .......... .......... .......... 64%  264M 0s
- 34250K .......... .......... .......... .......... .......... 64%  268M 0s
- 34300K .......... .......... .......... .......... .......... 64% 59.7M 0s
- 34350K .......... .......... .......... .......... .......... 64%  192M 0s
- 34400K .......... .......... .......... .......... .......... 64% 39.3M 0s
- 34450K .......... .......... .......... .......... .......... 64% 69.7M 0s
- 34500K .......... .......... .......... .......... .......... 64% 68.5M 0s
- 34550K .......... .......... .......... .......... .......... 64%  150M 0s
- 34600K .......... .......... .......... .......... .......... 64%  217M 0s
- 34650K .......... .......... .......... .......... .......... 64%  263M 0s
- 34700K .......... .......... .......... .......... .......... 65%  255M 0s
- 34750K .......... .......... .......... .......... .......... 65% 29.5M 0s
- 34800K .......... .......... .......... .......... .......... 65% 50.2M 0s
- 34850K .......... .......... .......... .......... .......... 65% 73.1M 0s
- 34900K .......... .......... .......... .......... .......... 65%  223M 0s
- 34950K .......... .......... .......... .......... .......... 65% 97.7M 0s
- 35000K .......... .......... .......... .......... .......... 65% 68.3M 0s
- 35050K .......... .......... .......... .......... .......... 65% 70.9M 0s
- 35100K .......... .......... .......... .......... .......... 65%  212M 0s
- 35150K .......... .......... .......... .......... .......... 65%  220M 0s
- 35200K .......... .......... .......... .......... .......... 66%  269M 0s
- 35250K .......... .......... .......... .......... .......... 66%  262M 0s
- 35300K .......... .......... .......... .......... .......... 66% 32.9M 0s
- 35350K .......... .......... .......... .......... .......... 66% 40.4M 0s
- 35400K .......... .......... .......... .......... .......... 66% 69.0M 0s
- 35450K .......... .......... .......... .......... .......... 66% 54.0M 0s
- 35500K .......... .......... .......... .......... .......... 66%  174M 0s
- 35550K .......... .......... .......... .......... .......... 66%  215M 0s
- 35600K .......... .......... .......... .......... .......... 66% 71.9M 0s
- 35650K .......... .......... .......... .......... .......... 66% 64.2M 0s
- 35700K .......... .......... .......... .......... .......... 66% 81.1M 0s
- 35750K .......... .......... .......... .......... .......... 67%  233M 0s
- 35800K .......... .......... .......... .......... .......... 67% 63.7M 0s
- 35850K .......... .......... .......... .......... .......... 67% 49.6M 0s
- 35900K .......... .......... .......... .......... .......... 67% 63.4M 0s
- 35950K .......... .......... .......... .......... .......... 67%  156M 0s
- 36000K .......... .......... .......... .......... .......... 67%  264M 0s
- 36050K .......... .......... .......... .......... .......... 67% 38.1M 0s
- 36100K .......... .......... .......... .......... .......... 67%  144M 0s
- 36150K .......... .......... .......... .......... .......... 67%  225M 0s
- 36200K .......... .......... .......... .......... .......... 67% 91.9M 0s
- 36250K .......... .......... .......... .......... .......... 67% 75.5M 0s
- 36300K .......... .......... .......... .......... .......... 68% 99.9M 0s
- 36350K .......... .......... .......... .......... .......... 68%  204M 0s
- 36400K .......... .......... .......... .......... .......... 68%  267M 0s
- 36450K .......... .......... .......... .......... .......... 68%  244M 0s
- 36500K .......... .......... .......... .......... .......... 68%  239M 0s
- 36550K .......... .......... .......... .......... .......... 68%  238M 0s
- 36600K .......... .......... .......... .......... .......... 68%  261M 0s
- 36650K .......... .......... .......... .......... .......... 68%  253M 0s
- 36700K .......... .......... .......... .......... .......... 68%  267M 0s
- 36750K .......... .......... .......... .......... .......... 68% 57.7M 0s
- 36800K .......... .......... .......... .......... .......... 69% 65.0M 0s
- 36850K .......... .......... .......... .......... .......... 69% 62.8M 0s
- 36900K .......... .......... .......... .......... .......... 69% 67.9M 0s
- 36950K .......... .......... .......... .......... .......... 69%  109M 0s
- 37000K .......... .......... .......... .......... .......... 69%  266M 0s
- 37050K .......... .......... .......... .......... .......... 69%  226M 0s
- 37100K .......... .......... .......... .......... .......... 69% 32.2M 0s
- 37150K .......... .......... .......... .......... .......... 69% 59.1M 0s
- 37200K .......... .......... .......... .......... .......... 69% 78.4M 0s
- 37250K .......... .......... .......... .......... .......... 69% 54.8M 0s
- 37300K .......... .......... .......... .......... .......... 69%  108M 0s
- 37350K .......... .......... .......... .......... .......... 70%  165M 0s
- 37400K .......... .......... .......... .......... .......... 70%  256M 0s
- 37450K .......... .......... .......... .......... .......... 70%  264M 0s
- 37500K .......... .......... .......... .......... .......... 70%  183M 0s
- 37550K .......... .......... .......... .......... .......... 70%  153M 0s
- 37600K .......... .......... .......... .......... .......... 70%  164M 0s
- 37650K .......... .......... .......... .......... .......... 70%  173M 0s
- 37700K .......... .......... .......... .......... .......... 70%  176M 0s
- 37750K .......... .......... .......... .......... .......... 70%  146M 0s
- 37800K .......... .......... .......... .......... .......... 70%  171M 0s
- 37850K .......... .......... .......... .......... .......... 70%  148M 0s
- 37900K .......... .......... .......... .......... .......... 71%  182M 0s
- 37950K .......... .......... .......... .......... .......... 71%  126M 0s
- 38000K .......... .......... .......... .......... .......... 71%  147M 0s
- 38050K .......... .......... .......... .......... .......... 71%  228M 0s
- 38100K .......... .......... .......... .......... .......... 71%  258M 0s
- 38150K .......... .......... .......... .......... .......... 71%  189M 0s
- 38200K .......... .......... .......... .......... .......... 71%  144M 0s
- 38250K .......... .......... .......... .......... .......... 71%  158M 0s
- 38300K .......... .......... .......... .......... .......... 71%  158M 0s
- 38350K .......... .......... .......... .......... .......... 71%  122M 0s
- 38400K .......... .......... .......... .......... .......... 71%  243M 0s
- 38450K .......... .......... .......... .......... .......... 72%  264M 0s
- 38500K .......... .......... .......... .......... .......... 72%  266M 0s
- 38550K .......... .......... .......... .......... .......... 72%  176M 0s
- 38600K .......... .......... .......... .......... .......... 72%  155M 0s
- 38650K .......... .......... .......... .......... .......... 72%  164M 0s
- 38700K .......... .......... .......... .......... .......... 72%  167M 0s
- 38750K .......... .......... .......... .......... .......... 72%  135M 0s
- 38800K .......... .......... .......... .......... .......... 72%  168M 0s
- 38850K .......... .......... .......... .......... .......... 72%  185M 0s
- 38900K .......... .......... .......... .......... .......... 72%  147M 0s
- 38950K .......... .......... .......... .......... .......... 73%  177M 0s
- 39000K .......... .......... .......... .......... .......... 73%  181M 0s
+ 19300K .......... .......... .......... .......... .......... 36%  159M 0s
+ 19350K .......... .......... .......... .......... .......... 36%  147M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  183M 0s
+ 19450K .......... .......... .......... .......... .......... 36%  172M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  146M 0s
+ 19550K .......... .......... .......... .......... .......... 36%  131M 0s
+ 19600K .......... .......... .......... .......... .......... 36%  142M 0s
+ 19650K .......... .......... .......... .......... .......... 36%  153M 0s
+ 19700K .......... .......... .......... .......... .......... 36%  153M 0s
+ 19750K .......... .......... .......... .......... .......... 37%  135M 0s
+ 19800K .......... .......... .......... .......... .......... 37%  157M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  190M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  253M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  188M 0s
+ 20000K .......... .......... .......... .......... .......... 37%  165M 0s
+ 20050K .......... .......... .......... .......... .......... 37%  160M 0s
+ 20100K .......... .......... .......... .......... .......... 37%  146M 0s
+ 20150K .......... .......... .......... .......... .......... 37%  142M 0s
+ 20200K .......... .......... .......... .......... .......... 37%  158M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  179M 0s
+ 20300K .......... .......... .......... .......... .......... 38%  152M 0s
+ 20350K .......... .......... .......... .......... .......... 38%  151M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  163M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  170M 0s
+ 20500K .......... .......... .......... .......... .......... 38%  175M 0s
+ 20550K .......... .......... .......... .......... .......... 38%  139M 0s
+ 20600K .......... .......... .......... .......... .......... 38%  140M 0s
+ 20650K .......... .......... .......... .......... .......... 38%  160M 0s
+ 20700K .......... .......... .......... .......... .......... 38%  163M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  141M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  211M 0s
+ 20850K .......... .......... .......... .......... .......... 39%  170M 0s
+ 20900K .......... .......... .......... .......... .......... 39%  159M 0s
+ 20950K .......... .......... .......... .......... .......... 39%  150M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  157M 0s
+ 21050K .......... .......... .......... .......... .......... 39%  200M 0s
+ 21100K .......... .......... .......... .......... .......... 39%  145M 0s
+ 21150K .......... .......... .......... .......... .......... 39%  124M 0s
+ 21200K .......... .......... .......... .......... .......... 39%  177M 0s
+ 21250K .......... .......... .......... .......... .......... 39%  151M 0s
+ 21300K .......... .......... .......... .......... .......... 39%  157M 0s
+ 21350K .......... .......... .......... .......... .......... 40%  141M 0s
+ 21400K .......... .......... .......... .......... .......... 40%  140M 0s
+ 21450K .......... .......... .......... .......... .......... 40%  164M 0s
+ 21500K .......... .......... .......... .......... .......... 40%  156M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  124M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  148M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  163M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  160M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  147M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  215M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  252M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  258M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  183M 0s
+ 22000K .......... .......... .......... .......... .......... 41%  240M 0s
+ 22050K .......... .......... .......... .......... .......... 41%  221M 0s
+ 22100K .......... .......... .......... .......... .......... 41%  199M 0s
+ 22150K .......... .......... .......... .......... .......... 41%  173M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  162M 0s
+ 22250K .......... .......... .......... .......... .......... 41%  156M 0s
+ 22300K .......... .......... .......... .......... .......... 41%  159M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  117M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  153M 0s
+ 22450K .......... .......... .......... .......... .......... 42%  136M 0s
+ 22500K .......... .......... .......... .......... .......... 42%  171M 0s
+ 22550K .......... .......... .......... .......... .......... 42%  154M 0s
+ 22600K .......... .......... .......... .......... .......... 42%  142M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  149M 0s
+ 22700K .......... .......... .......... .......... .......... 42%  160M 0s
+ 22750K .......... .......... .......... .......... .......... 42%  134M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  164M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  135M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  164M 0s
+ 22950K .......... .......... .......... .......... .......... 43%  166M 0s
+ 23000K .......... .......... .......... .......... .......... 43%  186M 0s
+ 23050K .......... .......... .......... .......... .......... 43%  141M 0s
+ 23100K .......... .......... .......... .......... .......... 43%  189M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  152M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  196M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  258M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  165M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  154M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  158M 0s
+ 23450K .......... .......... .......... .......... .......... 44%  157M 0s
+ 23500K .......... .......... .......... .......... .......... 44%  164M 0s
+ 23550K .......... .......... .......... .......... .......... 44%  120M 0s
+ 23600K .......... .......... .......... .......... .......... 44%  116M 0s
+ 23650K .......... .......... .......... .......... .......... 44%  132M 0s
+ 23700K .......... .......... .......... .......... .......... 44%  143M 0s
+ 23750K .......... .......... .......... .......... .......... 44%  133M 0s
+ 23800K .......... .......... .......... .......... .......... 44%  148M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  145M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  200M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  161M 0s
+ 24000K .......... .......... .......... .......... .......... 45%  209M 0s
+ 24050K .......... .......... .......... .......... .......... 45%  193M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  217M 0s
+ 24150K .......... .......... .......... .......... .......... 45%  199M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  223M 0s
+ 24250K .......... .......... .......... .......... .......... 45%  183M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  169M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  123M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  200M 0s
+ 24450K .......... .......... .......... .......... .......... 45%  164M 0s
+ 24500K .......... .......... .......... .......... .......... 45%  136M 0s
+ 24550K .......... .......... .......... .......... .......... 46%  114M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  133M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  118M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  137M 0s
+ 24750K .......... .......... .......... .......... .......... 46%  132M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  128M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  132M 0s
+ 24900K .......... .......... .......... .......... .......... 46%  152M 0s
+ 24950K .......... .......... .......... .......... .......... 46%  116M 0s
+ 25000K .......... .......... .......... .......... .......... 46%  136M 0s
+ 25050K .......... .......... .......... .......... .......... 47%  129M 0s
+ 25100K .......... .......... .......... .......... .......... 47%  122M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  119M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  152M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  147M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  140M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  124M 0s
+ 25400K .......... .......... .......... .......... .......... 47%  139M 0s
+ 25450K .......... .......... .......... .......... .......... 47%  111M 0s
+ 25500K .......... .......... .......... .......... .......... 47%  125M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  116M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  131M 0s
+ 25650K .......... .......... .......... .......... .......... 48%  144M 0s
+ 25700K .......... .......... .......... .......... .......... 48%  151M 0s
+ 25750K .......... .......... .......... .......... .......... 48%  114M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  156M 0s
+ 25850K .......... .......... .......... .......... .......... 48% 96.3M 0s
+ 25900K .......... .......... .......... .......... .......... 48%  125M 0s
+ 25950K .......... .......... .......... .......... .......... 48%  112M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  135M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  136M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  157M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  124M 0s
+ 26200K .......... .......... .......... .......... .......... 49%  132M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  150M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  137M 0s
+ 26350K .......... .......... .......... .......... .......... 49%  105M 0s
+ 26400K .......... .......... .......... .......... .......... 49%  132M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  137M 0s
+ 26500K .......... .......... .......... .......... .......... 49%  185M 0s
+ 26550K .......... .......... .......... .......... .......... 49%  182M 0s
+ 26600K .......... .......... .......... .......... .......... 49%  145M 0s
+ 26650K .......... .......... .......... .......... .......... 49%  172M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  147M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  103M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  137M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  139M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  156M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  130M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  124M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  137M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  137M 0s
+ 27150K .......... .......... .......... .......... .......... 50%  103M 0s
+ 27200K .......... .......... .......... .......... .......... 51%  130M 0s
+ 27250K .......... .......... .......... .......... .......... 51%  134M 0s
+ 27300K .......... .......... .......... .......... .......... 51%  153M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  151M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  140M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  137M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  135M 0s
+ 27550K .......... .......... .......... .......... .......... 51%  105M 0s
+ 27600K .......... .......... .......... .......... .......... 51%  161M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  146M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  182M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  197M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  222M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  218M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  126M 0s
+ 27950K .......... .......... .......... .......... .......... 52%  140M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  127M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  135M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  108M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  120M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  142M 0s
+ 28250K .......... .......... .......... .......... .......... 52%  143M 0s
+ 28300K .......... .......... .......... .......... .......... 53%  107M 0s
+ 28350K .......... .......... .......... .......... .......... 53%  148M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  133M 0s
+ 28450K .......... .......... .......... .......... .......... 53%  146M 0s
+ 28500K .......... .......... .......... .......... .......... 53%  119M 0s
+ 28550K .......... .......... .......... .......... .......... 53%  122M 0s
+ 28600K .......... .......... .......... .......... .......... 53%  120M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  185M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  163M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  143M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  138M 0s
+ 28850K .......... .......... .......... .......... .......... 54%  135M 0s
+ 28900K .......... .......... .......... .......... .......... 54%  149M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  140M 0s
+ 29000K .......... .......... .......... .......... .......... 54%  137M 0s
+ 29050K .......... .......... .......... .......... .......... 54%  145M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  108M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  142M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  148M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  131M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  129M 0s
+ 29350K .......... .......... .......... .......... .......... 55%  154M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  138M 0s
+ 29450K .......... .......... .......... .......... .......... 55%  123M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  111M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  128M 0s
+ 29600K .......... .......... .......... .......... .......... 55%  176M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  143M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  126M 0s
+ 29750K .......... .......... .......... .......... .......... 55%  141M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  136M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  125M 0s
+ 29900K .......... .......... .......... .......... .......... 56%  159M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  209M 0s
+ 30000K .......... .......... .......... .......... .......... 56%  193M 0s
+ 30050K .......... .......... .......... .......... .......... 56%  202M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  196M 0s
+ 30150K .......... .......... .......... .......... .......... 56%  210M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  120M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  137M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  109M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  134M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  143M 0s
+ 30450K .......... .......... .......... .......... .......... 57%  162M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  111M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  146M 0s
+ 30600K .......... .......... .......... .......... .......... 57%  140M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  138M 0s
+ 30700K .......... .......... .......... .......... .......... 57%  116M 0s
+ 30750K .......... .......... .......... .......... .......... 57%  155M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  145M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  124M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  134M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  162M 0s
+ 31000K .......... .......... .......... .......... .......... 58%  174M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  151M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  119M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  135M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  129M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  157M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  132M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  137M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  141M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  128M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  111M 0s
+ 31550K .......... .......... .......... .......... .......... 59%  117M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  137M 0s
+ 31650K .......... .......... .......... .......... .......... 59%  137M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  115M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  148M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  187M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  141M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  127M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  151M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  123M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  133M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  133M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  115M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  130M 0s
+ 32250K .......... .......... .......... .......... .......... 60%  134M 0s
+ 32300K .......... .......... .......... .......... .......... 60%  155M 0s
+ 32350K .......... .......... .......... .......... .......... 60% 87.7M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  131M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  140M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  137M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  120M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  149M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  141M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  165M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  107M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  135M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  139M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  136M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  111M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  127M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  143M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  138M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  120M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  173M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  165M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  161M 0s
+ 33350K .......... .......... .......... .......... .......... 62%  143M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  175M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  173M 0s
+ 33500K .......... .......... .......... .......... .......... 62%  193M 0s
+ 33550K .......... .......... .......... .......... .......... 62%  221M 0s
+ 33600K .......... .......... .......... .......... .......... 63%  225M 0s
+ 33650K .......... .......... .......... .......... .......... 63%  184M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  190M 0s
+ 33750K .......... .......... .......... .......... .......... 63%  159M 0s
+ 33800K .......... .......... .......... .......... .......... 63%  143M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  111M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  136M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  179M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  134M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  118M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  159M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  134M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  139M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  123M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  124M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  135M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  129M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  116M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  129M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  121M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  144M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  113M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  136M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  152M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  139M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  131M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  127M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  140M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  152M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  116M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  136M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  155M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  136M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  130M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  151M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  159M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  201M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  159M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  141M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  137M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  149M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  109M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  143M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  137M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  190M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  141M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  222M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  219M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  216M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  172M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  221M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  214M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  203M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  128M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  143M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  143M 0s
+ 36400K .......... .......... .......... .......... .......... 68%  148M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  114M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  120M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  142M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  139M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  125M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  140M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  135M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  137M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  111M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  134M 0s
+ 36950K .......... .......... .......... .......... .......... 69%  142M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  129M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  121M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  141M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  143M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  131M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  129M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  138M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  137M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  160M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  121M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  141M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  142M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  126M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  130M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  142M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  193M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  213M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  141M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  120M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  152M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  157M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  104M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  152M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  158M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  131M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  114M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  121M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  137M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  155M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  125M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  131M 0s
+ 38550K .......... .......... .......... .......... .......... 72%  151M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  145M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  118M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  139M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  115M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  178M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  154M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  137M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  121M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  120M 0s
  39050K .......... .......... .......... .......... .......... 73%  138M 0s
- 39100K .......... .......... .......... .......... .......... 73%  148M 0s
- 39150K .......... .......... .......... .......... .......... 73%  128M 0s
- 39200K .......... .......... .......... .......... .......... 73%  151M 0s
- 39250K .......... .......... .......... .......... .......... 73%  174M 0s
- 39300K .......... .......... .......... .......... .......... 73%  185M 0s
- 39350K .......... .......... .......... .......... .......... 73%  139M 0s
- 39400K .......... .......... .......... .......... .......... 73%  165M 0s
- 39450K .......... .......... .......... .......... .......... 73%  148M 0s
- 39500K .......... .......... .......... .......... .......... 74%  159M 0s
- 39550K .......... .......... .......... .......... .......... 74%  142M 0s
- 39600K .......... .......... .......... .......... .......... 74%  164M 0s
- 39650K .......... .......... .......... .......... .......... 74%  130M 0s
- 39700K .......... .......... .......... .......... .......... 74%  141M 0s
- 39750K .......... .......... .......... .......... .......... 74%  161M 0s
- 39800K .......... .......... .......... .......... .......... 74%  164M 0s
- 39850K .......... .......... .......... .......... .......... 74%  148M 0s
- 39900K .......... .......... .......... .......... .......... 74%  161M 0s
- 39950K .......... .......... .......... .......... .......... 74%  125M 0s
- 40000K .......... .......... .......... .......... .......... 74%  171M 0s
- 40050K .......... .......... .......... .......... .......... 75%  185M 0s
- 40100K .......... .......... .......... .......... .......... 75%  256M 0s
- 40150K .......... .......... .......... .......... .......... 75%  168M 0s
- 40200K .......... .......... .......... .......... .......... 75%  253M 0s
- 40250K .......... .......... .......... .......... .......... 75%  253M 0s
- 40300K .......... .......... .......... .......... .......... 75%  238M 0s
- 40350K .......... .......... .......... .......... .......... 75%  125M 0s
- 40400K .......... .......... .......... .......... .......... 75%  156M 0s
- 40450K .......... .......... .......... .......... .......... 75%  171M 0s
- 40500K .......... .......... .......... .......... .......... 75%  168M 0s
- 40550K .......... .......... .......... .......... .......... 76%  162M 0s
- 40600K .......... .......... .......... .......... .......... 76%  156M 0s
- 40650K .......... .......... .......... .......... .......... 76%  162M 0s
- 40700K .......... .......... .......... .......... .......... 76%  133M 0s
- 40750K .......... .......... .......... .......... .......... 76%  144M 0s
- 40800K .......... .......... .......... .......... .......... 76%  171M 0s
- 40850K .......... .......... .......... .......... .......... 76%  156M 0s
- 40900K .......... .......... .......... .......... .......... 76%  203M 0s
- 40950K .......... .......... .......... .......... .......... 76%  152M 0s
- 41000K .......... .......... .......... .......... .......... 76%  232M 0s
- 41050K .......... .......... .......... .......... .......... 76%  157M 0s
- 41100K .......... .......... .......... .......... .......... 77%  170M 0s
- 41150K .......... .......... .......... .......... .......... 77%  151M 0s
- 41200K .......... .......... .......... .......... .......... 77%  185M 0s
- 41250K .......... .......... .......... .......... .......... 77%  230M 0s
- 41300K .......... .......... .......... .......... .......... 77%  260M 0s
- 41350K .......... .......... .......... .......... .......... 77%  261M 0s
- 41400K .......... .......... .......... .......... .......... 77%  265M 0s
- 41450K .......... .......... .......... .......... .......... 77%  187M 0s
- 41500K .......... .......... .......... .......... .......... 77%  262M 0s
- 41550K .......... .......... .......... .......... .......... 77%  261M 0s
- 41600K .......... .......... .......... .......... .......... 77%  265M 0s
- 41650K .......... .......... .......... .......... .......... 78%  216M 0s
- 41700K .......... .......... .......... .......... .......... 78%  179M 0s
- 41750K .......... .......... .......... .......... .......... 78%  167M 0s
- 41800K .......... .......... .......... .......... .......... 78%  165M 0s
- 41850K .......... .......... .......... .......... .......... 78%  125M 0s
- 41900K .......... .......... .......... .......... .......... 78%  171M 0s
- 41950K .......... .......... .......... .......... .......... 78%  167M 0s
- 42000K .......... .......... .......... .......... .......... 78%  164M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  146M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  122M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  137M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  142M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  132M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  113M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  136M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  150M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  136M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  110M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  166M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  149M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  119M 0s
+ 39750K .......... .......... .......... .......... .......... 74%  124M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  131M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  146M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  147M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  110M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  135M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  144M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  143M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  101M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  209M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  119M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  162M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  116M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  172M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  137M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  146M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  170M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  246M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  254M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  228M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  161M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  152M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  145M 0s
+ 40900K .......... .......... .......... .......... .......... 76%  148M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  169M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  183M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  159M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  132M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  143M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  151M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  173M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  162M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  149M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  142M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  159M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  135M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  158M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  154M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  151M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  141M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  156M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  159M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  162M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  135M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  154M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  152M 0s
  42050K .......... .......... .......... .......... .......... 78%  150M 0s
- 42100K .......... .......... .......... .......... .......... 78%  169M 0s
- 42150K .......... .......... .......... .......... .......... 79%  168M 0s
- 42200K .......... .......... .......... .......... .......... 79%  151M 0s
- 42250K .......... .......... .......... .......... .......... 79%  179M 0s
- 42300K .......... .......... .......... .......... .......... 79%  231M 0s
- 42350K .......... .......... .......... .......... .......... 79%  255M 0s
- 42400K .......... .......... .......... .......... .......... 79%  213M 0s
- 42450K .......... .......... .......... .......... .......... 79%  150M 0s
- 42500K .......... .......... .......... .......... .......... 79%  156M 0s
- 42550K .......... .......... .......... .......... .......... 79%  158M 0s
- 42600K .......... .......... .......... .......... .......... 79%  191M 0s
- 42650K .......... .......... .......... .......... .......... 79%  137M 0s
- 42700K .......... .......... .......... .......... .......... 80%  242M 0s
- 42750K .......... .......... .......... .......... .......... 80%  139M 0s
- 42800K .......... .......... .......... .......... .......... 80%  175M 0s
- 42850K .......... .......... .......... .......... .......... 80%  160M 0s
- 42900K .......... .......... .......... .......... .......... 80%  146M 0s
- 42950K .......... .......... .......... .......... .......... 80%  178M 0s
- 43000K .......... .......... .......... .......... .......... 80%  174M 0s
- 43050K .......... .......... .......... .......... .......... 80%  143M 0s
- 43100K .......... .......... .......... .......... .......... 80%  175M 0s
- 43150K .......... .......... .......... .......... .......... 80%  234M 0s
- 43200K .......... .......... .......... .......... .......... 80%  169M 0s
- 43250K .......... .......... .......... .......... .......... 81%  141M 0s
- 43300K .......... .......... .......... .......... .......... 81%  185M 0s
- 43350K .......... .......... .......... .......... .......... 81%  183M 0s
- 43400K .......... .......... .......... .......... .......... 81%  152M 0s
- 43450K .......... .......... .......... .......... .......... 81%  146M 0s
- 43500K .......... .......... .......... .......... .......... 81%  170M 0s
- 43550K .......... .......... .......... .......... .......... 81%  170M 0s
- 43600K .......... .......... .......... .......... .......... 81%  167M 0s
- 43650K .......... .......... .......... .......... .......... 81%  158M 0s
- 43700K .......... .......... .......... .......... .......... 81%  172M 0s
- 43750K .......... .......... .......... .......... .......... 82%  148M 0s
- 43800K .......... .......... .......... .......... .......... 82%  145M 0s
- 43850K .......... .......... .......... .......... .......... 82%  147M 0s
- 43900K .......... .......... .......... .......... .......... 82%  169M 0s
- 43950K .......... .......... .......... .......... .......... 82%  157M 0s
- 44000K .......... .......... .......... .......... .......... 82%  173M 0s
- 44050K .......... .......... .......... .......... .......... 82%  132M 0s
- 44100K .......... .......... .......... .......... .......... 82%  159M 0s
- 44150K .......... .......... .......... .......... .......... 82%  164M 0s
- 44200K .......... .......... .......... .......... .......... 82%  146M 0s
- 44250K .......... .......... .......... .......... .......... 82%  147M 0s
- 44300K .......... .......... .......... .......... .......... 83%  167M 0s
- 44350K .......... .......... .......... .......... .......... 83%  173M 0s
- 44400K .......... .......... .......... .......... .......... 83%  176M 0s
- 44450K .......... .......... .......... .......... .......... 83%  143M 0s
- 44500K .......... .......... .......... .......... .......... 83%  180M 0s
- 44550K .......... .......... .......... .......... .......... 83%  165M 0s
- 44600K .......... .......... .......... .......... .......... 83%  162M 0s
- 44650K .......... .......... .......... .......... .......... 83%  198M 0s
- 44700K .......... .......... .......... .......... .......... 83%  256M 0s
- 44750K .......... .......... .......... .......... .......... 83%  194M 0s
- 44800K .......... .......... .......... .......... .......... 83%  177M 0s
- 44850K .......... .......... .......... .......... .......... 84%  179M 0s
- 44900K .......... .......... .......... .......... .......... 84%  159M 0s
- 44950K .......... .......... .......... .......... .......... 84%  158M 0s
- 45000K .......... .......... .......... .......... .......... 84%  256M 0s
- 45050K .......... .......... .......... .......... .......... 84%  220M 0s
- 45100K .......... .......... .......... .......... .......... 84%  263M 0s
- 45150K .......... .......... .......... .......... .......... 84%  143M 0s
- 45200K .......... .......... .......... .......... .......... 84%  156M 0s
- 45250K .......... .......... .......... .......... .......... 84%  148M 0s
- 45300K .......... .......... .......... .......... .......... 84%  152M 0s
- 45350K .......... .......... .......... .......... .......... 85%  184M 0s
- 45400K .......... .......... .......... .......... .......... 85%  157M 0s
- 45450K .......... .......... .......... .......... .......... 85%  132M 0s
- 45500K .......... .......... .......... .......... .......... 85%  179M 0s
- 45550K .......... .......... .......... .......... .......... 85%  224M 0s
- 45600K .......... .......... .......... .......... .......... 85%  180M 0s
- 45650K .......... .......... .......... .......... .......... 85%  142M 0s
- 45700K .......... .......... .......... .......... .......... 85%  169M 0s
- 45750K .......... .......... .......... .......... .......... 85%  177M 0s
- 45800K .......... .......... .......... .......... .......... 85%  168M 0s
- 45850K .......... .......... .......... .......... .......... 85%  133M 0s
- 45900K .......... .......... .......... .......... .......... 86%  170M 0s
- 45950K .......... .......... .......... .......... .......... 86%  155M 0s
- 46000K .......... .......... .......... .......... .......... 86%  180M 0s
- 46050K .......... .......... .......... .......... .......... 86%  146M 0s
- 46100K .......... .......... .......... .......... .......... 86%  145M 0s
- 46150K .......... .......... .......... .......... .......... 86%  172M 0s
- 46200K .......... .......... .......... .......... .......... 86%  177M 0s
- 46250K .......... .......... .......... .......... .......... 86%  152M 0s
- 46300K .......... .......... .......... .......... .......... 86%  172M 0s
- 46350K .......... .......... .......... .......... .......... 86%  185M 0s
- 46400K .......... .......... .......... .......... .......... 86%  158M 0s
- 46450K .......... .......... .......... .......... .......... 87%  119M 0s
- 46500K .......... .......... .......... .......... .......... 87%  171M 0s
- 46550K .......... .......... .......... .......... .......... 87%  215M 0s
- 46600K .......... .......... .......... .......... .......... 87%  262M 0s
- 46650K .......... .......... .......... .......... .......... 87%  199M 0s
- 46700K .......... .......... .......... .......... .......... 87%  241M 0s
- 46750K .......... .......... .......... .......... .......... 87%  267M 0s
- 46800K .......... .......... .......... .......... .......... 87%  266M 0s
- 46850K .......... .......... .......... .......... .......... 87%  230M 0s
- 46900K .......... .......... .......... .......... .......... 87%  186M 0s
- 46950K .......... .......... .......... .......... .......... 88%  186M 0s
- 47000K .......... .......... .......... .......... .......... 88%  192M 0s
- 47050K .......... .......... .......... .......... .......... 88%  132M 0s
- 47100K .......... .......... .......... .......... .......... 88%  172M 0s
- 47150K .......... .......... .......... .......... .......... 88%  175M 0s
- 47200K .......... .......... .......... .......... .......... 88%  185M 0s
- 47250K .......... .......... .......... .......... .......... 88%  150M 0s
- 47300K .......... .......... .......... .......... .......... 88%  153M 0s
- 47350K .......... .......... .......... .......... .......... 88%  145M 0s
- 47400K .......... .......... .......... .......... .......... 88% 93.2M 0s
- 47450K .......... .......... .......... .......... .......... 88%  139M 0s
- 47500K .......... .......... .......... .......... .......... 89%  154M 0s
- 47550K .......... .......... .......... .......... .......... 89%  195M 0s
- 47600K .......... .......... .......... .......... .......... 89%  169M 0s
- 47650K .......... .......... .......... .......... .......... 89%  183M 0s
- 47700K .......... .......... .......... .......... .......... 89%  156M 0s
- 47750K .......... .......... .......... .......... .......... 89%  173M 0s
- 47800K .......... .......... .......... .......... .......... 89%  195M 0s
- 47850K .......... .......... .......... .......... .......... 89%  134M 0s
- 47900K .......... .......... .......... .......... .......... 89%  168M 0s
- 47950K .......... .......... .......... .......... .......... 89%  195M 0s
- 48000K .......... .......... .......... .......... .......... 89%  171M 0s
- 48050K .......... .......... .......... .......... .......... 90%  136M 0s
- 48100K .......... .......... .......... .......... .......... 90%  155M 0s
- 48150K .......... .......... .......... .......... .......... 90%  155M 0s
- 48200K .......... .......... .......... .......... .......... 90%  144M 0s
- 48250K .......... .......... .......... .......... .......... 90%  133M 0s
- 48300K .......... .......... .......... .......... .......... 90%  159M 0s
- 48350K .......... .......... .......... .......... .......... 90%  147M 0s
- 48400K .......... .......... .......... .......... .......... 90%  145M 0s
- 48450K .......... .......... .......... .......... .......... 90%  142M 0s
- 48500K .......... .......... .......... .......... .......... 90%  142M 0s
- 48550K .......... .......... .......... .......... .......... 91%  196M 0s
- 48600K .......... .......... .......... .......... .......... 91%  176M 0s
- 48650K .......... .......... .......... .......... .......... 91%  139M 0s
- 48700K .......... .......... .......... .......... .......... 91%  156M 0s
- 48750K .......... .......... .......... .......... .......... 91%  170M 0s
- 48800K .......... .......... .......... .......... .......... 91%  158M 0s
- 48850K .......... .......... .......... .......... .......... 91%  151M 0s
- 48900K .......... .......... .......... .......... .......... 91%  181M 0s
- 48950K .......... .......... .......... .......... .......... 91%  153M 0s
- 49000K .......... .......... .......... .......... .......... 91%  164M 0s
- 49050K .......... .......... .......... .......... .......... 91%  193M 0s
- 49100K .......... .......... .......... .......... .......... 92%  243M 0s
- 49150K .......... .......... .......... .......... .......... 92%  216M 0s
- 49200K .......... .......... .......... .......... .......... 92%  212M 0s
- 49250K .......... .......... .......... .......... .......... 92%  155M 0s
- 49300K .......... .......... .......... .......... .......... 92%  154M 0s
- 49350K .......... .......... .......... .......... .......... 92%  156M 0s
- 49400K .......... .......... .......... .......... .......... 92%  180M 0s
- 49450K .......... .......... .......... .......... .......... 92%  133M 0s
- 49500K .......... .......... .......... .......... .......... 92%  160M 0s
- 49550K .......... .......... .......... .......... .......... 92%  169M 0s
- 49600K .......... .......... .......... .......... .......... 92%  149M 0s
- 49650K .......... .......... .......... .......... .......... 93%  138M 0s
- 49700K .......... .......... .......... .......... .......... 93%  171M 0s
- 49750K .......... .......... .......... .......... .......... 93%  203M 0s
- 49800K .......... .......... .......... .......... .......... 93%  242M 0s
- 49850K .......... .......... .......... .......... .......... 93%  175M 0s
- 49900K .......... .......... .......... .......... .......... 93%  186M 0s
- 49950K .......... .......... .......... .......... .......... 93%  178M 0s
- 50000K .......... .......... .......... .......... .......... 93%  224M 0s
- 50050K .......... .......... .......... .......... .......... 93%  131M 0s
- 50100K .......... .......... .......... .......... .......... 93%  168M 0s
- 50150K .......... .......... .......... .......... .......... 94%  172M 0s
- 50200K .......... .......... .......... .......... .......... 94%  185M 0s
- 50250K .......... .......... .......... .......... .......... 94%  117M 0s
- 50300K .......... .......... .......... .......... .......... 94%  151M 0s
- 50350K .......... .......... .......... .......... .......... 94%  166M 0s
- 50400K .......... .......... .......... .......... .......... 94%  150M 0s
- 50450K .......... .......... .......... .......... .......... 94%  140M 0s
- 50500K .......... .......... .......... .......... .......... 94%  136M 0s
- 50550K .......... .......... .......... .......... .......... 94%  172M 0s
- 50600K .......... .......... .......... .......... .......... 94%  176M 0s
- 50650K .......... .......... .......... .......... .......... 94%  149M 0s
- 50700K .......... .......... .......... .......... .......... 95%  162M 0s
- 50750K .......... .......... .......... .......... .......... 95%  212M 0s
- 50800K .......... .......... .......... .......... .......... 95%  261M 0s
- 50850K .......... .......... .......... .......... .......... 95%  223M 0s
- 50900K .......... .......... .......... .......... .......... 95%  168M 0s
- 50950K .......... .......... .......... .......... .......... 95%  202M 0s
- 51000K .......... .......... .......... .......... .......... 95%  164M 0s
- 51050K .......... .......... .......... .......... .......... 95%  125M 0s
- 51100K .......... .......... .......... .......... .......... 95%  170M 0s
- 51150K .......... .......... .......... .......... .......... 95%  174M 0s
- 51200K .......... .......... .......... .......... .......... 95%  163M 0s
- 51250K .......... .......... .......... .......... .......... 96%  160M 0s
- 51300K .......... .......... .......... .......... .......... 96%  263M 0s
- 51350K .......... .......... .......... .......... .......... 96%  257M 0s
- 51400K .......... .......... .......... .......... .......... 96%  197M 0s
- 51450K .......... .......... .......... .......... .......... 96%  114M 0s
- 51500K .......... .......... .......... .......... .......... 96%  168M 0s
- 51550K .......... .......... .......... .......... .......... 96%  179M 0s
- 51600K .......... .......... .......... .......... .......... 96%  152M 0s
- 51650K .......... .......... .......... .......... .......... 96%  143M 0s
- 51700K .......... .......... .......... .......... .......... 96%  156M 0s
- 51750K .......... .......... .......... .......... .......... 96%  133M 0s
- 51800K .......... .......... .......... .......... .......... 97%  156M 0s
- 51850K .......... .......... .......... .......... .......... 97%  139M 0s
- 51900K .......... .......... .......... .......... .......... 97%  155M 0s
- 51950K .......... .......... .......... .......... .......... 97%  195M 0s
- 52000K .......... .......... .......... .......... .......... 97%  200M 0s
- 52050K .......... .......... .......... .......... .......... 97%  126M 0s
- 52100K .......... .......... .......... .......... .......... 97%  161M 0s
- 52150K .......... .......... .......... .......... .......... 97%  169M 0s
- 52200K .......... .......... .......... .......... .......... 97%  158M 0s
- 52250K .......... .......... .......... .......... .......... 97%  143M 0s
- 52300K .......... .......... .......... .......... .......... 98%  181M 0s
- 52350K .......... .......... .......... .......... .......... 98%  231M 0s
- 52400K .......... .......... .......... .......... .......... 98%  228M 0s
- 52450K .......... .......... .......... .......... .......... 98%  228M 0s
- 52500K .......... .......... .......... .......... .......... 98%  255M 0s
- 52550K .......... .......... .......... .......... .......... 98%  263M 0s
- 52600K .......... .......... .......... .......... .......... 98%  270M 0s
+ 42100K .......... .......... .......... .......... .......... 78% 99.9M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  129M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  124M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  146M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  150M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  172M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  212M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  120M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  117M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  139M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  151M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  118M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  111M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  130M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  144M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  166M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  121M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  143M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  136M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  131M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  103M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  146M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  143M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  177M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  132M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  125M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  129M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  130M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  123M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  214M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  208M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  193M 0s
+ 43700K .......... .......... .......... .......... .......... 81%  148M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  137M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  144M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  143M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  116M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  150M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  137M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  123M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  116M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  128M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  133M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  126M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  112M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  153M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  139M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  136M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  151M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  205M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  174M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  160M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  120M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  154M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  142M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  158M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  134M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  143M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  138M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  151M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  158M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  182M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  214M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  205M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  176M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  135M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  131M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  146M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  135M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  116M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  133M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  133M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  121M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  138M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  152M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  131M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  110M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  140M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  136M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  140M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  114M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  130M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  148M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  129M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  118M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  148M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  128M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  127M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  119M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  146M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  118M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  162M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  118M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  127M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  133M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  149M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  175M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  168M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  134M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  131M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  109M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  150M 0s
+ 47200K .......... .......... .......... .......... .......... 88%  146M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  142M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  113M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  124M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  157M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  150M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  123M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  163M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  218M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  210M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  181M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  204M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  178M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  209M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  136M 0s
+ 47950K .......... .......... .......... .......... .......... 89%  140M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  142M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  124M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  114M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  113M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  129M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  157M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  120M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  132M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  130M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  141M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  119M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  138M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  145M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  131M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  120M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  131M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  124M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  136M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  120M 0s
+ 48950K .......... .......... .......... .......... .......... 91%  180M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  170M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  184M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  133M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  143M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  148M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  154M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  135M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  152M 0s
+ 49400K .......... .......... .......... .......... .......... 92%  148M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  157M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  108M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  140M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  146M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  129M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  122M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  167M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  132M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  163M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  124M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  139M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  162M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  149M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  146M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  164M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  148M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  128M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  171M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  222M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  223M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  193M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  183M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  222M 0s
+ 50600K .......... .......... .......... .......... .......... 94%  222M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  190M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  138M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  157M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  144M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  121M 0s
+ 50900K .......... .......... .......... .......... .......... 95%  122M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  146M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  145M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  112M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  124M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  133M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  117M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  146M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  153M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  148M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  180M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  245M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  237M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  159M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  124M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  169M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  150M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  134M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  136M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  151M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  139M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  168M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  138M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  163M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  215M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  195M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  134M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  169M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  164M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  159M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  117M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  149M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  141M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  171M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  148M 0s
  52650K .......... .......... .......... .......... .......... 98%  172M 0s
- 52700K .......... .......... .......... .......... .......... 98%  154M 0s
- 52750K .......... .......... .......... .......... .......... 98%  169M 0s
- 52800K .......... .......... .......... .......... .......... 98%  163M 0s
- 52850K .......... .......... .......... .......... .......... 99%  144M 0s
- 52900K .......... .......... .......... .......... .......... 99%  171M 0s
- 52950K .......... .......... .......... .......... .......... 99%  171M 0s
- 53000K .......... .......... .......... .......... .......... 99%  155M 0s
- 53050K .......... .......... .......... .......... .......... 99%  148M 0s
- 53100K .......... .......... .......... .......... .......... 99%  260M 0s
- 53150K .......... .......... .......... .......... .......... 99%  250M 0s
- 53200K .......... .......... .......... .......... .......... 99%  183M 0s
- 53250K .......... .......... .......... .......... .......... 99%  148M 0s
- 53300K .......... .......... .......... .......... .......... 99%  153M 0s
- 53350K .......... .......... .......... .......... .......... 99%  156M 0s
- 53400K ...                                                   100% 6.31T=0.5s
+ 52700K .......... .......... .......... .......... .......... 98%  169M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  164M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  134M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  149M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  152M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  164M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  141M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  160M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  151M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  167M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  139M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  143M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  142M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  188M 0s
+ 53400K ...                                                   100%  118M=0.4s
 
-2024-11-06 09:48:51 (107 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.4’ saved [54685068/54685068]
+2024-11-11 10:00:09 (117 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.4’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -20003,122 +20167,122 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/openvswitch:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-ce0a828393c5: Pushed
-3c6e9d63d9b1: Pushed
-28e149320f3e: Pushed
-9012a85c0a10: Pushed
-72b038345daf: Pushed
+1dd0bffbc480: Pushed
+6791a9d801f7: Pushed
+de17679dd1b2: Pushed
+cc1048e56548: Pushed
+5d83a4dfe862: Pushed
 c0c2749c4e74: Layer already exists
-a539d954dd63: Pushed
-aeffe58bb901: Pushed
-9d8af597251f: Pushed
-50ed2bd36a02: Pushed
-6.0.4.4.81c2369: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+ee8639aeaa20: Pushed
+2af518b7f8d5: Pushed
+8c638953dc0f: Pushed
+1ec7f8906f01: Pushed
+6.0.4.4.81c2369: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noirolabs/openvswitch:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/openvswitch:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-28e149320f3e: Layer already exists
-ce0a828393c5: Layer already exists
-9012a85c0a10: Layer already exists
-72b038345daf: Layer already exists
-a539d954dd63: Layer already exists
-aeffe58bb901: Layer already exists
-50ed2bd36a02: Layer already exists
+cc1048e56548: Layer already exists
+6791a9d801f7: Layer already exists
+5d83a4dfe862: Layer already exists
+1dd0bffbc480: Layer already exists
+1ec7f8906f01: Layer already exists
+de17679dd1b2: Layer already exists
 c0c2749c4e74: Layer already exists
-9d8af597251f: Layer already exists
-3c6e9d63d9b1: Layer already exists
-6.0.4.4.81c2369: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+ee8639aeaa20: Layer already exists
+2af518b7f8d5: Layer already exists
+8c638953dc0f: Layer already exists
+6.0.4.4.81c2369: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-9012a85c0a10: Layer already exists
-3c6e9d63d9b1: Layer already exists
-ce0a828393c5: Layer already exists
-28e149320f3e: Layer already exists
-a539d954dd63: Layer already exists
-aeffe58bb901: Layer already exists
-72b038345daf: Layer already exists
-50ed2bd36a02: Layer already exists
+cc1048e56548: Layer already exists
+5d83a4dfe862: Layer already exists
+2af518b7f8d5: Layer already exists
+6791a9d801f7: Layer already exists
+1dd0bffbc480: Layer already exists
+1ec7f8906f01: Layer already exists
+8c638953dc0f: Layer already exists
+ee8639aeaa20: Layer already exists
 c0c2749c4e74: Layer already exists
-9d8af597251f: Layer already exists
-6.0.4.4.81c2369.110624.10022: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+de17679dd1b2: Layer already exists
+6.0.4.4.81c2369.111124.10031: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-9012a85c0a10: Layer already exists
-3c6e9d63d9b1: Layer already exists
-28e149320f3e: Layer already exists
-50ed2bd36a02: Layer already exists
-aeffe58bb901: Layer already exists
-ce0a828393c5: Layer already exists
-72b038345daf: Layer already exists
+5d83a4dfe862: Layer already exists
+cc1048e56548: Layer already exists
+1dd0bffbc480: Layer already exists
+ee8639aeaa20: Layer already exists
+1ec7f8906f01: Layer already exists
+2af518b7f8d5: Layer already exists
+6791a9d801f7: Layer already exists
 c0c2749c4e74: Layer already exists
-9d8af597251f: Layer already exists
-a539d954dd63: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+de17679dd1b2: Layer already exists
+8c638953dc0f: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +docker login -u=[secure] -p=[secure] quay.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -20126,64 +20290,64 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noiro/openvswitch:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/openvswitch:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noiro/openvswitch:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/openvswitch:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-72b038345daf: Mounted from noirolabs/openvswitch
-9012a85c0a10: Mounted from noirolabs/openvswitch
-3c6e9d63d9b1: Mounted from noirolabs/openvswitch
-ce0a828393c5: Mounted from noirolabs/openvswitch
-28e149320f3e: Mounted from noirolabs/openvswitch
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+cc1048e56548: Mounted from noirolabs/openvswitch
+1dd0bffbc480: Mounted from noirolabs/openvswitch
+de17679dd1b2: Mounted from noirolabs/openvswitch
+5d83a4dfe862: Mounted from noirolabs/openvswitch
+6791a9d801f7: Mounted from noirolabs/openvswitch
+2af518b7f8d5: Mounted from noirolabs/openvswitch
+1ec7f8906f01: Mounted from noirolabs/openvswitch
 c0c2749c4e74: Layer already exists
-a539d954dd63: Mounted from noirolabs/openvswitch
-50ed2bd36a02: Mounted from noirolabs/openvswitch
-aeffe58bb901: Mounted from noirolabs/openvswitch
-9d8af597251f: Mounted from noirolabs/openvswitch
-6.0.4.4.81c2369.110624.10022: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+ee8639aeaa20: Mounted from noirolabs/openvswitch
+8c638953dc0f: Mounted from noirolabs/openvswitch
+6.0.4.4.81c2369.111124.10031: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 quay.io/noiro/openvswitch:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/openvswitch:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-28e149320f3e: Layer already exists
-3c6e9d63d9b1: Layer already exists
-72b038345daf: Layer already exists
-9012a85c0a10: Layer already exists
-ce0a828393c5: Layer already exists
-a539d954dd63: Layer already exists
-aeffe58bb901: Layer already exists
-50ed2bd36a02: Layer already exists
-9d8af597251f: Layer already exists
+5d83a4dfe862: Layer already exists
+cc1048e56548: Layer already exists
+1dd0bffbc480: Layer already exists
+6791a9d801f7: Layer already exists
+de17679dd1b2: Layer already exists
+1ec7f8906f01: Layer already exists
+2af518b7f8d5: Layer already exists
+8c638953dc0f: Layer already exists
 c0c2749c4e74: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+ee8639aeaa20: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -20191,67 +20355,67 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 docker.io/noiro/openvswitch:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/openvswitch:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 docker.io/noiro/openvswitch:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/openvswitch:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-50ed2bd36a02: Waiting
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-9d8af597251f: Waiting
+ee8639aeaa20: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-ce0a828393c5: Pushed
-3c6e9d63d9b1: Pushed
-28e149320f3e: Pushed
-72b038345daf: Pushed
-9012a85c0a10: Pushed
+6791a9d801f7: Pushed
+1dd0bffbc480: Pushed
+cc1048e56548: Pushed
+de17679dd1b2: Pushed
+5d83a4dfe862: Pushed
 c0c2749c4e74: Layer already exists
-a539d954dd63: Pushed
-aeffe58bb901: Pushed
-9d8af597251f: Pushed
-50ed2bd36a02: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+ee8639aeaa20: Pushed
+2af518b7f8d5: Pushed
+8c638953dc0f: Pushed
+1ec7f8906f01: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 +docker tag quay.io/noirolabs/openvswitch:6.0.4.4.81c2369 docker.io/noiro/openvswitch:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/openvswitch:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/openvswitch]
-3c6e9d63d9b1: Preparing
-28e149320f3e: Preparing
-72b038345daf: Preparing
-9012a85c0a10: Preparing
-ce0a828393c5: Preparing
-a539d954dd63: Preparing
-aeffe58bb901: Preparing
-50ed2bd36a02: Preparing
-9d8af597251f: Preparing
+1dd0bffbc480: Preparing
+cc1048e56548: Preparing
+5d83a4dfe862: Preparing
+de17679dd1b2: Preparing
+6791a9d801f7: Preparing
+ee8639aeaa20: Preparing
+2af518b7f8d5: Preparing
+1ec7f8906f01: Preparing
+8c638953dc0f: Preparing
 c0c2749c4e74: Preparing
-a539d954dd63: Waiting
-aeffe58bb901: Waiting
-50ed2bd36a02: Waiting
-9d8af597251f: Waiting
+2af518b7f8d5: Waiting
+1ec7f8906f01: Waiting
+8c638953dc0f: Waiting
 c0c2749c4e74: Waiting
-ce0a828393c5: Layer already exists
-72b038345daf: Layer already exists
-28e149320f3e: Layer already exists
-9012a85c0a10: Layer already exists
-3c6e9d63d9b1: Layer already exists
-9d8af597251f: Layer already exists
-50ed2bd36a02: Layer already exists
+ee8639aeaa20: Waiting
+6791a9d801f7: Layer already exists
+cc1048e56548: Layer already exists
+5d83a4dfe862: Layer already exists
+de17679dd1b2: Layer already exists
+1dd0bffbc480: Layer already exists
 c0c2749c4e74: Layer already exists
-a539d954dd63: Layer already exists
-aeffe58bb901: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632 size: 2430
+2af518b7f8d5: Layer already exists
+ee8639aeaa20: Layer already exists
+8c638953dc0f: Layer already exists
+1ec7f8906f01: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856 size: 2430
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/openvswitch:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro openvswitch 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e registry.access.redhat.com/ubi9/ubi-minimal:9.3
++IMAGE_SHA=sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro openvswitch 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69 registry.access.redhat.com/ubi9/ubi-minimal:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -20259,9 +20423,9 @@ aeffe58bb901: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -20279,8 +20443,8 @@ aeffe58bb901: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=openvswitch
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -20299,49 +20463,47 @@ fatal: destination path 'cicd-status' already exists and is not an empty directo
 +add_artifacts
 +cd /tmp/cicd-status
 +git pull --rebase origin main
-error: cannot pull with rebase: You have unstaged changes.
-error: Please commit or stash them.
+From https://github.com/noironetworks/cicd-status
+ * branch              main       -> FETCH_HEAD
+Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/openvswitch
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1229k  100 1229k    0     0  6999k      0 --:--:-- --:--:-- --:--:-- 7027k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1241k  100 1241k    0     0  6274k      0 --:--:-- --:--:-- --:--:-- 6300k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/openvswitch/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/openvswitch/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/openvswitch/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e
-Untagged: noiro/openvswitch:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69
+Untagged: noiro/openvswitch:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/openvswitch:6.0.4.4.81c2369.z
-Untagged: noiro/openvswitch@sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632
-Untagged: quay.io/noiro/openvswitch:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/openvswitch@sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856
+Untagged: quay.io/noiro/openvswitch:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/openvswitch:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/openvswitch@sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632
+Untagged: quay.io/noiro/openvswitch@sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856
 Untagged: quay.io/noirolabs/openvswitch:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/openvswitch:6.0.4.4.81c2369.z
-Untagged: quay.io/noirolabs/openvswitch@sha256:58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632
-Deleted: sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e
-+python /tmp/cicd/travis/update-release.py quay.io/noiro openvswitch 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi-minimal:9.3
+Untagged: quay.io/noirolabs/openvswitch@sha256:0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856
+Deleted: sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69
++python /tmp/cicd/travis/update-release.py quay.io/noiro openvswitch 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi-minimal:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/openvswitch:6.0.4.4.81c2369.z
-2024-11-06T09:51:09.948Z	[34mINFO[0m	Need to update DB
-2024-11-06T09:51:09.948Z	[34mINFO[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
-2024-11-06T09:51:09.948Z	[34mINFO[0m	Downloading DB...
-22.76 MiB / 55.16 MiB [---------------->________________________] 41.26% ? p/s ?55.16 MiB / 55.16 MiB [--------------------------------------->] 100.00% ? p/s ?55.16 MiB / 55.16 MiB [--------------------------------------->] 100.00% ? p/s ?55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 53.98 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 53.98 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 53.98 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 50.50 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 50.50 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 50.50 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-------------------------->] 100.00% 47.24 MiB p/s ETA 0s55.16 MiB / 55.16 MiB [-----------------------------] 100.00% 28.13 MiB p/s 2.2s2024-11-06T09:51:12.357Z	[34mINFO[0m	Vulnerability scanning is enabled
-2024-11-06T09:51:12.357Z	[34mINFO[0m	Secret scanning is enabled
-2024-11-06T09:51:12.357Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
-2024-11-06T09:51:12.357Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
-2024-11-06T09:51:42.011Z	[34mINFO[0m	Detected OS: redhat
-2024-11-06T09:51:42.011Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
-2024-11-06T09:51:42.076Z	[34mINFO[0m	Number of language-specific files: 1
-2024-11-06T09:51:42.076Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
+2024-11-11T10:02:19.848Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T10:02:19.848Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T10:02:19.848Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T10:02:19.848Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T10:02:46.802Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T10:02:46.802Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T10:02:47.043Z	[34mINFO[0m	Number of language-specific files: 1
+2024-11-11T10:02:47.043Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
 +git_add_commit_push
 +cd /tmp/cicd-status
 +git config --local user.email test@cisco.com
 +git config --local user.name travis-tagger
 +git stash
-Saved working directory and index state WIP on main: a474c9bb 6.1.2.1.z-acc-provision-10129-2024-11-05_19:43:42
+Saved working directory and index state WIP on main: 0a008ebb 6.0.4.4.z-aci-containers-operator-10031-2024-11-11_10:00:01
 +git pull --rebase origin main
 From https://github.com/noironetworks/cicd-status
  * branch              main       -> FETCH_HEAD
@@ -20353,36 +20515,29 @@ Your branch is up to date with 'origin/main'.
 Changes not staged for commit:
   (use "git add <file>..." to update what will be committed)
   (use "git restore <file>..." to discard changes in working directory)
-	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-buildlog.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-controller/6.0.4.4-cve.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-buildlog.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-host/6.0.4.4-cve.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-buildlog.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-operator/6.0.4.4-cve.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-buildlog.txt
-	modified:   docs/release_artifacts/6.0.4.4/z/cnideploy/6.0.4.4-cve.txt
 	modified:   docs/release_artifacts/6.0.4.4/z/openvswitch/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/openvswitch/6.0.4.4-cve.txt
 	modified:   docs/release_artifacts/releases.yaml
 
 no changes added to commit (use "git add" and/or "git commit -a")
-Dropped refs/stash@{0} (4cc159f0316bbce32343e0f791aede9644fc64ed)
+Dropped refs/stash@{0} (30d33cd618584ea06c293f90a17594c53230b703)
 +git add .
 +[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
 ++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/openvswitch:6.0.4.4.81c2369.z
-+DOCKER_REPO_DIGEST_SHA=58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632
++DOCKER_REPO_DIGEST_SHA=0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856
 ++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/openvswitch:6.0.4.4.81c2369.z
-+QUAY_REPO_DIGEST_SHA=58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632
++QUAY_REPO_DIGEST_SHA=0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856
 ++date +%F_%H:%M:%S
-+git commit -a -m 6.0.4.4.z-openvswitch-10022-2024-11-06_09:51:42 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.110624.10022' -m 'ImageId: sha256:abc733d75b12eb73192f8225470b756cecdfb9d4fbb7fca29e5653775402a16e' -m 'DockerSha: 58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632' -m 'QuaySha: 58c573ac5790a47a86da22105c9649b7be5ed2be924405ef55ec24d146119632'
-[main 67af861b] 6.0.4.4.z-openvswitch-10022-2024-11-06_09:51:42
- 10 files changed, 42465 insertions(+), 43045 deletions(-)
++git commit -a -m 6.0.4.4.z-openvswitch-10031-2024-11-11_10:02:47 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:c85998ec121bbf141fb382cd3ab5128b4c4d90dd03eae843533289ebc0db1e69' -m 'DockerSha: 0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856' -m 'QuaySha: 0cd11814bb9547c0c871d07c8a54ac33ef586218c4261db6c05c587bbf277856'
+[main 856c3558] 6.0.4.4.z-openvswitch-10031-2024-11-11_10:02:47
+ 3 files changed, 10919 insertions(+), 10751 deletions(-)
 +git push origin main
 To https://github.com/noironetworks/cicd-status.git
-   a474c9bb..67af861b  main -> main
+   0a008ebb..856c3558  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ aci-containers-webhook != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-webhook 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-webhook 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -20390,9 +20545,9 @@ To https://github.com/noironetworks/cicd-status.git
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -20407,12 +20562,12 @@ To https://github.com/noironetworks/cicd-status.git
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=aci-containers-webhook
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
-+sh -s -- -b /tmp
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
++sh -s -- -b /tmp
 [info] checking github for the current release tag 
 [info] fetching release script for tag='v0.84.0' 
 [info] checking github for the current release tag 
@@ -20424,1087 +20579,1087 @@ To https://github.com/noironetworks/cicd-status.git
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:51:48--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
-Resolving github.com (github.com)... 140.82.114.4
-Connecting to github.com (github.com)|140.82.114.4|:443... connected.
+--2024-11-11 10:02:53--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+Resolving github.com (github.com)... 140.82.112.4
+Connecting to github.com (github.com)|140.82.112.4|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.111.133, 185.199.108.133, ...
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
 Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.5’
 
-     0K .......... .......... .......... .......... ..........  0% 3.06M 17s
-    50K .......... .......... .......... .......... ..........  0% 4.56M 14s
-   100K .......... .......... .......... .......... ..........  0% 14.8M 11s
-   150K .......... .......... .......... .......... ..........  0% 21.6M 9s
-   200K .......... .......... .......... .......... ..........  0% 6.84M 8s
-   250K .......... .......... .......... .......... ..........  0% 19.8M 7s
-   300K .......... .......... .......... .......... ..........  0% 19.4M 7s
-   350K .......... .......... .......... .......... ..........  0% 49.0M 6s
-   400K .......... .......... .......... .......... ..........  0% 29.5M 6s
-   450K .......... .......... .......... .......... ..........  0% 8.94M 6s
-   500K .......... .......... .......... .......... ..........  1% 68.1M 5s
-   550K .......... .......... .......... .......... ..........  1% 35.9M 5s
-   600K .......... .......... .......... .......... ..........  1% 36.6M 5s
-   650K .......... .......... .......... .......... ..........  1%  211M 4s
-   700K .......... .......... .......... .......... ..........  1% 54.9M 4s
-   750K .......... .......... .......... .......... ..........  1% 29.7M 4s
-   800K .......... .......... .......... .......... ..........  1% 47.9M 4s
-   850K .......... .......... .......... .......... ..........  1% 75.4M 4s
-   900K .......... .......... .......... .......... ..........  1%  219M 3s
-   950K .......... .......... .......... .......... ..........  1%  163M 3s
-  1000K .......... .......... .......... .......... ..........  1% 9.57M 3s
-  1050K .......... .......... .......... .......... ..........  2% 97.2M 3s
-  1100K .......... .......... .......... .......... ..........  2% 32.9M 3s
-  1150K .......... .......... .......... .......... ..........  2%  193M 3s
-  1200K .......... .......... .......... .......... ..........  2%  251M 3s
-  1250K .......... .......... .......... .......... ..........  2% 62.0M 3s
-  1300K .......... .......... .......... .......... ..........  2%  209M 3s
-  1350K .......... .......... .......... .......... ..........  2%  241M 3s
-  1400K .......... .......... .......... .......... ..........  2% 89.0M 3s
-  1450K .......... .......... .......... .......... ..........  2% 42.7M 2s
-  1500K .......... .......... .......... .......... ..........  2% 50.0M 2s
-  1550K .......... .......... .......... .......... ..........  2%  203M 2s
-  1600K .......... .......... .......... .......... ..........  3%  229M 2s
-  1650K .......... .......... .......... .......... ..........  3%  258M 2s
-  1700K .......... .......... .......... .......... ..........  3%  226M 2s
-  1750K .......... .......... .......... .......... ..........  3% 63.1M 2s
-  1800K .......... .......... .......... .......... ..........  3% 55.4M 2s
-  1850K .......... .......... .......... .......... ..........  3% 65.7M 2s
-  1900K .......... .......... .......... .......... ..........  3%  191M 2s
-  1950K .......... .......... .......... .......... ..........  3%  259M 2s
-  2000K .......... .......... .......... .......... ..........  3% 13.1M 2s
-  2050K .......... .......... .......... .......... ..........  3%  232M 2s
-  2100K .......... .......... .......... .......... ..........  4%  224M 2s
-  2150K .......... .......... .......... .......... ..........  4%  242M 2s
-  2200K .......... .......... .......... .......... ..........  4%  261M 2s
-  2250K .......... .......... .......... .......... ..........  4% 81.9M 2s
-  2300K .......... .......... .......... .......... ..........  4%  192M 2s
-  2350K .......... .......... .......... .......... ..........  4%  257M 2s
-  2400K .......... .......... .......... .......... ..........  4%  237M 2s
-  2450K .......... .......... .......... .......... ..........  4% 90.5M 2s
-  2500K .......... .......... .......... .......... ..........  4%  112M 2s
-  2550K .......... .......... .......... .......... ..........  4%  244M 2s
-  2600K .......... .......... .......... .......... ..........  4%  225M 2s
-  2650K .......... .......... .......... .......... ..........  5% 56.5M 2s
-  2700K .......... .......... .......... .......... ..........  5% 53.2M 2s
-  2750K .......... .......... .......... .......... ..........  5%  246M 2s
-  2800K .......... .......... .......... .......... ..........  5%  134M 2s
-  2850K .......... .......... .......... .......... ..........  5% 65.2M 2s
-  2900K .......... .......... .......... .......... ..........  5%  215M 1s
-  2950K .......... .......... .......... .......... ..........  5%  205M 1s
-  3000K .......... .......... .......... .......... ..........  5%  228M 1s
-  3050K .......... .......... .......... .......... ..........  5%  138M 1s
-  3100K .......... .......... .......... .......... ..........  5%  199M 1s
-  3150K .......... .......... .......... .......... ..........  5% 14.1M 1s
-  3200K .......... .......... .......... .......... ..........  6%  224M 1s
-  3250K .......... .......... .......... .......... ..........  6%  251M 1s
-  3300K .......... .......... .......... .......... ..........  6% 43.0M 1s
-  3350K .......... .......... .......... .......... ..........  6%  121M 1s
-  3400K .......... .......... .......... .......... ..........  6%  274M 1s
-  3450K .......... .......... .......... .......... ..........  6%  240M 1s
-  3500K .......... .......... .......... .......... ..........  6%  200M 1s
-  3550K .......... .......... .......... .......... ..........  6% 83.3M 1s
-  3600K .......... .......... .......... .......... ..........  6% 50.5M 1s
-  3650K .......... .......... .......... .......... ..........  6% 37.5M 1s
-  3700K .......... .......... .......... .......... ..........  7% 44.3M 1s
-  3750K .......... .......... .......... .......... ..........  7% 48.8M 1s
-  3800K .......... .......... .......... .......... ..........  7% 55.1M 1s
-  3850K .......... .......... .......... .......... ..........  7% 86.5M 1s
-  3900K .......... .......... .......... .......... ..........  7% 61.4M 1s
-  3950K .......... .......... .......... .......... ..........  7%  214M 1s
-  4000K .......... .......... .......... .......... ..........  7%  217M 1s
-  4050K .......... .......... .......... .......... ..........  7%  246M 1s
-  4100K .......... .......... .......... .......... ..........  7%  194M 1s
-  4150K .......... .......... .......... .......... ..........  7%  264M 1s
-  4200K .......... .......... .......... .......... ..........  7%  145M 1s
-  4250K .......... .......... .......... .......... ..........  8%  252M 1s
-  4300K .......... .......... .......... .......... ..........  8% 46.7M 1s
-  4350K .......... .......... .......... .......... ..........  8% 81.4M 1s
-  4400K .......... .......... .......... .......... ..........  8%  248M 1s
-  4450K .......... .......... .......... .......... ..........  8%  274M 1s
-  4500K .......... .......... .......... .......... ..........  8%  238M 1s
-  4550K .......... .......... .......... .......... ..........  8%  190M 1s
-  4600K .......... .......... .......... .......... ..........  8%  267M 1s
-  4650K .......... .......... .......... .......... ..........  8%  172M 1s
-  4700K .......... .......... .......... .......... ..........  8% 69.9M 1s
-  4750K .......... .......... .......... .......... ..........  8%  217M 1s
-  4800K .......... .......... .......... .......... ..........  9%  250M 1s
-  4850K .......... .......... .......... .......... ..........  9% 39.0M 1s
-  4900K .......... .......... .......... .......... ..........  9% 41.9M 1s
-  4950K .......... .......... .......... .......... ..........  9% 48.2M 1s
-  5000K .......... .......... .......... .......... ..........  9%  231M 1s
-  5050K .......... .......... .......... .......... ..........  9%  239M 1s
-  5100K .......... .......... .......... .......... ..........  9% 61.6M 1s
-  5150K .......... .......... .......... .......... ..........  9%  238M 1s
-  5200K .......... .......... .......... .......... ..........  9%  248M 1s
-  5250K .......... .......... .......... .......... ..........  9% 50.9M 1s
-  5300K .......... .......... .......... .......... .......... 10% 76.7M 1s
-  5350K .......... .......... .......... .......... .......... 10% 54.7M 1s
-  5400K .......... .......... .......... .......... .......... 10% 42.3M 1s
-  5450K .......... .......... .......... .......... .......... 10% 59.7M 1s
-  5500K .......... .......... .......... .......... .......... 10%  190M 1s
-  5550K .......... .......... .......... .......... .......... 10%  241M 1s
-  5600K .......... .......... .......... .......... .......... 10% 53.6M 1s
-  5650K .......... .......... .......... .......... .......... 10%  216M 1s
-  5700K .......... .......... .......... .......... .......... 10%  208M 1s
-  5750K .......... .......... .......... .......... .......... 10% 48.4M 1s
-  5800K .......... .......... .......... .......... .......... 10% 42.3M 1s
-  5850K .......... .......... .......... .......... .......... 11% 68.9M 1s
-  5900K .......... .......... .......... .......... .......... 11% 27.8M 1s
-  5950K .......... .......... .......... .......... .......... 11%  218M 1s
-  6000K .......... .......... .......... .......... .......... 11%  251M 1s
-  6050K .......... .......... .......... .......... .......... 11%  249M 1s
-  6100K .......... .......... .......... .......... .......... 11%  206M 1s
+     0K .......... .......... .......... .......... ..........  0% 4.26M 12s
+    50K .......... .......... .......... .......... ..........  0% 5.26M 11s
+   100K .......... .......... .......... .......... ..........  0% 22.4M 8s
+   150K .......... .......... .......... .......... ..........  0% 24.4M 7s
+   200K .......... .......... .......... .......... ..........  0% 7.83M 7s
+   250K .......... .......... .......... .......... ..........  0% 35.6M 6s
+   300K .......... .......... .......... .......... ..........  0% 30.5M 5s
+   350K .......... .......... .......... .......... ..........  0% 48.3M 5s
+   400K .......... .......... .......... .......... ..........  0% 31.5M 4s
+   450K .......... .......... .......... .......... ..........  0%  102M 4s
+   500K .......... .......... .......... .......... ..........  1% 10.4M 4s
+   550K .......... .......... .......... .......... ..........  1% 40.2M 4s
+   600K .......... .......... .......... .......... ..........  1% 42.1M 4s
+   650K .......... .......... .......... .......... ..........  1% 85.1M 3s
+   700K .......... .......... .......... .......... ..........  1% 71.9M 3s
+   750K .......... .......... .......... .......... ..........  1%  132M 3s
+   800K .......... .......... .......... .......... ..........  1% 83.3M 3s
+   850K .......... .......... .......... .......... ..........  1% 40.6M 3s
+   900K .......... .......... .......... .......... ..........  1%  163M 3s
+   950K .......... .......... .......... .......... ..........  1%  241M 3s
+  1000K .......... .......... .......... .......... ..........  1% 11.3M 3s
+  1050K .......... .......... .......... .......... ..........  2%  177M 3s
+  1100K .......... .......... .......... .......... ..........  2% 60.7M 2s
+  1150K .......... .......... .......... .......... ..........  2%  130M 2s
+  1200K .......... .......... .......... .......... ..........  2%  247M 2s
+  1250K .......... .......... .......... .......... ..........  2% 57.6M 2s
+  1300K .......... .......... .......... .......... ..........  2%  247M 2s
+  1350K .......... .......... .......... .......... ..........  2%  108M 2s
+  1400K .......... .......... .......... .......... ..........  2% 73.8M 2s
+  1450K .......... .......... .......... .......... ..........  2% 75.9M 2s
+  1500K .......... .......... .......... .......... ..........  2% 76.7M 2s
+  1550K .......... .......... .......... .......... ..........  2%  105M 2s
+  1600K .......... .......... .......... .......... ..........  3%  212M 2s
+  1650K .......... .......... .......... .......... ..........  3%  235M 2s
+  1700K .......... .......... .......... .......... ..........  3%  269M 2s
+  1750K .......... .......... .......... .......... ..........  3% 85.7M 2s
+  1800K .......... .......... .......... .......... ..........  3%  251M 2s
+  1850K .......... .......... .......... .......... ..........  3%  210M 2s
+  1900K .......... .......... .......... .......... ..........  3%  116M 2s
+  1950K .......... .......... .......... .......... ..........  3%  263M 2s
+  2000K .......... .......... .......... .......... ..........  3% 17.1M 2s
+  2050K .......... .......... .......... .......... ..........  3%  209M 2s
+  2100K .......... .......... .......... .......... ..........  4%  226M 2s
+  2150K .......... .......... .......... .......... ..........  4%  209M 1s
+  2200K .......... .......... .......... .......... ..........  4%  244M 1s
+  2250K .......... .......... .......... .......... ..........  4%  150M 1s
+  2300K .......... .......... .......... .......... ..........  4%  240M 1s
+  2350K .......... .......... .......... .......... ..........  4%  210M 1s
+  2400K .......... .......... .......... .......... ..........  4%  246M 1s
+  2450K .......... .......... .......... .......... ..........  4%  225M 1s
+  2500K .......... .......... .......... .......... ..........  4%  134M 1s
+  2550K .......... .......... .......... .......... ..........  4%  211M 1s
+  2600K .......... .......... .......... .......... ..........  4%  251M 1s
+  2650K .......... .......... .......... .......... ..........  5%  207M 1s
+  2700K .......... .......... .......... .......... ..........  5%  198M 1s
+  2750K .......... .......... .......... .......... ..........  5%  246M 1s
+  2800K .......... .......... .......... .......... ..........  5%  214M 1s
+  2850K .......... .......... .......... .......... ..........  5%  208M 1s
+  2900K .......... .......... .......... .......... ..........  5%  241M 1s
+  2950K .......... .......... .......... .......... ..........  5%  236M 1s
+  3000K .......... .......... .......... .......... ..........  5%  101M 1s
+  3050K .......... .......... .......... .......... ..........  5% 64.1M 1s
+  3100K .......... .......... .......... .......... ..........  5% 82.6M 1s
+  3150K .......... .......... .......... .......... ..........  5% 96.5M 1s
+  3200K .......... .......... .......... .......... ..........  6% 63.5M 1s
+  3250K .......... .......... .......... .......... ..........  6%  125M 1s
+  3300K .......... .......... .......... .......... ..........  6%  249M 1s
+  3350K .......... .......... .......... .......... ..........  6%  223M 1s
+  3400K .......... .......... .......... .......... ..........  6% 80.5M 1s
+  3450K .......... .......... .......... .......... ..........  6%  189M 1s
+  3500K .......... .......... .......... .......... ..........  6%  222M 1s
+  3550K .......... .......... .......... .......... ..........  6%  200M 1s
+  3600K .......... .......... .......... .......... ..........  6%  187M 1s
+  3650K .......... .......... .......... .......... ..........  6%  178M 1s
+  3700K .......... .......... .......... .......... ..........  7%  223M 1s
+  3750K .......... .......... .......... .......... ..........  7% 70.3M 1s
+  3800K .......... .......... .......... .......... ..........  7% 77.8M 1s
+  3850K .......... .......... .......... .......... ..........  7%  167M 1s
+  3900K .......... .......... .......... .......... ..........  7%  124M 1s
+  3950K .......... .......... .......... .......... ..........  7% 78.2M 1s
+  4000K .......... .......... .......... .......... ..........  7%  102M 1s
+  4050K .......... .......... .......... .......... ..........  7% 82.9M 1s
+  4100K .......... .......... .......... .......... ..........  7%  163M 1s
+  4150K .......... .......... .......... .......... ..........  7%  187M 1s
+  4200K .......... .......... .......... .......... ..........  7%  213M 1s
+  4250K .......... .......... .......... .......... ..........  8%  199M 1s
+  4300K .......... .......... .......... .......... ..........  8%  222M 1s
+  4350K .......... .......... .......... .......... ..........  8%  156M 1s
+  4400K .......... .......... .......... .......... ..........  8%  106M 1s
+  4450K .......... .......... .......... .......... ..........  8% 81.4M 1s
+  4500K .......... .......... .......... .......... ..........  8% 97.6M 1s
+  4550K .......... .......... .......... .......... ..........  8% 62.9M 1s
+  4600K .......... .......... .......... .......... ..........  8%  233M 1s
+  4650K .......... .......... .......... .......... ..........  8%  221M 1s
+  4700K .......... .......... .......... .......... ..........  8%  130M 1s
+  4750K .......... .......... .......... .......... ..........  8%  247M 1s
+  4800K .......... .......... .......... .......... ..........  9%  254M 1s
+  4850K .......... .......... .......... .......... ..........  9%  207M 1s
+  4900K .......... .......... .......... .......... ..........  9% 84.9M 1s
+  4950K .......... .......... .......... .......... ..........  9%  165M 1s
+  5000K .......... .......... .......... .......... ..........  9%  243M 1s
+  5050K .......... .......... .......... .......... ..........  9%  202M 1s
+  5100K .......... .......... .......... .......... ..........  9%  247M 1s
+  5150K .......... .......... .......... .......... ..........  9%  226M 1s
+  5200K .......... .......... .......... .......... ..........  9%  219M 1s
+  5250K .......... .......... .......... .......... ..........  9% 79.9M 1s
+  5300K .......... .......... .......... .......... .......... 10% 75.8M 1s
+  5350K .......... .......... .......... .......... .......... 10% 67.6M 1s
+  5400K .......... .......... .......... .......... .......... 10% 84.5M 1s
+  5450K .......... .......... .......... .......... .......... 10%  223M 1s
+  5500K .......... .......... .......... .......... .......... 10%  250M 1s
+  5550K .......... .......... .......... .......... .......... 10%  131M 1s
+  5600K .......... .......... .......... .......... .......... 10%  124M 1s
+  5650K .......... .......... .......... .......... .......... 10% 91.8M 1s
+  5700K .......... .......... .......... .......... .......... 10%  243M 1s
+  5750K .......... .......... .......... .......... .......... 10%  236M 1s
+  5800K .......... .......... .......... .......... .......... 10%  228M 1s
+  5850K .......... .......... .......... .......... .......... 11%  225M 1s
+  5900K .......... .......... .......... .......... .......... 11%  124M 1s
+  5950K .......... .......... .......... .......... .......... 11%  235M 1s
+  6000K .......... .......... .......... .......... .......... 11%  241M 1s
+  6050K .......... .......... .......... .......... .......... 11%  209M 1s
+  6100K .......... .......... .......... .......... .......... 11%  201M 1s
   6150K .......... .......... .......... .......... .......... 11%  253M 1s
-  6200K .......... .......... .......... .......... .......... 11% 50.9M 1s
-  6250K .......... .......... .......... .......... .......... 11%  202M 1s
-  6300K .......... .......... .......... .......... .......... 11% 28.0M 1s
-  6350K .......... .......... .......... .......... .......... 11% 55.1M 1s
-  6400K .......... .......... .......... .......... .......... 12% 79.8M 1s
-  6450K .......... .......... .......... .......... .......... 12%  133M 1s
-  6500K .......... .......... .......... .......... .......... 12%  226M 1s
-  6550K .......... .......... .......... .......... .......... 12% 37.5M 1s
-  6600K .......... .......... .......... .......... .......... 12% 52.1M 1s
-  6650K .......... .......... .......... .......... .......... 12% 79.0M 1s
-  6700K .......... .......... .......... .......... .......... 12%  213M 1s
-  6750K .......... .......... .......... .......... .......... 12%  229M 1s
-  6800K .......... .......... .......... .......... .......... 12%  240M 1s
-  6850K .......... .......... .......... .......... .......... 12%  238M 1s
-  6900K .......... .......... .......... .......... .......... 13%  224M 1s
-  6950K .......... .......... .......... .......... .......... 13% 73.5M 1s
-  7000K .......... .......... .......... .......... .......... 13% 28.2M 1s
-  7050K .......... .......... .......... .......... .......... 13% 41.3M 1s
-  7100K .......... .......... .......... .......... .......... 13% 58.9M 1s
-  7150K .......... .......... .......... .......... .......... 13% 64.1M 1s
-  7200K .......... .......... .......... .......... .......... 13% 67.4M 1s
-  7250K .......... .......... .......... .......... .......... 13% 64.2M 1s
-  7300K .......... .......... .......... .......... .......... 13%  163M 1s
-  7350K .......... .......... .......... .......... .......... 13%  242M 1s
-  7400K .......... .......... .......... .......... .......... 13% 87.9M 1s
-  7450K .......... .......... .......... .......... .......... 14%  109M 1s
-  7500K .......... .......... .......... .......... .......... 14%  195M 1s
-  7550K .......... .......... .......... .......... .......... 14%  252M 1s
-  7600K .......... .......... .......... .......... .......... 14%  239M 1s
-  7650K .......... .......... .......... .......... .......... 14%  248M 1s
-  7700K .......... .......... .......... .......... .......... 14% 83.4M 1s
-  7750K .......... .......... .......... .......... .......... 14% 26.8M 1s
-  7800K .......... .......... .......... .......... .......... 14% 44.7M 1s
-  7850K .......... .......... .......... .......... .......... 14% 54.3M 1s
-  7900K .......... .......... .......... .......... .......... 14% 70.2M 1s
-  7950K .......... .......... .......... .......... .......... 14%  203M 1s
-  8000K .......... .......... .......... .......... .......... 15%  253M 1s
-  8050K .......... .......... .......... .......... .......... 15% 30.6M 1s
-  8100K .......... .......... .......... .......... .......... 15% 54.8M 1s
-  8150K .......... .......... .......... .......... .......... 15% 93.9M 1s
-  8200K .......... .......... .......... .......... .......... 15%  233M 1s
-  8250K .......... .......... .......... .......... .......... 15%  233M 1s
-  8300K .......... .......... .......... .......... .......... 15%  151M 1s
-  8350K .......... .......... .......... .......... .......... 15% 67.2M 1s
-  8400K .......... .......... .......... .......... .......... 15% 63.8M 1s
-  8450K .......... .......... .......... .......... .......... 15% 51.9M 1s
-  8500K .......... .......... .......... .......... .......... 16%  136M 1s
-  8550K .......... .......... .......... .......... .......... 16%  232M 1s
-  8600K .......... .......... .......... .......... .......... 16%  252M 1s
-  8650K .......... .......... .......... .......... .......... 16%  254M 1s
-  8700K .......... .......... .......... .......... .......... 16%  202M 1s
-  8750K .......... .......... .......... .......... .......... 16%  256M 1s
-  8800K .......... .......... .......... .......... .......... 16% 21.2M 1s
-  8850K .......... .......... .......... .......... .......... 16% 68.1M 1s
-  8900K .......... .......... .......... .......... .......... 16% 45.3M 1s
-  8950K .......... .......... .......... .......... .......... 16% 60.3M 1s
-  9000K .......... .......... .......... .......... .......... 16% 71.1M 1s
-  9050K .......... .......... .......... .......... .......... 17%  117M 1s
-  9100K .......... .......... .......... .......... .......... 17%  193M 1s
-  9150K .......... .......... .......... .......... .......... 17%  251M 1s
-  9200K .......... .......... .......... .......... .......... 17%  266M 1s
-  9250K .......... .......... .......... .......... .......... 17%  250M 1s
-  9300K .......... .......... .......... .......... .......... 17%  233M 1s
-  9350K .......... .......... .......... .......... .......... 17% 59.8M 1s
-  9400K .......... .......... .......... .......... .......... 17% 59.1M 1s
-  9450K .......... .......... .......... .......... .......... 17% 59.7M 1s
-  9500K .......... .......... .......... .......... .......... 17% 56.9M 1s
-  9550K .......... .......... .......... .......... .......... 17% 53.7M 1s
-  9600K .......... .......... .......... .......... .......... 18% 65.3M 1s
-  9650K .......... .......... .......... .......... .......... 18% 58.6M 1s
-  9700K .......... .......... .......... .......... .......... 18% 78.9M 1s
-  9750K .......... .......... .......... .......... .......... 18%  238M 1s
-  9800K .......... .......... .......... .......... .......... 18%  209M 1s
-  9850K .......... .......... .......... .......... .......... 18%  172M 1s
-  9900K .......... .......... .......... .......... .......... 18%  234M 1s
-  9950K .......... .......... .......... .......... .......... 18% 32.4M 1s
- 10000K .......... .......... .......... .......... .......... 18% 60.0M 1s
- 10050K .......... .......... .......... .......... .......... 18%  135M 1s
- 10100K .......... .......... .......... .......... .......... 19% 55.0M 1s
- 10150K .......... .......... .......... .......... .......... 19%  136M 1s
- 10200K .......... .......... .......... .......... .......... 19%  219M 1s
- 10250K .......... .......... .......... .......... .......... 19%  259M 1s
- 10300K .......... .......... .......... .......... .......... 19%  206M 1s
- 10350K .......... .......... .......... .......... .......... 19% 24.2M 1s
- 10400K .......... .......... .......... .......... .......... 19%  103M 1s
- 10450K .......... .......... .......... .......... .......... 19%  237M 1s
- 10500K .......... .......... .......... .......... .......... 19% 43.7M 1s
- 10550K .......... .......... .......... .......... .......... 19%  111M 1s
- 10600K .......... .......... .......... .......... .......... 19%  240M 1s
- 10650K .......... .......... .......... .......... .......... 20%  257M 1s
- 10700K .......... .......... .......... .......... .......... 20%  223M 1s
- 10750K .......... .......... .......... .......... .......... 20%  244M 1s
- 10800K .......... .......... .......... .......... .......... 20% 23.9M 1s
- 10850K .......... .......... .......... .......... .......... 20% 62.0M 1s
- 10900K .......... .......... .......... .......... .......... 20% 63.6M 1s
- 10950K .......... .......... .......... .......... .......... 20% 57.9M 1s
- 11000K .......... .......... .......... .......... .......... 20%  109M 1s
- 11050K .......... .......... .......... .......... .......... 20%  230M 1s
- 11100K .......... .......... .......... .......... .......... 20%  139M 1s
- 11150K .......... .......... .......... .......... .......... 20% 69.1M 1s
- 11200K .......... .......... .......... .......... .......... 21%  244M 1s
- 11250K .......... .......... .......... .......... .......... 21%  252M 1s
- 11300K .......... .......... .......... .......... .......... 21%  206M 1s
- 11350K .......... .......... .......... .......... .......... 21%  247M 1s
- 11400K .......... .......... .......... .......... .......... 21% 66.2M 1s
- 11450K .......... .......... .......... .......... .......... 21% 25.7M 1s
- 11500K .......... .......... .......... .......... .......... 21% 42.0M 1s
- 11550K .......... .......... .......... .......... .......... 21% 57.0M 1s
- 11600K .......... .......... .......... .......... .......... 21% 89.1M 1s
- 11650K .......... .......... .......... .......... .......... 21%  250M 1s
- 11700K .......... .......... .......... .......... .......... 22% 43.1M 1s
- 11750K .......... .......... .......... .......... .......... 22%  221M 1s
- 11800K .......... .......... .......... .......... .......... 22%  251M 1s
- 11850K .......... .......... .......... .......... .......... 22%  224M 1s
- 11900K .......... .......... .......... .......... .......... 22%  228M 1s
- 11950K .......... .......... .......... .......... .......... 22%  257M 1s
- 12000K .......... .......... .......... .......... .......... 22%  250M 1s
- 12050K .......... .......... .......... .......... .......... 22%  252M 1s
- 12100K .......... .......... .......... .......... .......... 22% 15.4M 1s
- 12150K .......... .......... .......... .......... .......... 22% 50.5M 1s
- 12200K .......... .......... .......... .......... .......... 22%  216M 1s
- 12250K .......... .......... .......... .......... .......... 23%  249M 1s
- 12300K .......... .......... .......... .......... .......... 23%  219M 1s
- 12350K .......... .......... .......... .......... .......... 23%  218M 1s
- 12400K .......... .......... .......... .......... .......... 23% 21.4M 1s
- 12450K .......... .......... .......... .......... .......... 23% 68.2M 1s
- 12500K .......... .......... .......... .......... .......... 23% 45.8M 1s
- 12550K .......... .......... .......... .......... .......... 23% 52.4M 1s
- 12600K .......... .......... .......... .......... .......... 23%  126M 1s
- 12650K .......... .......... .......... .......... .......... 23%  153M 1s
- 12700K .......... .......... .......... .......... .......... 23%  154M 1s
- 12750K .......... .......... .......... .......... .......... 23%  165M 1s
- 12800K .......... .......... .......... .......... .......... 24%  252M 1s
- 12850K .......... .......... .......... .......... .......... 24%  224M 1s
- 12900K .......... .......... .......... .......... .......... 24%  205M 1s
- 12950K .......... .......... .......... .......... .......... 24%  214M 1s
- 13000K .......... .......... .......... .......... .......... 24%  217M 1s
- 13050K .......... .......... .......... .......... .......... 24%  174M 1s
- 13100K .......... .......... .......... .......... .......... 24%  139M 1s
- 13150K .......... .......... .......... .......... .......... 24%  169M 1s
- 13200K .......... .......... .......... .......... .......... 24%  142M 1s
- 13250K .......... .......... .......... .......... .......... 24%  151M 1s
- 13300K .......... .......... .......... .......... .......... 24%  143M 1s
- 13350K .......... .......... .......... .......... .......... 25%  155M 1s
- 13400K .......... .......... .......... .......... .......... 25%  150M 1s
- 13450K .......... .......... .......... .......... .......... 25%  153M 1s
- 13500K .......... .......... .......... .......... .......... 25%  132M 1s
- 13550K .......... .......... .......... .......... .......... 25%  168M 1s
- 13600K .......... .......... .......... .......... .......... 25%  161M 1s
- 13650K .......... .......... .......... .......... .......... 25%  160M 1s
- 13700K .......... .......... .......... .......... .......... 25%  119M 1s
- 13750K .......... .......... .......... .......... .......... 25%  176M 1s
- 13800K .......... .......... .......... .......... .......... 25%  154M 1s
- 13850K .......... .......... .......... .......... .......... 26%  144M 1s
- 13900K .......... .......... .......... .......... .......... 26%  138M 1s
- 13950K .......... .......... .......... .......... .......... 26%  150M 1s
- 14000K .......... .......... .......... .......... .......... 26%  147M 1s
- 14050K .......... .......... .......... .......... .......... 26%  164M 1s
- 14100K .......... .......... .......... .......... .......... 26%  138M 1s
- 14150K .......... .......... .......... .......... .......... 26%  160M 1s
- 14200K .......... .......... .......... .......... .......... 26%  147M 1s
- 14250K .......... .......... .......... .......... .......... 26%  164M 1s
- 14300K .......... .......... .......... .......... .......... 26%  139M 1s
- 14350K .......... .......... .......... .......... .......... 26%  221M 1s
- 14400K .......... .......... .......... .......... .......... 27%  244M 1s
- 14450K .......... .......... .......... .......... .......... 27%  255M 1s
- 14500K .......... .......... .......... .......... .......... 27%  224M 1s
- 14550K .......... .......... .......... .......... .......... 27%  234M 1s
- 14600K .......... .......... .......... .......... .......... 27%  225M 1s
- 14650K .......... .......... .......... .......... .......... 27%  149M 1s
- 14700K .......... .......... .......... .......... .......... 27%  137M 1s
- 14750K .......... .......... .......... .......... .......... 27%  145M 1s
- 14800K .......... .......... .......... .......... .......... 27%  158M 1s
- 14850K .......... .......... .......... .......... .......... 27%  156M 1s
- 14900K .......... .......... .......... .......... .......... 27%  142M 1s
- 14950K .......... .......... .......... .......... .......... 28%  172M 1s
- 15000K .......... .......... .......... .......... .......... 28%  209M 1s
- 15050K .......... .......... .......... .......... .......... 28%  241M 1s
- 15100K .......... .......... .......... .......... .......... 28%  160M 1s
- 15150K .......... .......... .......... .......... .......... 28%  185M 1s
- 15200K .......... .......... .......... .......... .......... 28%  148M 1s
- 15250K .......... .......... .......... .......... .......... 28%  143M 1s
- 15300K .......... .......... .......... .......... .......... 28%  144M 1s
- 15350K .......... .......... .......... .......... .......... 28%  188M 1s
- 15400K .......... .......... .......... .......... .......... 28%  140M 1s
- 15450K .......... .......... .......... .......... .......... 29%  147M 1s
- 15500K .......... .......... .......... .......... .......... 29%  143M 1s
- 15550K .......... .......... .......... .......... .......... 29%  176M 1s
- 15600K .......... .......... .......... .......... .......... 29%  151M 1s
- 15650K .......... .......... .......... .......... .......... 29%  161M 1s
- 15700K .......... .......... .......... .......... .......... 29%  156M 1s
- 15750K .......... .......... .......... .......... .......... 29%  138M 1s
- 15800K .......... .......... .......... .......... .......... 29%  153M 1s
- 15850K .......... .......... .......... .......... .......... 29%  149M 1s
- 15900K .......... .......... .......... .......... .......... 29%  131M 1s
- 15950K .......... .......... .......... .......... .......... 29%  158M 1s
- 16000K .......... .......... .......... .......... .......... 30%  166M 1s
- 16050K .......... .......... .......... .......... .......... 30%  156M 1s
- 16100K .......... .......... .......... .......... .......... 30%  125M 1s
- 16150K .......... .......... .......... .......... .......... 30%  154M 1s
- 16200K .......... .......... .......... .......... .......... 30%  153M 1s
- 16250K .......... .......... .......... .......... .......... 30%  165M 1s
- 16300K .......... .......... .......... .......... .......... 30%  142M 1s
- 16350K .......... .......... .......... .......... .......... 30%  166M 1s
- 16400K .......... .......... .......... .......... .......... 30%  170M 1s
- 16450K .......... .......... .......... .......... .......... 30%  226M 1s
- 16500K .......... .......... .......... .......... .......... 30%  228M 1s
- 16550K .......... .......... .......... .......... .......... 31%  218M 1s
- 16600K .......... .......... .......... .......... .......... 31%  178M 1s
- 16650K .......... .......... .......... .......... .......... 31%  146M 1s
- 16700K .......... .......... .......... .......... .......... 31%  136M 1s
- 16750K .......... .......... .......... .......... .......... 31%  161M 0s
- 16800K .......... .......... .......... .......... .......... 31%  170M 0s
- 16850K .......... .......... .......... .......... .......... 31%  156M 0s
- 16900K .......... .......... .......... .......... .......... 31%  126M 0s
- 16950K .......... .......... .......... .......... .......... 31%  164M 0s
- 17000K .......... .......... .......... .......... .......... 31%  166M 0s
- 17050K .......... .......... .......... .......... .......... 32%  159M 0s
- 17100K .......... .......... .......... .......... .......... 32%  159M 0s
- 17150K .......... .......... .......... .......... .......... 32%  215M 0s
- 17200K .......... .......... .......... .......... .......... 32%  245M 0s
- 17250K .......... .......... .......... .......... .......... 32%  173M 0s
- 17300K .......... .......... .......... .......... .......... 32%  141M 0s
- 17350K .......... .......... .......... .......... .......... 32%  149M 0s
- 17400K .......... .......... .......... .......... .......... 32%  143M 0s
- 17450K .......... .......... .......... .......... .......... 32%  161M 0s
- 17500K .......... .......... .......... .......... .......... 32%  142M 0s
- 17550K .......... .......... .......... .......... .......... 32%  140M 0s
- 17600K .......... .......... .......... .......... .......... 33%  137M 0s
- 17650K .......... .......... .......... .......... .......... 33%  159M 0s
- 17700K .......... .......... .......... .......... .......... 33%  147M 0s
- 17750K .......... .......... .......... .......... .......... 33%  172M 0s
- 17800K .......... .......... .......... .......... .......... 33%  173M 0s
- 17850K .......... .......... .......... .......... .......... 33%  167M 0s
- 17900K .......... .......... .......... .......... .......... 33%  119M 0s
- 17950K .......... .......... .......... .......... .......... 33%  152M 0s
- 18000K .......... .......... .......... .......... .......... 33%  159M 0s
- 18050K .......... .......... .......... .......... .......... 33%  212M 0s
- 18100K .......... .......... .......... .......... .......... 33%  168M 0s
- 18150K .......... .......... .......... .......... .......... 34%  225M 0s
- 18200K .......... .......... .......... .......... .......... 34%  202M 0s
- 18250K .......... .......... .......... .......... .......... 34%  151M 0s
- 18300K .......... .......... .......... .......... .......... 34%  121M 0s
- 18350K .......... .......... .......... .......... .......... 34%  159M 0s
- 18400K .......... .......... .......... .......... .......... 34%  153M 0s
- 18450K .......... .......... .......... .......... .......... 34%  161M 0s
- 18500K .......... .......... .......... .......... .......... 34%  144M 0s
- 18550K .......... .......... .......... .......... .......... 34%  171M 0s
- 18600K .......... .......... .......... .......... .......... 34%  170M 0s
- 18650K .......... .......... .......... .......... .......... 35%  168M 0s
- 18700K .......... .......... .......... .......... .......... 35%  144M 0s
- 18750K .......... .......... .......... .......... .......... 35%  152M 0s
- 18800K .......... .......... .......... .......... .......... 35%  160M 0s
- 18850K .......... .......... .......... .......... .......... 35%  161M 0s
- 18900K .......... .......... .......... .......... .......... 35%  160M 0s
- 18950K .......... .......... .......... .......... .......... 35%  138M 0s
- 19000K .......... .......... .......... .......... .......... 35%  147M 0s
- 19050K .......... .......... .......... .......... .......... 35%  176M 0s
- 19100K .......... .......... .......... .......... .......... 35%  164M 0s
- 19150K .......... .......... .......... .......... .......... 35%  244M 0s
- 19200K .......... .......... .......... .......... .......... 36%  149M 0s
- 19250K .......... .......... .......... .......... .......... 36%  150M 0s
- 19300K .......... .......... .......... .......... .......... 36%  149M 0s
- 19350K .......... .......... .......... .......... .......... 36%  236M 0s
- 19400K .......... .......... .......... .......... .......... 36%  242M 0s
- 19450K .......... .......... .......... .......... .......... 36%  204M 0s
- 19500K .......... .......... .......... .......... .......... 36%  151M 0s
- 19550K .......... .......... .......... .......... .......... 36%  165M 0s
- 19600K .......... .......... .......... .......... .......... 36%  154M 0s
- 19650K .......... .......... .......... .......... .......... 36%  162M 0s
- 19700K .......... .......... .......... .......... .......... 36%  108M 0s
- 19750K .......... .......... .......... .......... .......... 37%  147M 0s
- 19800K .......... .......... .......... .......... .......... 37%  147M 0s
- 19850K .......... .......... .......... .......... .......... 37%  156M 0s
- 19900K .......... .......... .......... .......... .......... 37%  137M 0s
- 19950K .......... .......... .......... .......... .......... 37%  170M 0s
- 20000K .......... .......... .......... .......... .......... 37%  157M 0s
- 20050K .......... .......... .......... .......... .......... 37%  157M 0s
- 20100K .......... .......... .......... .......... .......... 37%  131M 0s
- 20150K .......... .......... .......... .......... .......... 37%  140M 0s
- 20200K .......... .......... .......... .......... .......... 37%  134M 0s
- 20250K .......... .......... .......... .......... .......... 38%  155M 0s
- 20300K .......... .......... .......... .......... .......... 38%  141M 0s
- 20350K .......... .......... .......... .......... .......... 38%  253M 0s
- 20400K .......... .......... .......... .......... .......... 38%  249M 0s
- 20450K .......... .......... .......... .......... .......... 38%  230M 0s
- 20500K .......... .......... .......... .......... .......... 38%  220M 0s
- 20550K .......... .......... .......... .......... .......... 38%  159M 0s
- 20600K .......... .......... .......... .......... .......... 38%  141M 0s
- 20650K .......... .......... .......... .......... .......... 38%  150M 0s
- 20700K .......... .......... .......... .......... .......... 38%  124M 0s
- 20750K .......... .......... .......... .......... .......... 38%  108M 0s
- 20800K .......... .......... .......... .......... .......... 39%  135M 0s
- 20850K .......... .......... .......... .......... .......... 39%  173M 0s
- 20900K .......... .......... .......... .......... .......... 39%  168M 0s
- 20950K .......... .......... .......... .......... .......... 39%  141M 0s
- 21000K .......... .......... .......... .......... .......... 39%  155M 0s
- 21050K .......... .......... .......... .......... .......... 39%  164M 0s
- 21100K .......... .......... .......... .......... .......... 39%  154M 0s
- 21150K .......... .......... .......... .......... .......... 39%  143M 0s
- 21200K .......... .......... .......... .......... .......... 39%  160M 0s
- 21250K .......... .......... .......... .......... .......... 39%  168M 0s
- 21300K .......... .......... .......... .......... .......... 39%  181M 0s
- 21350K .......... .......... .......... .......... .......... 40%  149M 0s
- 21400K .......... .......... .......... .......... .......... 40%  176M 0s
- 21450K .......... .......... .......... .......... .......... 40%  162M 0s
- 21500K .......... .......... .......... .......... .......... 40%  188M 0s
- 21550K .......... .......... .......... .......... .......... 40%  178M 0s
- 21600K .......... .......... .......... .......... .......... 40%  208M 0s
- 21650K .......... .......... .......... .......... .......... 40%  232M 0s
- 21700K .......... .......... .......... .......... .......... 40%  158M 0s
- 21750K .......... .......... .......... .......... .......... 40%  138M 0s
- 21800K .......... .......... .......... .......... .......... 40%  173M 0s
- 21850K .......... .......... .......... .......... .......... 41%  157M 0s
- 21900K .......... .......... .......... .......... .......... 41%  151M 0s
- 21950K .......... .......... .......... .......... .......... 41%  138M 0s
- 22000K .......... .......... .......... .......... .......... 41%  156M 0s
- 22050K .......... .......... .......... .......... .......... 41%  204M 0s
- 22100K .......... .......... .......... .......... .......... 41%  253M 0s
- 22150K .......... .......... .......... .......... .......... 41%  158M 0s
- 22200K .......... .......... .......... .......... .......... 41%  167M 0s
- 22250K .......... .......... .......... .......... .......... 41%  194M 0s
- 22300K .......... .......... .......... .......... .......... 41%  212M 0s
- 22350K .......... .......... .......... .......... .......... 41%  153M 0s
- 22400K .......... .......... .......... .......... .......... 42%  167M 0s
- 22450K .......... .......... .......... .......... .......... 42%  155M 0s
- 22500K .......... .......... .......... .......... .......... 42%  143M 0s
- 22550K .......... .......... .......... .......... .......... 42%  128M 0s
- 22600K .......... .......... .......... .......... .......... 42%  166M 0s
- 22650K .......... .......... .......... .......... .......... 42%  155M 0s
- 22700K .......... .......... .......... .......... .......... 42%  152M 0s
- 22750K .......... .......... .......... .......... .......... 42%  126M 0s
- 22800K .......... .......... .......... .......... .......... 42%  158M 0s
- 22850K .......... .......... .......... .......... .......... 42%  155M 0s
- 22900K .......... .......... .......... .......... .......... 42%  153M 0s
- 22950K .......... .......... .......... .......... .......... 43%  204M 0s
- 23000K .......... .......... .......... .......... .......... 43%  220M 0s
- 23050K .......... .......... .......... .......... .......... 43%  250M 0s
- 23100K .......... .......... .......... .......... .......... 43%  255M 0s
- 23150K .......... .......... .......... .......... .......... 43%  196M 0s
- 23200K .......... .......... .......... .......... .......... 43%  166M 0s
- 23250K .......... .......... .......... .......... .......... 43%  166M 0s
- 23300K .......... .......... .......... .......... .......... 43%  171M 0s
- 23350K .......... .......... .......... .......... .......... 43%  158M 0s
- 23400K .......... .......... .......... .......... .......... 43%  168M 0s
- 23450K .......... .......... .......... .......... .......... 44%  165M 0s
- 23500K .......... .......... .......... .......... .......... 44%  174M 0s
- 23550K .......... .......... .......... .......... .......... 44%  132M 0s
- 23600K .......... .......... .......... .......... .......... 44%  146M 0s
- 23650K .......... .......... .......... .......... .......... 44%  154M 0s
- 23700K .......... .......... .......... .......... .......... 44%  164M 0s
- 23750K .......... .......... .......... .......... .......... 44%  208M 0s
- 23800K .......... .......... .......... .......... .......... 44%  249M 0s
- 23850K .......... .......... .......... .......... .......... 44%  210M 0s
- 23900K .......... .......... .......... .......... .......... 44%  195M 0s
- 23950K .......... .......... .......... .......... .......... 44%  128M 0s
- 24000K .......... .......... .......... .......... .......... 45%  160M 0s
- 24050K .......... .......... .......... .......... .......... 45%  144M 0s
- 24100K .......... .......... .......... .......... .......... 45%  147M 0s
- 24150K .......... .......... .......... .......... .......... 45%  149M 0s
- 24200K .......... .......... .......... .......... .......... 45%  161M 0s
- 24250K .......... .......... .......... .......... .......... 45%  174M 0s
- 24300K .......... .......... .......... .......... .......... 45%  163M 0s
- 24350K .......... .......... .......... .......... .......... 45%  135M 0s
- 24400K .......... .......... .......... .......... .......... 45%  172M 0s
- 24450K .......... .......... .......... .......... .......... 45%  148M 0s
- 24500K .......... .......... .......... .......... .......... 45%  151M 0s
- 24550K .......... .......... .......... .......... .......... 46%  136M 0s
- 24600K .......... .......... .......... .......... .......... 46%  136M 0s
- 24650K .......... .......... .......... .......... .......... 46%  139M 0s
- 24700K .......... .......... .......... .......... .......... 46%  167M 0s
- 24750K .......... .......... .......... .......... .......... 46%  152M 0s
- 24800K .......... .......... .......... .......... .......... 46%  152M 0s
- 24850K .......... .......... .......... .......... .......... 46%  181M 0s
- 24900K .......... .......... .......... .......... .......... 46%  166M 0s
- 24950K .......... .......... .......... .......... .......... 46%  143M 0s
- 25000K .......... .......... .......... .......... .......... 46%  171M 0s
- 25050K .......... .......... .......... .......... .......... 47%  163M 0s
- 25100K .......... .......... .......... .......... .......... 47%  174M 0s
- 25150K .......... .......... .......... .......... .......... 47%  130M 0s
- 25200K .......... .......... .......... .......... .......... 47%  167M 0s
- 25250K .......... .......... .......... .......... .......... 47%  157M 0s
- 25300K .......... .......... .......... .......... .......... 47%  156M 0s
- 25350K .......... .......... .......... .......... .......... 47%  162M 0s
- 25400K .......... .......... .......... .......... .......... 47%  142M 0s
- 25450K .......... .......... .......... .......... .......... 47%  195M 0s
- 25500K .......... .......... .......... .......... .......... 47%  165M 0s
- 25550K .......... .......... .......... .......... .......... 47%  138M 0s
- 25600K .......... .......... .......... .......... .......... 48%  155M 0s
- 25650K .......... .......... .......... .......... .......... 48%  157M 0s
- 25700K .......... .......... .......... .......... .......... 48%  148M 0s
- 25750K .......... .......... .......... .......... .......... 48%  136M 0s
- 25800K .......... .......... .......... .......... .......... 48%  157M 0s
- 25850K .......... .......... .......... .......... .......... 48%  162M 0s
- 25900K .......... .......... .......... .......... .......... 48%  258M 0s
- 25950K .......... .......... .......... .......... .......... 48%  208M 0s
- 26000K .......... .......... .......... .......... .......... 48%  211M 0s
- 26050K .......... .......... .......... .......... .......... 48%  236M 0s
- 26100K .......... .......... .......... .......... .......... 48%  247M 0s
- 26150K .......... .......... .......... .......... .......... 49%  226M 0s
- 26200K .......... .......... .......... .......... .......... 49%  154M 0s
- 26250K .......... .......... .......... .......... .......... 49%  154M 0s
- 26300K .......... .......... .......... .......... .......... 49%  166M 0s
- 26350K .......... .......... .......... .......... .......... 49%  105M 0s
- 26400K .......... .......... .......... .......... .......... 49%  152M 0s
- 26450K .......... .......... .......... .......... .......... 49%  145M 0s
- 26500K .......... .......... .......... .......... .......... 49%  149M 0s
- 26550K .......... .......... .......... .......... .......... 49% 88.6M 0s
- 26600K .......... .......... .......... .......... .......... 49%  148M 0s
- 26650K .......... .......... .......... .......... .......... 49%  177M 0s
- 26700K .......... .......... .......... .......... .......... 50%  189M 0s
- 26750K .......... .......... .......... .......... .......... 50%  133M 0s
- 26800K .......... .......... .......... .......... .......... 50%  148M 0s
- 26850K .......... .......... .......... .......... .......... 50%  171M 0s
- 26900K .......... .......... .......... .......... .......... 50%  226M 0s
- 26950K .......... .......... .......... .......... .......... 50%  149M 0s
- 27000K .......... .......... .......... .......... .......... 50%  162M 0s
- 27050K .......... .......... .......... .......... .......... 50%  160M 0s
- 27100K .......... .......... .......... .......... .......... 50%  135M 0s
- 27150K .......... .......... .......... .......... .......... 50%  133M 0s
- 27200K .......... .......... .......... .......... .......... 51%  156M 0s
- 27250K .......... .......... .......... .......... .......... 51%  159M 0s
- 27300K .......... .......... .......... .......... .......... 51%  165M 0s
- 27350K .......... .......... .......... .......... .......... 51%  148M 0s
- 27400K .......... .......... .......... .......... .......... 51%  182M 0s
- 27450K .......... .......... .......... .......... .......... 51%  172M 0s
- 27500K .......... .......... .......... .......... .......... 51%  162M 0s
- 27550K .......... .......... .......... .......... .......... 51%  149M 0s
- 27600K .......... .......... .......... .......... .......... 51%  175M 0s
- 27650K .......... .......... .......... .......... .......... 51%  153M 0s
- 27700K .......... .......... .......... .......... .......... 51%  174M 0s
- 27750K .......... .......... .......... .......... .......... 52%  134M 0s
- 27800K .......... .......... .......... .......... .......... 52%  161M 0s
- 27850K .......... .......... .......... .......... .......... 52%  165M 0s
- 27900K .......... .......... .......... .......... .......... 52%  136M 0s
- 27950K .......... .......... .......... .......... .......... 52%  130M 0s
- 28000K .......... .......... .......... .......... .......... 52%  160M 0s
- 28050K .......... .......... .......... .......... .......... 52%  163M 0s
- 28100K .......... .......... .......... .......... .......... 52%  199M 0s
- 28150K .......... .......... .......... .......... .......... 52%  142M 0s
- 28200K .......... .......... .......... .......... .......... 52%  185M 0s
- 28250K .......... .......... .......... .......... .......... 52%  155M 0s
- 28300K .......... .......... .......... .......... .......... 53%  165M 0s
- 28350K .......... .......... .......... .......... .......... 53%  151M 0s
- 28400K .......... .......... .......... .......... .......... 53%  161M 0s
- 28450K .......... .......... .......... .......... .......... 53%  242M 0s
- 28500K .......... .......... .......... .......... .......... 53%  240M 0s
- 28550K .......... .......... .......... .......... .......... 53%  198M 0s
- 28600K .......... .......... .......... .......... .......... 53%  162M 0s
- 28650K .......... .......... .......... .......... .......... 53%  161M 0s
- 28700K .......... .......... .......... .......... .......... 53%  173M 0s
- 28750K .......... .......... .......... .......... .......... 53%  136M 0s
- 28800K .......... .......... .......... .......... .......... 54%  158M 0s
- 28850K .......... .......... .......... .......... .......... 54%  158M 0s
- 28900K .......... .......... .......... .......... .......... 54%  143M 0s
- 28950K .......... .......... .......... .......... .......... 54%  137M 0s
- 29000K .......... .......... .......... .......... .......... 54%  163M 0s
- 29050K .......... .......... .......... .......... .......... 54%  163M 0s
- 29100K .......... .......... .......... .......... .......... 54%  238M 0s
- 29150K .......... .......... .......... .......... .......... 54%  181M 0s
- 29200K .......... .......... .......... .......... .......... 54%  224M 0s
- 29250K .......... .......... .......... .......... .......... 54%  225M 0s
- 29300K .......... .......... .......... .......... .......... 54%  256M 0s
- 29350K .......... .......... .......... .......... .......... 55%  233M 0s
- 29400K .......... .......... .......... .......... .......... 55%  246M 0s
- 29450K .......... .......... .......... .......... .......... 55%  263M 0s
- 29500K .......... .......... .......... .......... .......... 55%  209M 0s
- 29550K .......... .......... .......... .......... .......... 55%  133M 0s
- 29600K .......... .......... .......... .......... .......... 55%  160M 0s
- 29650K .......... .......... .......... .......... .......... 55%  164M 0s
- 29700K .......... .......... .......... .......... .......... 55%  187M 0s
- 29750K .......... .......... .......... .......... .......... 55%  154M 0s
- 29800K .......... .......... .......... .......... .......... 55%  138M 0s
- 29850K .......... .......... .......... .......... .......... 55%  126M 0s
- 29900K .......... .......... .......... .......... .......... 56%  154M 0s
- 29950K .......... .......... .......... .......... .......... 56%  141M 0s
- 30000K .......... .......... .......... .......... .......... 56%  175M 0s
- 30050K .......... .......... .......... .......... .......... 56%  161M 0s
- 30100K .......... .......... .......... .......... .......... 56%  175M 0s
- 30150K .......... .......... .......... .......... .......... 56%  122M 0s
- 30200K .......... .......... .......... .......... .......... 56%  158M 0s
- 30250K .......... .......... .......... .......... .......... 56%  165M 0s
- 30300K .......... .......... .......... .......... .......... 56%  161M 0s
- 30350K .......... .......... .......... .......... .......... 56%  134M 0s
- 30400K .......... .......... .......... .......... .......... 57%  109M 0s
- 30450K .......... .......... .......... .......... .......... 57%  145M 0s
- 30500K .......... .......... .......... .......... .......... 57%  138M 0s
- 30550K .......... .......... .......... .......... .......... 57%  180M 0s
- 30600K .......... .......... .......... .......... .......... 57%  238M 0s
- 30650K .......... .......... .......... .......... .......... 57%  236M 0s
- 30700K .......... .......... .......... .......... .......... 57%  194M 0s
- 30750K .......... .......... .......... .......... .......... 57%  131M 0s
- 30800K .......... .......... .......... .......... .......... 57%  164M 0s
- 30850K .......... .......... .......... .......... .......... 57%  147M 0s
- 30900K .......... .......... .......... .......... .......... 57%  155M 0s
- 30950K .......... .......... .......... .......... .......... 58%  142M 0s
- 31000K .......... .......... .......... .......... .......... 58%  163M 0s
- 31050K .......... .......... .......... .......... .......... 58%  161M 0s
- 31100K .......... .......... .......... .......... .......... 58%  177M 0s
- 31150K .......... .......... .......... .......... .......... 58%  141M 0s
- 31200K .......... .......... .......... .......... .......... 58%  140M 0s
- 31250K .......... .......... .......... .......... .......... 58%  161M 0s
- 31300K .......... .......... .......... .......... .......... 58%  171M 0s
- 31350K .......... .......... .......... .......... .......... 58%  150M 0s
- 31400K .......... .......... .......... .......... .......... 58%  152M 0s
- 31450K .......... .......... .......... .......... .......... 58%  174M 0s
- 31500K .......... .......... .......... .......... .......... 59%  173M 0s
- 31550K .......... .......... .......... .......... .......... 59%  182M 0s
- 31600K .......... .......... .......... .......... .......... 59%  143M 0s
- 31650K .......... .......... .......... .......... .......... 59%  166M 0s
- 31700K .......... .......... .......... .......... .......... 59%  172M 0s
- 31750K .......... .......... .......... .......... .......... 59%  145M 0s
- 31800K .......... .......... .......... .......... .......... 59%  193M 0s
- 31850K .......... .......... .......... .......... .......... 59%  153M 0s
- 31900K .......... .......... .......... .......... .......... 59%  157M 0s
- 31950K .......... .......... .......... .......... .......... 59%  135M 0s
- 32000K .......... .......... .......... .......... .......... 60%  166M 0s
- 32050K .......... .......... .......... .......... .......... 60%  168M 0s
- 32100K .......... .......... .......... .......... .......... 60%  167M 0s
- 32150K .......... .......... .......... .......... .......... 60%  154M 0s
- 32200K .......... .......... .......... .......... .......... 60%  196M 0s
- 32250K .......... .......... .......... .......... .......... 60%  228M 0s
- 32300K .......... .......... .......... .......... .......... 60%  259M 0s
- 32350K .......... .......... .......... .......... .......... 60%  216M 0s
- 32400K .......... .......... .......... .......... .......... 60%  253M 0s
- 32450K .......... .......... .......... .......... .......... 60%  259M 0s
- 32500K .......... .......... .......... .......... .......... 60%  176M 0s
- 32550K .......... .......... .......... .......... .......... 61%  137M 0s
- 32600K .......... .......... .......... .......... .......... 61%  158M 0s
- 32650K .......... .......... .......... .......... .......... 61%  167M 0s
- 32700K .......... .......... .......... .......... .......... 61%  171M 0s
- 32750K .......... .......... .......... .......... .......... 61%  148M 0s
- 32800K .......... .......... .......... .......... .......... 61%  261M 0s
- 32850K .......... .......... .......... .......... .......... 61%  235M 0s
- 32900K .......... .......... .......... .......... .......... 61%  260M 0s
- 32950K .......... .......... .......... .......... .......... 61%  139M 0s
- 33000K .......... .......... .......... .......... .......... 61%  206M 0s
- 33050K .......... .......... .......... .......... .......... 61%  149M 0s
- 33100K .......... .......... .......... .......... .......... 62%  176M 0s
- 33150K .......... .......... .......... .......... .......... 62%  135M 0s
- 33200K .......... .......... .......... .......... .......... 62%  146M 0s
- 33250K .......... .......... .......... .......... .......... 62%  166M 0s
- 33300K .......... .......... .......... .......... .......... 62%  165M 0s
- 33350K .......... .......... .......... .......... .......... 62%  141M 0s
- 33400K .......... .......... .......... .......... .......... 62%  168M 0s
- 33450K .......... .......... .......... .......... .......... 62%  170M 0s
- 33500K .......... .......... .......... .......... .......... 62%  147M 0s
- 33550K .......... .......... .......... .......... .......... 62%  132M 0s
- 33600K .......... .......... .......... .......... .......... 63%  172M 0s
- 33650K .......... .......... .......... .......... .......... 63%  177M 0s
- 33700K .......... .......... .......... .......... .......... 63%  181M 0s
- 33750K .......... .......... .......... .......... .......... 63%  140M 0s
- 33800K .......... .......... .......... .......... .......... 63%  213M 0s
- 33850K .......... .......... .......... .......... .......... 63%  146M 0s
- 33900K .......... .......... .......... .......... .......... 63%  170M 0s
- 33950K .......... .......... .......... .......... .......... 63%  139M 0s
- 34000K .......... .......... .......... .......... .......... 63%  176M 0s
- 34050K .......... .......... .......... .......... .......... 63%  147M 0s
- 34100K .......... .......... .......... .......... .......... 63%  156M 0s
- 34150K .......... .......... .......... .......... .......... 64%  154M 0s
- 34200K .......... .......... .......... .......... .......... 64%  168M 0s
- 34250K .......... .......... .......... .......... .......... 64%  159M 0s
- 34300K .......... .......... .......... .......... .......... 64%  155M 0s
- 34350K .......... .......... .......... .......... .......... 64%  144M 0s
- 34400K .......... .......... .......... .......... .......... 64%  168M 0s
- 34450K .......... .......... .......... .......... .......... 64%  170M 0s
- 34500K .......... .......... .......... .......... .......... 64%  159M 0s
- 34550K .......... .......... .......... .......... .......... 64%  152M 0s
- 34600K .......... .......... .......... .......... .......... 64%  165M 0s
- 34650K .......... .......... .......... .......... .......... 64%  174M 0s
- 34700K .......... .......... .......... .......... .......... 65%  173M 0s
- 34750K .......... .......... .......... .......... .......... 65%  127M 0s
- 34800K .......... .......... .......... .......... .......... 65%  153M 0s
- 34850K .......... .......... .......... .......... .......... 65%  174M 0s
- 34900K .......... .......... .......... .......... .......... 65%  166M 0s
- 34950K .......... .......... .......... .......... .......... 65%  151M 0s
- 35000K .......... .......... .......... .......... .......... 65%  223M 0s
- 35050K .......... .......... .......... .......... .......... 65%  260M 0s
- 35100K .......... .......... .......... .......... .......... 65%  249M 0s
- 35150K .......... .......... .......... .......... .......... 65%  225M 0s
- 35200K .......... .......... .......... .......... .......... 66%  259M 0s
- 35250K .......... .......... .......... .......... .......... 66%  190M 0s
- 35300K .......... .......... .......... .......... .......... 66%  185M 0s
- 35350K .......... .......... .......... .......... .......... 66% 59.1M 0s
- 35400K .......... .......... .......... .......... .......... 66%  126M 0s
- 35450K .......... .......... .......... .......... .......... 66%  134M 0s
- 35500K .......... .......... .......... .......... .......... 66%  170M 0s
- 35550K .......... .......... .......... .......... .......... 66%  139M 0s
- 35600K .......... .......... .......... .......... .......... 66%  187M 0s
- 35650K .......... .......... .......... .......... .......... 66%  168M 0s
- 35700K .......... .......... .......... .......... .......... 66%  160M 0s
- 35750K .......... .......... .......... .......... .......... 67%  150M 0s
- 35800K .......... .......... .......... .......... .......... 67%  152M 0s
- 35850K .......... .......... .......... .......... .......... 67%  189M 0s
- 35900K .......... .......... .......... .......... .......... 67%  142M 0s
- 35950K .......... .......... .......... .......... .......... 67%  122M 0s
- 36000K .......... .......... .......... .......... .......... 67%  181M 0s
- 36050K .......... .......... .......... .......... .......... 67%  220M 0s
- 36100K .......... .......... .......... .......... .......... 67%  149M 0s
- 36150K .......... .......... .......... .......... .......... 67%  161M 0s
- 36200K .......... .......... .......... .......... .......... 67%  153M 0s
- 36250K .......... .......... .......... .......... .......... 67%  157M 0s
- 36300K .......... .......... .......... .......... .......... 68%  159M 0s
- 36350K .......... .......... .......... .......... .......... 68%  151M 0s
- 36400K .......... .......... .......... .......... .......... 68%  177M 0s
- 36450K .......... .......... .......... .......... .......... 68%  159M 0s
- 36500K .......... .......... .......... .......... .......... 68%  171M 0s
- 36550K .......... .......... .......... .......... .......... 68%  134M 0s
- 36600K .......... .......... .......... .......... .......... 68%  148M 0s
- 36650K .......... .......... .......... .......... .......... 68%  157M 0s
- 36700K .......... .......... .......... .......... .......... 68%  161M 0s
- 36750K .......... .......... .......... .......... .......... 68%  137M 0s
- 36800K .......... .......... .......... .......... .......... 69%  158M 0s
- 36850K .......... .......... .......... .......... .......... 69%  179M 0s
- 36900K .......... .......... .......... .......... .......... 69%  258M 0s
- 36950K .......... .......... .......... .......... .......... 69%  216M 0s
- 37000K .......... .......... .......... .......... .......... 69%  261M 0s
- 37050K .......... .......... .......... .......... .......... 69%  241M 0s
- 37100K .......... .......... .......... .......... .......... 69%  242M 0s
- 37150K .......... .......... .......... .......... .......... 69%  193M 0s
- 37200K .......... .......... .......... .......... .......... 69%  202M 0s
- 37250K .......... .......... .......... .......... .......... 69%  265M 0s
- 37300K .......... .......... .......... .......... .......... 69%  257M 0s
- 37350K .......... .......... .......... .......... .......... 70%  219M 0s
- 37400K .......... .......... .......... .......... .......... 70%  222M 0s
- 37450K .......... .......... .......... .......... .......... 70%  168M 0s
- 37500K .......... .......... .......... .......... .......... 70%  177M 0s
- 37550K .......... .......... .......... .......... .......... 70%  134M 0s
- 37600K .......... .......... .......... .......... .......... 70%  143M 0s
- 37650K .......... .......... .......... .......... .......... 70%  150M 0s
- 37700K .......... .......... .......... .......... .......... 70%  155M 0s
- 37750K .......... .......... .......... .......... .......... 70%  138M 0s
- 37800K .......... .......... .......... .......... .......... 70%  171M 0s
- 37850K .......... .......... .......... .......... .......... 70%  169M 0s
- 37900K .......... .......... .......... .......... .......... 71%  181M 0s
- 37950K .......... .......... .......... .......... .......... 71%  136M 0s
- 38000K .......... .......... .......... .......... .......... 71%  145M 0s
- 38050K .......... .......... .......... .......... .......... 71%  155M 0s
- 38100K .......... .......... .......... .......... .......... 71%  168M 0s
- 38150K .......... .......... .......... .......... .......... 71%  153M 0s
- 38200K .......... .......... .......... .......... .......... 71%  139M 0s
- 38250K .......... .......... .......... .......... .......... 71%  231M 0s
- 38300K .......... .......... .......... .......... .......... 71%  169M 0s
- 38350K .......... .......... .......... .......... .......... 71%  141M 0s
- 38400K .......... .......... .......... .......... .......... 71%  158M 0s
- 38450K .......... .......... .......... .......... .......... 72%  154M 0s
- 38500K .......... .......... .......... .......... .......... 72%  164M 0s
- 38550K .......... .......... .......... .......... .......... 72%  159M 0s
- 38600K .......... .......... .......... .......... .......... 72%  169M 0s
- 38650K .......... .......... .......... .......... .......... 72%  138M 0s
- 38700K .......... .......... .......... .......... .......... 72%  164M 0s
- 38750K .......... .......... .......... .......... .......... 72%  145M 0s
- 38800K .......... .......... .......... .......... .......... 72%  162M 0s
- 38850K .......... .......... .......... .......... .......... 72%  170M 0s
- 38900K .......... .......... .......... .......... .......... 72%  163M 0s
- 38950K .......... .......... .......... .......... .......... 73%  144M 0s
- 39000K .......... .......... .......... .......... .......... 73%  166M 0s
- 39050K .......... .......... .......... .......... .......... 73%  176M 0s
- 39100K .......... .......... .......... .......... .......... 73%  153M 0s
- 39150K .......... .......... .......... .......... .......... 73%  134M 0s
- 39200K .......... .......... .......... .......... .......... 73%  156M 0s
- 39250K .......... .......... .......... .......... .......... 73%  168M 0s
- 39300K .......... .......... .......... .......... .......... 73%  176M 0s
- 39350K .......... .......... .......... .......... .......... 73%  152M 0s
- 39400K .......... .......... .......... .......... .......... 73%  157M 0s
- 39450K .......... .......... .......... .......... .......... 73%  175M 0s
- 39500K .......... .......... .......... .......... .......... 74%  190M 0s
- 39550K .......... .......... .......... .......... .......... 74%  147M 0s
- 39600K .......... .......... .......... .......... .......... 74%  162M 0s
- 39650K .......... .......... .......... .......... .......... 74%  209M 0s
- 39700K .......... .......... .......... .......... .......... 74%  241M 0s
- 39750K .......... .......... .......... .......... .......... 74%  229M 0s
- 39800K .......... .......... .......... .......... .......... 74%  256M 0s
- 39850K .......... .......... .......... .......... .......... 74%  174M 0s
- 39900K .......... .......... .......... .......... .......... 74%  168M 0s
- 39950K .......... .......... .......... .......... .......... 74%  154M 0s
- 40000K .......... .......... .......... .......... .......... 74%  156M 0s
- 40050K .......... .......... .......... .......... .......... 75%  151M 0s
- 40100K .......... .......... .......... .......... .......... 75%  153M 0s
- 40150K .......... .......... .......... .......... .......... 75%  162M 0s
- 40200K .......... .......... .......... .......... .......... 75%  165M 0s
- 40250K .......... .......... .......... .......... .......... 75%  174M 0s
- 40300K .......... .......... .......... .......... .......... 75%  165M 0s
- 40350K .......... .......... .......... .......... .......... 75%  129M 0s
- 40400K .......... .......... .......... .......... .......... 75%  148M 0s
- 40450K .......... .......... .......... .......... .......... 75%  141M 0s
- 40500K .......... .......... .......... .......... .......... 75%  166M 0s
- 40550K .......... .......... .......... .......... .......... 76%  140M 0s
- 40600K .......... .......... .......... .......... .......... 76%  176M 0s
- 40650K .......... .......... .......... .......... .......... 76%  228M 0s
- 40700K .......... .......... .......... .......... .......... 76%  172M 0s
- 40750K .......... .......... .......... .......... .......... 76%  140M 0s
- 40800K .......... .......... .......... .......... .......... 76%  178M 0s
- 40850K .......... .......... .......... .......... .......... 76%  183M 0s
- 40900K .......... .......... .......... .......... .......... 76%  115M 0s
- 40950K .......... .......... .......... .......... .......... 76%  170M 0s
- 41000K .......... .......... .......... .......... .......... 76%  155M 0s
- 41050K .......... .......... .......... .......... .......... 76%  148M 0s
- 41100K .......... .......... .......... .......... .......... 77%  153M 0s
- 41150K .......... .......... .......... .......... .......... 77%  141M 0s
- 41200K .......... .......... .......... .......... .......... 77%  153M 0s
- 41250K .......... .......... .......... .......... .......... 77%  175M 0s
- 41300K .......... .......... .......... .......... .......... 77%  159M 0s
- 41350K .......... .......... .......... .......... .......... 77%  138M 0s
- 41400K .......... .......... .......... .......... .......... 77%  174M 0s
- 41450K .......... .......... .......... .......... .......... 77%  163M 0s
- 41500K .......... .......... .......... .......... .......... 77%  167M 0s
- 41550K .......... .......... .......... .......... .......... 77%  130M 0s
- 41600K .......... .......... .......... .......... .......... 77%  145M 0s
- 41650K .......... .......... .......... .......... .......... 78%  192M 0s
- 41700K .......... .......... .......... .......... .......... 78%  186M 0s
- 41750K .......... .......... .......... .......... .......... 78%  128M 0s
- 41800K .......... .......... .......... .......... .......... 78%  166M 0s
- 41850K .......... .......... .......... .......... .......... 78%  154M 0s
- 41900K .......... .......... .......... .......... .......... 78%  152M 0s
- 41950K .......... .......... .......... .......... .......... 78%  152M 0s
- 42000K .......... .......... .......... .......... .......... 78%  173M 0s
- 42050K .......... .......... .......... .......... .......... 78%  162M 0s
- 42100K .......... .......... .......... .......... .......... 78%  174M 0s
- 42150K .......... .......... .......... .......... .......... 79%  231M 0s
- 42200K .......... .......... .......... .......... .......... 79%  232M 0s
- 42250K .......... .......... .......... .......... .......... 79%  234M 0s
- 42300K .......... .......... .......... .......... .......... 79%  143M 0s
- 42350K .......... .......... .......... .......... .......... 79%  139M 0s
- 42400K .......... .......... .......... .......... .......... 79%  163M 0s
- 42450K .......... .......... .......... .......... .......... 79%  172M 0s
- 42500K .......... .......... .......... .......... .......... 79%  165M 0s
- 42550K .......... .......... .......... .......... .......... 79%  147M 0s
- 42600K .......... .......... .......... .......... .......... 79%  152M 0s
- 42650K .......... .......... .......... .......... .......... 79%  253M 0s
- 42700K .......... .......... .......... .......... .......... 80%  259M 0s
- 42750K .......... .......... .......... .......... .......... 80%  203M 0s
- 42800K .......... .......... .......... .......... .......... 80%  263M 0s
- 42850K .......... .......... .......... .......... .......... 80%  259M 0s
- 42900K .......... .......... .......... .......... .......... 80%  236M 0s
- 42950K .......... .......... .......... .......... .......... 80%  200M 0s
- 43000K .......... .......... .......... .......... .......... 80%  157M 0s
- 43050K .......... .......... .......... .......... .......... 80%  140M 0s
- 43100K .......... .......... .......... .......... .......... 80%  185M 0s
- 43150K .......... .......... .......... .......... .......... 80%  116M 0s
- 43200K .......... .......... .......... .......... .......... 80%  178M 0s
- 43250K .......... .......... .......... .......... .......... 81%  158M 0s
- 43300K .......... .......... .......... .......... .......... 81%  175M 0s
- 43350K .......... .......... .......... .......... .......... 81%  166M 0s
- 43400K .......... .......... .......... .......... .......... 81%  180M 0s
- 43450K .......... .......... .......... .......... .......... 81%  152M 0s
- 43500K .......... .......... .......... .......... .......... 81%  139M 0s
- 43550K .......... .......... .......... .......... .......... 81%  141M 0s
- 43600K .......... .......... .......... .......... .......... 81%  161M 0s
- 43650K .......... .......... .......... .......... .......... 81%  162M 0s
- 43700K .......... .......... .......... .......... .......... 81%  168M 0s
- 43750K .......... .......... .......... .......... .......... 82%  148M 0s
- 43800K .......... .......... .......... .......... .......... 82%  172M 0s
- 43850K .......... .......... .......... .......... .......... 82%  154M 0s
- 43900K .......... .......... .......... .......... .......... 82%  175M 0s
- 43950K .......... .......... .......... .......... .......... 82%  143M 0s
- 44000K .......... .......... .......... .......... .......... 82%  169M 0s
- 44050K .......... .......... .......... .......... .......... 82%  153M 0s
- 44100K .......... .......... .......... .......... .......... 82%  165M 0s
- 44150K .......... .......... .......... .......... .......... 82%  118M 0s
- 44200K .......... .......... .......... .......... .......... 82%  182M 0s
- 44250K .......... .......... .......... .......... .......... 82%  156M 0s
- 44300K .......... .......... .......... .......... .......... 83%  254M 0s
- 44350K .......... .......... .......... .......... .......... 83%  220M 0s
- 44400K .......... .......... .......... .......... .......... 83%  240M 0s
- 44450K .......... .......... .......... .......... .......... 83%  152M 0s
- 44500K .......... .......... .......... .......... .......... 83%  170M 0s
- 44550K .......... .......... .......... .......... .......... 83%  137M 0s
- 44600K .......... .......... .......... .......... .......... 83%  191M 0s
- 44650K .......... .......... .......... .......... .......... 83%  162M 0s
- 44700K .......... .......... .......... .......... .......... 83%  150M 0s
- 44750K .......... .......... .......... .......... .......... 83%  154M 0s
- 44800K .......... .......... .......... .......... .......... 83%  153M 0s
- 44850K .......... .......... .......... .......... .......... 84%  160M 0s
- 44900K .......... .......... .......... .......... .......... 84%  148M 0s
- 44950K .......... .......... .......... .......... .......... 84%  138M 0s
- 45000K .......... .......... .......... .......... .......... 84%  181M 0s
- 45050K .......... .......... .......... .......... .......... 84%  178M 0s
- 45100K .......... .......... .......... .......... .......... 84%  149M 0s
- 45150K .......... .......... .......... .......... .......... 84%  157M 0s
- 45200K .......... .......... .......... .......... .......... 84%  180M 0s
- 45250K .......... .......... .......... .......... .......... 84%  219M 0s
- 45300K .......... .......... .......... .......... .......... 84%  182M 0s
- 45350K .......... .......... .......... .......... .......... 85%  170M 0s
- 45400K .......... .......... .......... .......... .......... 85%  159M 0s
- 45450K .......... .......... .......... .......... .......... 85%  171M 0s
- 45500K .......... .......... .......... .......... .......... 85%  163M 0s
- 45550K .......... .......... .......... .......... .......... 85%  127M 0s
- 45600K .......... .......... .......... .......... .......... 85% 93.4M 0s
- 45650K .......... .......... .......... .......... .......... 85%  132M 0s
- 45700K .......... .......... .......... .......... .......... 85%  156M 0s
+  6200K .......... .......... .......... .......... .......... 11%  255M 1s
+  6250K .......... .......... .......... .......... .......... 11%  210M 1s
+  6300K .......... .......... .......... .......... .......... 11%  135M 1s
+  6350K .......... .......... .......... .......... .......... 11% 91.7M 1s
+  6400K .......... .......... .......... .......... .......... 12% 58.1M 1s
+  6450K .......... .......... .......... .......... .......... 12% 65.7M 1s
+  6500K .......... .......... .......... .......... .......... 12% 86.5M 1s
+  6550K .......... .......... .......... .......... .......... 12%  189M 1s
+  6600K .......... .......... .......... .......... .......... 12%  229M 1s
+  6650K .......... .......... .......... .......... .......... 12%  216M 1s
+  6700K .......... .......... .......... .......... .......... 12%  255M 1s
+  6750K .......... .......... .......... .......... .......... 12%  142M 1s
+  6800K .......... .......... .......... .......... .......... 12% 70.2M 1s
+  6850K .......... .......... .......... .......... .......... 12% 98.8M 1s
+  6900K .......... .......... .......... .......... .......... 13%  242M 1s
+  6950K .......... .......... .......... .......... .......... 13%  232M 1s
+  7000K .......... .......... .......... .......... .......... 13%  253M 1s
+  7050K .......... .......... .......... .......... .......... 13%  218M 1s
+  7100K .......... .......... .......... .......... .......... 13%  253M 1s
+  7150K .......... .......... .......... .......... .......... 13%  212M 1s
+  7200K .......... .......... .......... .......... .......... 13%  256M 1s
+  7250K .......... .......... .......... .......... .......... 13%  254M 1s
+  7300K .......... .......... .......... .......... .......... 13%  108M 1s
+  7350K .......... .......... .......... .......... .......... 13%  130M 1s
+  7400K .......... .......... .......... .......... .......... 13%  245M 1s
+  7450K .......... .......... .......... .......... .......... 14%  201M 1s
+  7500K .......... .......... .......... .......... .......... 14%  246M 1s
+  7550K .......... .......... .......... .......... .......... 14%  181M 1s
+  7600K .......... .......... .......... .......... .......... 14%  255M 1s
+  7650K .......... .......... .......... .......... .......... 14% 93.3M 1s
+  7700K .......... .......... .......... .......... .......... 14%  174M 1s
+  7750K .......... .......... .......... .......... .......... 14% 71.6M 1s
+  7800K .......... .......... .......... .......... .......... 14% 67.6M 1s
+  7850K .......... .......... .......... .......... .......... 14%  151M 1s
+  7900K .......... .......... .......... .......... .......... 14%  138M 1s
+  7950K .......... .......... .......... .......... .......... 14%  146M 1s
+  8000K .......... .......... .......... .......... .......... 15% 96.4M 1s
+  8050K .......... .......... .......... .......... .......... 15%  246M 1s
+  8100K .......... .......... .......... .......... .......... 15%  225M 1s
+  8150K .......... .......... .......... .......... .......... 15%  205M 1s
+  8200K .......... .......... .......... .......... .......... 15%  256M 1s
+  8250K .......... .......... .......... .......... .......... 15%  255M 1s
+  8300K .......... .......... .......... .......... .......... 15%  224M 1s
+  8350K .......... .......... .......... .......... .......... 15%  105M 1s
+  8400K .......... .......... .......... .......... .......... 15% 87.3M 1s
+  8450K .......... .......... .......... .......... .......... 15% 61.9M 1s
+  8500K .......... .......... .......... .......... .......... 16%  175M 1s
+  8550K .......... .......... .......... .......... .......... 16% 61.4M 1s
+  8600K .......... .......... .......... .......... .......... 16%  197M 1s
+  8650K .......... .......... .......... .......... .......... 16%  194M 1s
+  8700K .......... .......... .......... .......... .......... 16%  249M 1s
+  8750K .......... .......... .......... .......... .......... 16%  218M 1s
+  8800K .......... .......... .......... .......... .......... 16%  258M 1s
+  8850K .......... .......... .......... .......... .......... 16%  190M 1s
+  8900K .......... .......... .......... .......... .......... 16%  212M 1s
+  8950K .......... .......... .......... .......... .......... 16%  223M 1s
+  9000K .......... .......... .......... .......... .......... 16% 80.4M 1s
+  9050K .......... .......... .......... .......... .......... 17%  142M 1s
+  9100K .......... .......... .......... .......... .......... 17% 67.2M 1s
+  9150K .......... .......... .......... .......... .......... 17% 97.8M 1s
+  9200K .......... .......... .......... .......... .......... 17%  244M 1s
+  9250K .......... .......... .......... .......... .......... 17% 80.4M 1s
+  9300K .......... .......... .......... .......... .......... 17%  229M 1s
+  9350K .......... .......... .......... .......... .......... 17%  224M 1s
+  9400K .......... .......... .......... .......... .......... 17%  203M 1s
+  9450K .......... .......... .......... .......... .......... 17%  222M 1s
+  9500K .......... .......... .......... .......... .......... 17%  255M 1s
+  9550K .......... .......... .......... .......... .......... 17%  212M 1s
+  9600K .......... .......... .......... .......... .......... 18%  190M 1s
+  9650K .......... .......... .......... .......... .......... 18%  138M 1s
+  9700K .......... .......... .......... .......... .......... 18%  248M 1s
+  9750K .......... .......... .......... .......... .......... 18%  223M 1s
+  9800K .......... .......... .......... .......... .......... 18% 91.9M 1s
+  9850K .......... .......... .......... .......... .......... 18%  152M 1s
+  9900K .......... .......... .......... .......... .......... 18% 96.6M 1s
+  9950K .......... .......... .......... .......... .......... 18% 53.5M 1s
+ 10000K .......... .......... .......... .......... .......... 18%  148M 1s
+ 10050K .......... .......... .......... .......... .......... 18%  241M 1s
+ 10100K .......... .......... .......... .......... .......... 19%  254M 1s
+ 10150K .......... .......... .......... .......... .......... 19%  199M 1s
+ 10200K .......... .......... .......... .......... .......... 19%  240M 1s
+ 10250K .......... .......... .......... .......... .......... 19%  266M 0s
+ 10300K .......... .......... .......... .......... .......... 19%  261M 0s
+ 10350K .......... .......... .......... .......... .......... 19%  193M 0s
+ 10400K .......... .......... .......... .......... .......... 19% 56.6M 0s
+ 10450K .......... .......... .......... .......... .......... 19% 72.8M 0s
+ 10500K .......... .......... .......... .......... .......... 19% 75.3M 0s
+ 10550K .......... .......... .......... .......... .......... 19%  216M 0s
+ 10600K .......... .......... .......... .......... .......... 19%  261M 0s
+ 10650K .......... .......... .......... .......... .......... 20%  248M 0s
+ 10700K .......... .......... .......... .......... .......... 20%  258M 0s
+ 10750K .......... .......... .......... .......... .......... 20% 76.3M 0s
+ 10800K .......... .......... .......... .......... .......... 20%  232M 0s
+ 10850K .......... .......... .......... .......... .......... 20%  251M 0s
+ 10900K .......... .......... .......... .......... .......... 20%  226M 0s
+ 10950K .......... .......... .......... .......... .......... 20%  215M 0s
+ 11000K .......... .......... .......... .......... .......... 20%  244M 0s
+ 11050K .......... .......... .......... .......... .......... 20%  238M 0s
+ 11100K .......... .......... .......... .......... .......... 20% 90.4M 0s
+ 11150K .......... .......... .......... .......... .......... 20% 52.2M 0s
+ 11200K .......... .......... .......... .......... .......... 21% 64.2M 0s
+ 11250K .......... .......... .......... .......... .......... 21%  194M 0s
+ 11300K .......... .......... .......... .......... .......... 21%  226M 0s
+ 11350K .......... .......... .......... .......... .......... 21%  199M 0s
+ 11400K .......... .......... .......... .......... .......... 21%  244M 0s
+ 11450K .......... .......... .......... .......... .......... 21% 58.7M 0s
+ 11500K .......... .......... .......... .......... .......... 21% 78.0M 0s
+ 11550K .......... .......... .......... .......... .......... 21%  210M 0s
+ 11600K .......... .......... .......... .......... .......... 21%  251M 0s
+ 11650K .......... .......... .......... .......... .......... 21%  215M 0s
+ 11700K .......... .......... .......... .......... .......... 22%  254M 0s
+ 11750K .......... .......... .......... .......... .......... 22%  229M 0s
+ 11800K .......... .......... .......... .......... .......... 22%  232M 0s
+ 11850K .......... .......... .......... .......... .......... 22%  255M 0s
+ 11900K .......... .......... .......... .......... .......... 22% 82.6M 0s
+ 11950K .......... .......... .......... .......... .......... 22% 74.7M 0s
+ 12000K .......... .......... .......... .......... .......... 22% 99.0M 0s
+ 12050K .......... .......... .......... .......... .......... 22%  240M 0s
+ 12100K .......... .......... .......... .......... .......... 22%  228M 0s
+ 12150K .......... .......... .......... .......... .......... 22%  221M 0s
+ 12200K .......... .......... .......... .......... .......... 22%  246M 0s
+ 12250K .......... .......... .......... .......... .......... 23%  243M 0s
+ 12300K .......... .......... .......... .......... .......... 23%  229M 0s
+ 12350K .......... .......... .......... .......... .......... 23%  124M 0s
+ 12400K .......... .......... .......... .......... .......... 23%  130M 0s
+ 12450K .......... .......... .......... .......... .......... 23%  110M 0s
+ 12500K .......... .......... .......... .......... .......... 23% 57.1M 0s
+ 12550K .......... .......... .......... .......... .......... 23% 91.7M 0s
+ 12600K .......... .......... .......... .......... .......... 23%  253M 0s
+ 12650K .......... .......... .......... .......... .......... 23%  256M 0s
+ 12700K .......... .......... .......... .......... .......... 23%  104M 0s
+ 12750K .......... .......... .......... .......... .......... 23% 64.9M 0s
+ 12800K .......... .......... .......... .......... .......... 24%  228M 0s
+ 12850K .......... .......... .......... .......... .......... 24%  255M 0s
+ 12900K .......... .......... .......... .......... .......... 24%  256M 0s
+ 12950K .......... .......... .......... .......... .......... 24%  228M 0s
+ 13000K .......... .......... .......... .......... .......... 24%  229M 0s
+ 13050K .......... .......... .......... .......... .......... 24%  247M 0s
+ 13100K .......... .......... .......... .......... .......... 24%  238M 0s
+ 13150K .......... .......... .......... .......... .......... 24%  190M 0s
+ 13200K .......... .......... .......... .......... .......... 24%  139M 0s
+ 13250K .......... .......... .......... .......... .......... 24% 56.3M 0s
+ 13300K .......... .......... .......... .......... .......... 24% 51.4M 0s
+ 13350K .......... .......... .......... .......... .......... 25% 59.3M 0s
+ 13400K .......... .......... .......... .......... .......... 25%  151M 0s
+ 13450K .......... .......... .......... .......... .......... 25%  237M 0s
+ 13500K .......... .......... .......... .......... .......... 25%  232M 0s
+ 13550K .......... .......... .......... .......... .......... 25%  205M 0s
+ 13600K .......... .......... .......... .......... .......... 25%  249M 0s
+ 13650K .......... .......... .......... .......... .......... 25% 83.2M 0s
+ 13700K .......... .......... .......... .......... .......... 25% 68.0M 0s
+ 13750K .......... .......... .......... .......... .......... 25% 81.5M 0s
+ 13800K .......... .......... .......... .......... .......... 25%  129M 0s
+ 13850K .......... .......... .......... .......... .......... 26%  251M 0s
+ 13900K .......... .......... .......... .......... .......... 26%  237M 0s
+ 13950K .......... .......... .......... .......... .......... 26%  219M 0s
+ 14000K .......... .......... .......... .......... .......... 26%  185M 0s
+ 14050K .......... .......... .......... .......... .......... 26%  130M 0s
+ 14100K .......... .......... .......... .......... .......... 26% 75.8M 0s
+ 14150K .......... .......... .......... .......... .......... 26% 87.0M 0s
+ 14200K .......... .......... .......... .......... .......... 26%  252M 0s
+ 14250K .......... .......... .......... .......... .......... 26%  191M 0s
+ 14300K .......... .......... .......... .......... .......... 26%  221M 0s
+ 14350K .......... .......... .......... .......... .......... 26%  215M 0s
+ 14400K .......... .......... .......... .......... .......... 27%  257M 0s
+ 14450K .......... .......... .......... .......... .......... 27%  257M 0s
+ 14500K .......... .......... .......... .......... .......... 27%  122M 0s
+ 14550K .......... .......... .......... .......... .......... 27%  137M 0s
+ 14600K .......... .......... .......... .......... .......... 27%  251M 0s
+ 14650K .......... .......... .......... .......... .......... 27%  227M 0s
+ 14700K .......... .......... .......... .......... .......... 27%  252M 0s
+ 14750K .......... .......... .......... .......... .......... 27%  209M 0s
+ 14800K .......... .......... .......... .......... .......... 27%  239M 0s
+ 14850K .......... .......... .......... .......... .......... 27%  252M 0s
+ 14900K .......... .......... .......... .......... .......... 27%  224M 0s
+ 14950K .......... .......... .......... .......... .......... 28%  230M 0s
+ 15000K .......... .......... .......... .......... .......... 28%  251M 0s
+ 15050K .......... .......... .......... .......... .......... 28%  246M 0s
+ 15100K .......... .......... .......... .......... .......... 28%  249M 0s
+ 15150K .......... .......... .......... .......... .......... 28% 59.4M 0s
+ 15200K .......... .......... .......... .......... .......... 28%  105M 0s
+ 15250K .......... .......... .......... .......... .......... 28% 72.7M 0s
+ 15300K .......... .......... .......... .......... .......... 28%  181M 0s
+ 15350K .......... .......... .......... .......... .......... 28%  226M 0s
+ 15400K .......... .......... .......... .......... .......... 28%  253M 0s
+ 15450K .......... .......... .......... .......... .......... 29%  257M 0s
+ 15500K .......... .......... .......... .......... .......... 29%  239M 0s
+ 15550K .......... .......... .......... .......... .......... 29%  202M 0s
+ 15600K .......... .......... .......... .......... .......... 29%  232M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  236M 0s
+ 15700K .......... .......... .......... .......... .......... 29%  257M 0s
+ 15750K .......... .......... .......... .......... .......... 29%  125M 0s
+ 15800K .......... .......... .......... .......... .......... 29%  251M 0s
+ 15850K .......... .......... .......... .......... .......... 29%  251M 0s
+ 15900K .......... .......... .......... .......... .......... 29%  129M 0s
+ 15950K .......... .......... .......... .......... .......... 29% 53.7M 0s
+ 16000K .......... .......... .......... .......... .......... 30% 73.4M 0s
+ 16050K .......... .......... .......... .......... .......... 30%  139M 0s
+ 16100K .......... .......... .......... .......... .......... 30% 79.6M 0s
+ 16150K .......... .......... .......... .......... .......... 30% 89.5M 0s
+ 16200K .......... .......... .......... .......... .......... 30%  212M 0s
+ 16250K .......... .......... .......... .......... .......... 30%  251M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  249M 0s
+ 16350K .......... .......... .......... .......... .......... 30%  210M 0s
+ 16400K .......... .......... .......... .......... .......... 30%  212M 0s
+ 16450K .......... .......... .......... .......... .......... 30%  219M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  248M 0s
+ 16550K .......... .......... .......... .......... .......... 31%  226M 0s
+ 16600K .......... .......... .......... .......... .......... 31%  125M 0s
+ 16650K .......... .......... .......... .......... .......... 31% 95.4M 0s
+ 16700K .......... .......... .......... .......... .......... 31% 63.9M 0s
+ 16750K .......... .......... .......... .......... .......... 31% 54.2M 0s
+ 16800K .......... .......... .......... .......... .......... 31% 74.1M 0s
+ 16850K .......... .......... .......... .......... .......... 31%  233M 0s
+ 16900K .......... .......... .......... .......... .......... 31%  242M 0s
+ 16950K .......... .......... .......... .......... .......... 31%  205M 0s
+ 17000K .......... .......... .......... .......... .......... 31%  244M 0s
+ 17050K .......... .......... .......... .......... .......... 32%  123M 0s
+ 17100K .......... .......... .......... .......... .......... 32%  121M 0s
+ 17150K .......... .......... .......... .......... .......... 32% 60.7M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  137M 0s
+ 17250K .......... .......... .......... .......... .......... 32%  220M 0s
+ 17300K .......... .......... .......... .......... .......... 32%  251M 0s
+ 17350K .......... .......... .......... .......... .......... 32%  226M 0s
+ 17400K .......... .......... .......... .......... .......... 32%  251M 0s
+ 17450K .......... .......... .......... .......... .......... 32%  255M 0s
+ 17500K .......... .......... .......... .......... .......... 32%  134M 0s
+ 17550K .......... .......... .......... .......... .......... 32%  112M 0s
+ 17600K .......... .......... .......... .......... .......... 33%  218M 0s
+ 17650K .......... .......... .......... .......... .......... 33%  213M 0s
+ 17700K .......... .......... .......... .......... .......... 33%  255M 0s
+ 17750K .......... .......... .......... .......... .......... 33% 67.0M 0s
+ 17800K .......... .......... .......... .......... .......... 33% 63.3M 0s
+ 17850K .......... .......... .......... .......... .......... 33%  179M 0s
+ 17900K .......... .......... .......... .......... .......... 33%  246M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  185M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  222M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  226M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  209M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  187M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  249M 0s
+ 18250K .......... .......... .......... .......... .......... 34%  256M 0s
+ 18300K .......... .......... .......... .......... .......... 34% 96.4M 0s
+ 18350K .......... .......... .......... .......... .......... 34% 99.0M 0s
+ 18400K .......... .......... .......... .......... .......... 34% 80.8M 0s
+ 18450K .......... .......... .......... .......... .......... 34%  246M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  256M 0s
+ 18550K .......... .......... .......... .......... .......... 34% 76.5M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  117M 0s
+ 18650K .......... .......... .......... .......... .......... 35% 57.9M 0s
+ 18700K .......... .......... .......... .......... .......... 35%  161M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  210M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  255M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  257M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  255M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  201M 0s
+ 19000K .......... .......... .......... .......... .......... 35%  255M 0s
+ 19050K .......... .......... .......... .......... .......... 35%  254M 0s
+ 19100K .......... .......... .......... .......... .......... 35%  257M 0s
+ 19150K .......... .......... .......... .......... .......... 35%  198M 0s
+ 19200K .......... .......... .......... .......... .......... 36%  122M 0s
+ 19250K .......... .......... .......... .......... .......... 36% 59.8M 0s
+ 19300K .......... .......... .......... .......... .......... 36%  105M 0s
+ 19350K .......... .......... .......... .......... .......... 36%  179M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  220M 0s
+ 19450K .......... .......... .......... .......... .......... 36%  244M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  252M 0s
+ 19550K .......... .......... .......... .......... .......... 36%  207M 0s
+ 19600K .......... .......... .......... .......... .......... 36%  255M 0s
+ 19650K .......... .......... .......... .......... .......... 36% 79.7M 0s
+ 19700K .......... .......... .......... .......... .......... 36% 99.6M 0s
+ 19750K .......... .......... .......... .......... .......... 37% 81.0M 0s
+ 19800K .......... .......... .......... .......... .......... 37% 96.6M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  245M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  238M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  202M 0s
+ 20000K .......... .......... .......... .......... .......... 37%  248M 0s
+ 20050K .......... .......... .......... .......... .......... 37%  122M 0s
+ 20100K .......... .......... .......... .......... .......... 37% 71.3M 0s
+ 20150K .......... .......... .......... .......... .......... 37% 91.2M 0s
+ 20200K .......... .......... .......... .......... .......... 37%  170M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  221M 0s
+ 20300K .......... .......... .......... .......... .......... 38%  255M 0s
+ 20350K .......... .......... .......... .......... .......... 38%  208M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  257M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  238M 0s
+ 20500K .......... .......... .......... .......... .......... 38% 87.6M 0s
+ 20550K .......... .......... .......... .......... .......... 38% 72.6M 0s
+ 20600K .......... .......... .......... .......... .......... 38%  133M 0s
+ 20650K .......... .......... .......... .......... .......... 38% 91.3M 0s
+ 20700K .......... .......... .......... .......... .......... 38%  118M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  247M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  252M 0s
+ 20850K .......... .......... .......... .......... .......... 39% 96.3M 0s
+ 20900K .......... .......... .......... .......... .......... 39% 67.7M 0s
+ 20950K .......... .......... .......... .......... .......... 39%  236M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  194M 0s
+ 21050K .......... .......... .......... .......... .......... 39%  250M 0s
+ 21100K .......... .......... .......... .......... .......... 39%  212M 0s
+ 21150K .......... .......... .......... .......... .......... 39%  218M 0s
+ 21200K .......... .......... .......... .......... .......... 39%  237M 0s
+ 21250K .......... .......... .......... .......... .......... 39%  251M 0s
+ 21300K .......... .......... .......... .......... .......... 39%  224M 0s
+ 21350K .......... .......... .......... .......... .......... 40%  147M 0s
+ 21400K .......... .......... .......... .......... .......... 40% 66.3M 0s
+ 21450K .......... .......... .......... .......... .......... 40% 55.6M 0s
+ 21500K .......... .......... .......... .......... .......... 40% 78.4M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  243M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  229M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  142M 0s
+ 21700K .......... .......... .......... .......... .......... 40% 83.8M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  180M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  220M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  240M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  199M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  228M 0s
+ 22000K .......... .......... .......... .......... .......... 41% 89.9M 0s
+ 22050K .......... .......... .......... .......... .......... 41% 59.9M 0s
+ 22100K .......... .......... .......... .......... .......... 41% 48.0M 0s
+ 22150K .......... .......... .......... .......... .......... 41%  222M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  234M 0s
+ 22250K .......... .......... .......... .......... .......... 41%  207M 0s
+ 22300K .......... .......... .......... .......... .......... 41% 65.0M 0s
+ 22350K .......... .......... .......... .......... .......... 41% 83.9M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  200M 0s
+ 22450K .......... .......... .......... .......... .......... 42%  241M 0s
+ 22500K .......... .......... .......... .......... .......... 42%  202M 0s
+ 22550K .......... .......... .......... .......... .......... 42% 65.3M 0s
+ 22600K .......... .......... .......... .......... .......... 42%  152M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  232M 0s
+ 22700K .......... .......... .......... .......... .......... 42%  211M 0s
+ 22750K .......... .......... .......... .......... .......... 42%  254M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  248M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  180M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  140M 0s
+ 22950K .......... .......... .......... .......... .......... 43%  249M 0s
+ 23000K .......... .......... .......... .......... .......... 43%  248M 0s
+ 23050K .......... .......... .......... .......... .......... 43% 86.0M 0s
+ 23100K .......... .......... .......... .......... .......... 43% 84.5M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  178M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  248M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  255M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  221M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  224M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  250M 0s
+ 23450K .......... .......... .......... .......... .......... 44%  251M 0s
+ 23500K .......... .......... .......... .......... .......... 44%  207M 0s
+ 23550K .......... .......... .......... .......... .......... 44%  242M 0s
+ 23600K .......... .......... .......... .......... .......... 44% 83.3M 0s
+ 23650K .......... .......... .......... .......... .......... 44%  117M 0s
+ 23700K .......... .......... .......... .......... .......... 44% 53.1M 0s
+ 23750K .......... .......... .......... .......... .......... 44% 72.2M 0s
+ 23800K .......... .......... .......... .......... .......... 44% 76.1M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  244M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  201M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  230M 0s
+ 24000K .......... .......... .......... .......... .......... 45%  101M 0s
+ 24050K .......... .......... .......... .......... .......... 45% 57.4M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  137M 0s
+ 24150K .......... .......... .......... .......... .......... 45%  214M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  245M 0s
+ 24250K .......... .......... .......... .......... .......... 45%  218M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  205M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  236M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  250M 0s
+ 24450K .......... .......... .......... .......... .......... 45%  123M 0s
+ 24500K .......... .......... .......... .......... .......... 45% 80.8M 0s
+ 24550K .......... .......... .......... .......... .......... 46%  224M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  245M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  129M 0s
+ 24700K .......... .......... .......... .......... .......... 46% 72.1M 0s
+ 24750K .......... .......... .......... .......... .......... 46% 53.5M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  242M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  251M 0s
+ 24900K .......... .......... .......... .......... .......... 46%  199M 0s
+ 24950K .......... .......... .......... .......... .......... 46%  147M 0s
+ 25000K .......... .......... .......... .......... .......... 46%  233M 0s
+ 25050K .......... .......... .......... .......... .......... 47%  236M 0s
+ 25100K .......... .......... .......... .......... .......... 47%  190M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  188M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  247M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  252M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  221M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  250M 0s
+ 25400K .......... .......... .......... .......... .......... 47% 64.9M 0s
+ 25450K .......... .......... .......... .......... .......... 47% 51.8M 0s
+ 25500K .......... .......... .......... .......... .......... 47% 65.7M 0s
+ 25550K .......... .......... .......... .......... .......... 47% 97.3M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  216M 0s
+ 25650K .......... .......... .......... .......... .......... 48%  224M 0s
+ 25700K .......... .......... .......... .......... .......... 48%  207M 0s
+ 25750K .......... .......... .......... .......... .......... 48%  249M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  252M 0s
+ 25850K .......... .......... .......... .......... .......... 48% 94.6M 0s
+ 25900K .......... .......... .......... .......... .......... 48% 61.6M 0s
+ 25950K .......... .......... .......... .......... .......... 48% 75.4M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  150M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  241M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  198M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  219M 0s
+ 26200K .......... .......... .......... .......... .......... 49%  168M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  246M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  211M 0s
+ 26350K .......... .......... .......... .......... .......... 49% 76.3M 0s
+ 26400K .......... .......... .......... .......... .......... 49% 92.6M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  102M 0s
+ 26500K .......... .......... .......... .......... .......... 49%  205M 0s
+ 26550K .......... .......... .......... .......... .......... 49%  253M 0s
+ 26600K .......... .......... .......... .......... .......... 49%  251M 0s
+ 26650K .......... .......... .......... .......... .......... 49%  199M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  213M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  251M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  248M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  229M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  195M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  248M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  250M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  238M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  145M 0s
+ 27150K .......... .......... .......... .......... .......... 50% 76.4M 0s
+ 27200K .......... .......... .......... .......... .......... 51% 65.8M 0s
+ 27250K .......... .......... .......... .......... .......... 51% 52.8M 0s
+ 27300K .......... .......... .......... .......... .......... 51% 79.3M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  192M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  254M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  248M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  212M 0s
+ 27550K .......... .......... .......... .......... .......... 51% 68.2M 0s
+ 27600K .......... .......... .......... .......... .......... 51% 95.5M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  115M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  205M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  224M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  250M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  254M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  210M 0s
+ 27950K .......... .......... .......... .......... .......... 52%  252M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  200M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  244M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  221M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  247M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  227M 0s
+ 28250K .......... .......... .......... .......... .......... 52% 66.0M 0s
+ 28300K .......... .......... .......... .......... .......... 53% 68.2M 0s
+ 28350K .......... .......... .......... .......... .......... 53% 60.1M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  143M 0s
+ 28450K .......... .......... .......... .......... .......... 53%  244M 0s
+ 28500K .......... .......... .......... .......... .......... 53%  172M 0s
+ 28550K .......... .......... .......... .......... .......... 53%  226M 0s
+ 28600K .......... .......... .......... .......... .......... 53%  246M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  250M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  211M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  121M 0s
+ 28800K .......... .......... .......... .......... .......... 54% 72.7M 0s
+ 28850K .......... .......... .......... .......... .......... 54% 71.3M 0s
+ 28900K .......... .......... .......... .......... .......... 54% 59.2M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  185M 0s
+ 29000K .......... .......... .......... .......... .......... 54%  251M 0s
+ 29050K .......... .......... .......... .......... .......... 54%  226M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  211M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  251M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  241M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  231M 0s
+ 29300K .......... .......... .......... .......... .......... 54% 58.1M 0s
+ 29350K .......... .......... .......... .......... .......... 55% 67.8M 0s
+ 29400K .......... .......... .......... .......... .......... 55% 99.4M 0s
+ 29450K .......... .......... .......... .......... .......... 55% 96.9M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  205M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  223M 0s
+ 29600K .......... .......... .......... .......... .......... 55% 61.4M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  182M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  220M 0s
+ 29750K .......... .......... .......... .......... .......... 55%  250M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  252M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  250M 0s
+ 29900K .......... .......... .......... .......... .......... 56%  192M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  245M 0s
+ 30000K .......... .......... .......... .......... .......... 56%  254M 0s
+ 30050K .......... .......... .......... .......... .......... 56%  224M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  205M 0s
+ 30150K .......... .......... .......... .......... .......... 56% 74.3M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  209M 0s
+ 30250K .......... .......... .......... .......... .......... 56% 95.5M 0s
+ 30300K .......... .......... .......... .......... .......... 56% 61.2M 0s
+ 30350K .......... .......... .......... .......... .......... 56% 79.9M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  203M 0s
+ 30450K .......... .......... .......... .......... .......... 57% 78.9M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  112M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  245M 0s
+ 30600K .......... .......... .......... .......... .......... 57%  215M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  207M 0s
+ 30700K .......... .......... .......... .......... .......... 57%  220M 0s
+ 30750K .......... .......... .......... .......... .......... 57%  190M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  252M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  252M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  251M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  123M 0s
+ 31000K .......... .......... .......... .......... .......... 58% 71.7M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  141M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  228M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  174M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  242M 0s
+ 31250K .......... .......... .......... .......... .......... 58% 79.5M 0s
+ 31300K .......... .......... .......... .......... .......... 58% 74.7M 0s
+ 31350K .......... .......... .......... .......... .......... 58% 85.4M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  250M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  220M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  215M 0s
+ 31550K .......... .......... .......... .......... .......... 59% 75.6M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  231M 0s
+ 31650K .......... .......... .......... .......... .......... 59%  205M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  250M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  238M 0s
+ 31800K .......... .......... .......... .......... .......... 59% 73.9M 0s
+ 31850K .......... .......... .......... .......... .......... 59% 87.3M 0s
+ 31900K .......... .......... .......... .......... .......... 59% 91.4M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  211M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  219M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  250M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  250M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  220M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  249M 0s
+ 32250K .......... .......... .......... .......... .......... 60% 83.8M 0s
+ 32300K .......... .......... .......... .......... .......... 60% 79.1M 0s
+ 32350K .......... .......... .......... .......... .......... 60% 50.8M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  125M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  227M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  202M 0s
+ 32550K .......... .......... .......... .......... .......... 61% 72.1M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  134M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  201M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  243M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  207M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  252M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  232M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  235M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  223M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  225M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  254M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  121M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  181M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  250M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  235M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  204M 0s
+ 33350K .......... .......... .......... .......... .......... 62%  222M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  259M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  252M 0s
+ 33500K .......... .......... .......... .......... .......... 62%  254M 0s
+ 33550K .......... .......... .......... .......... .......... 62% 51.9M 0s
+ 33600K .......... .......... .......... .......... .......... 63% 59.2M 0s
+ 33650K .......... .......... .......... .......... .......... 63% 74.9M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  101M 0s
+ 33750K .......... .......... .......... .......... .......... 63%  106M 0s
+ 33800K .......... .......... .......... .......... .......... 63%  247M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  252M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  251M 0s
+ 33950K .......... .......... .......... .......... .......... 63% 64.3M 0s
+ 34000K .......... .......... .......... .......... .......... 63% 83.1M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  238M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  175M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  148M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  209M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  230M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  235M 0s
+ 34350K .......... .......... .......... .......... .......... 64% 88.9M 0s
+ 34400K .......... .......... .......... .......... .......... 64% 49.8M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  116M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  121M 0s
+ 34550K .......... .......... .......... .......... .......... 64% 79.7M 0s
+ 34600K .......... .......... .......... .......... .......... 64% 97.6M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  245M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  236M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  196M 0s
+ 34800K .......... .......... .......... .......... .......... 65% 91.6M 0s
+ 34850K .......... .......... .......... .......... .......... 65% 87.6M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  155M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  221M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  251M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  117M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  229M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  185M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  241M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  250M 0s
+ 35300K .......... .......... .......... .......... .......... 66% 55.3M 0s
+ 35350K .......... .......... .......... .......... .......... 66% 73.8M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  165M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  214M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  251M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  213M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  251M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  252M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  180M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  225M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  252M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  253M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  251M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  191M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  225M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  256M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  257M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  118M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  127M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  125M 0s
+ 36300K .......... .......... .......... .......... .......... 68% 71.4M 0s
+ 36350K .......... .......... .......... .......... .......... 68% 67.6M 0s
+ 36400K .......... .......... .......... .......... .......... 68% 87.0M 0s
+ 36450K .......... .......... .......... .......... .......... 68% 85.1M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  249M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  224M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  225M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  248M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  252M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  213M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  224M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  177M 0s
+ 36900K .......... .......... .......... .......... .......... 69% 71.9M 0s
+ 36950K .......... .......... .......... .......... .......... 69% 59.4M 0s
+ 37000K .......... .......... .......... .......... .......... 69% 86.7M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  108M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  248M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  184M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  253M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  255M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  255M 0s
+ 37350K .......... .......... .......... .......... .......... 70% 99.5M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  243M 0s
+ 37450K .......... .......... .......... .......... .......... 70% 55.7M 0s
+ 37500K .......... .......... .......... .......... .......... 70% 82.9M 0s
+ 37550K .......... .......... .......... .......... .......... 70% 93.7M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  201M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  218M 0s
+ 37700K .......... .......... .......... .......... .......... 70% 63.5M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  156M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  247M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  250M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  233M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  215M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  221M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  246M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  256M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  227M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  245M 0s
+ 38250K .......... .......... .......... .......... .......... 71% 92.7M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  104M 0s
+ 38350K .......... .......... .......... .......... .......... 71% 56.2M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  175M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  245M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  252M 0s
+ 38550K .......... .......... .......... .......... .......... 72% 70.8M 0s
+ 38600K .......... .......... .......... .......... .......... 72% 69.7M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  109M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  232M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  216M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  249M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  227M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  248M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  212M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  257M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  243M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  116M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  114M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  147M 0s
+ 39250K .......... .......... .......... .......... .......... 73% 74.8M 0s
+ 39300K .......... .......... .......... .......... .......... 73% 81.0M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  222M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  208M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  221M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  252M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  215M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  277M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  213M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  101M 0s
+ 39750K .......... .......... .......... .......... .......... 74% 79.5M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  133M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  190M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  253M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  119M 0s
+ 40000K .......... .......... .......... .......... .......... 74% 68.5M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  105M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  254M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  204M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  175M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  241M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  238M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  206M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  241M 0s
+ 40450K .......... .......... .......... .......... .......... 75% 66.9M 0s
+ 40500K .......... .......... .......... .......... .......... 75% 67.9M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  222M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  253M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  226M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  245M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  216M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  182M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  208M 0s
+ 40900K .......... .......... .......... .......... .......... 76% 57.2M 0s
+ 40950K .......... .......... .......... .......... .......... 76% 56.0M 0s
+ 41000K .......... .......... .......... .......... .......... 76% 62.7M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  159M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  210M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  222M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  255M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  250M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  219M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  185M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  162M 0s
+ 41450K .......... .......... .......... .......... .......... 77% 85.6M 0s
+ 41500K .......... .......... .......... .......... .......... 77% 60.3M 0s
+ 41550K .......... .......... .......... .......... .......... 77% 72.7M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  157M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  247M 0s
+ 41700K .......... .......... .......... .......... .......... 78% 78.0M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  246M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  249M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  220M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  213M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  247M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  251M 0s
+ 42050K .......... .......... .......... .......... .......... 78%  129M 0s
+ 42100K .......... .......... .......... .......... .......... 78% 56.1M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  126M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  132M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  127M 0s
+ 42300K .......... .......... .......... .......... .......... 79% 78.5M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  209M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  251M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  238M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  185M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  224M 0s
+ 42600K .......... .......... .......... .......... .......... 79% 88.0M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  245M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  212M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  223M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  247M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  253M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  219M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  231M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  129M 0s
+ 43050K .......... .......... .......... .......... .......... 80% 49.6M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  116M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  249M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  223M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  251M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  226M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  255M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  252M 0s
+ 43450K .......... .......... .......... .......... .......... 81% 75.4M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  108M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  246M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  240M 0s
+ 43650K .......... .......... .......... .......... .......... 81% 53.2M 0s
+ 43700K .......... .......... .......... .......... .......... 81%  113M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  142M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  102M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  144M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  185M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  243M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  242M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  240M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  111M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  127M 0s
+ 44200K .......... .......... .......... .......... .......... 82% 88.3M 0s
+ 44250K .......... .......... .......... .......... .......... 82% 87.0M 0s
+ 44300K .......... .......... .......... .......... .......... 83% 95.1M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  246M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  226M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  218M 0s
+ 44500K .......... .......... .......... .......... .......... 83% 58.2M 0s
+ 44550K .......... .......... .......... .......... .......... 83% 86.3M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  244M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  226M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  179M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  243M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  255M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  250M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  221M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  121M 0s
+ 45000K .......... .......... .......... .......... .......... 84% 56.6M 0s
+ 45050K .......... .......... .......... .......... .......... 84% 73.0M 0s
+ 45100K .......... .......... .......... .......... .......... 84% 60.7M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  187M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  192M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  226M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  208M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  237M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  252M 0s
+ 45450K .......... .......... .......... .......... .......... 85% 68.1M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  139M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  113M 0s
+ 45600K .......... .......... .......... .......... .......... 85% 57.2M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  160M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  223M 0s
  45750K .......... .......... .......... .......... .......... 85%  135M 0s
- 45800K .......... .......... .......... .......... .......... 85%  148M 0s
- 45850K .......... .......... .......... .......... .......... 85%  150M 0s
- 45900K .......... .......... .......... .......... .......... 86%  166M 0s
- 45950K .......... .......... .......... .......... .......... 86%  136M 0s
- 46000K .......... .......... .......... .......... .......... 86%  170M 0s
- 46050K .......... .......... .......... .......... .......... 86%  162M 0s
- 46100K .......... .......... .......... .......... .......... 86%  175M 0s
- 46150K .......... .......... .......... .......... .......... 86%  144M 0s
- 46200K .......... .......... .......... .......... .......... 86%  179M 0s
- 46250K .......... .......... .......... .......... .......... 86%  158M 0s
- 46300K .......... .......... .......... .......... .......... 86%  131M 0s
- 46350K .......... .......... .......... .......... .......... 86%  140M 0s
- 46400K .......... .......... .......... .......... .......... 86%  184M 0s
- 46450K .......... .......... .......... .......... .......... 87%  238M 0s
- 46500K .......... .......... .......... .......... .......... 87%  270M 0s
- 46550K .......... .......... .......... .......... .......... 87%  170M 0s
- 46600K .......... .......... .......... .......... .......... 87%  216M 0s
- 46650K .......... .......... .......... .......... .......... 87%  186M 0s
- 46700K .......... .......... .......... .......... .......... 87%  159M 0s
- 46750K .......... .......... .......... .......... .......... 87%  128M 0s
- 46800K .......... .......... .......... .......... .......... 87%  156M 0s
- 46850K .......... .......... .......... .......... .......... 87%  170M 0s
- 46900K .......... .......... .......... .......... .......... 87%  168M 0s
- 46950K .......... .......... .......... .......... .......... 88%  145M 0s
- 47000K .......... .......... .......... .......... .......... 88%  167M 0s
- 47050K .......... .......... .......... .......... .......... 88%  170M 0s
- 47100K .......... .......... .......... .......... .......... 88%  151M 0s
- 47150K .......... .......... .......... .......... .......... 88%  136M 0s
- 47200K .......... .......... .......... .......... .......... 88%  162M 0s
- 47250K .......... .......... .......... .......... .......... 88%  176M 0s
- 47300K .......... .......... .......... .......... .......... 88%  164M 0s
- 47350K .......... .......... .......... .......... .......... 88%  109M 0s
- 47400K .......... .......... .......... .......... .......... 88%  232M 0s
- 47450K .......... .......... .......... .......... .......... 88%  187M 0s
- 47500K .......... .......... .......... .......... .......... 89%  165M 0s
- 47550K .......... .......... .......... .......... .......... 89%  133M 0s
- 47600K .......... .......... .......... .......... .......... 89%  162M 0s
- 47650K .......... .......... .......... .......... .......... 89%  163M 0s
- 47700K .......... .......... .......... .......... .......... 89%  167M 0s
- 47750K .......... .......... .......... .......... .......... 89%  138M 0s
- 47800K .......... .......... .......... .......... .......... 89%  110M 0s
- 47850K .......... .......... .......... .......... .......... 89%  145M 0s
- 47900K .......... .......... .......... .......... .......... 89%  110M 0s
- 47950K .......... .......... .......... .......... .......... 89%  119M 0s
- 48000K .......... .......... .......... .......... .......... 89%  175M 0s
- 48050K .......... .......... .......... .......... .......... 90%  158M 0s
- 48100K .......... .......... .......... .......... .......... 90%  179M 0s
- 48150K .......... .......... .......... .......... .......... 90%  144M 0s
- 48200K .......... .......... .......... .......... .......... 90%  159M 0s
- 48250K .......... .......... .......... .......... .......... 90%  170M 0s
- 48300K .......... .......... .......... .......... .......... 90%  148M 0s
- 48350K .......... .......... .......... .......... .......... 90%  138M 0s
- 48400K .......... .......... .......... .......... .......... 90%  238M 0s
- 48450K .......... .......... .......... .......... .......... 90%  230M 0s
- 48500K .......... .......... .......... .......... .......... 90%  165M 0s
- 48550K .......... .......... .......... .......... .......... 91%  144M 0s
- 48600K .......... .......... .......... .......... .......... 91%  153M 0s
- 48650K .......... .......... .......... .......... .......... 91%  169M 0s
- 48700K .......... .......... .......... .......... .......... 91%  214M 0s
- 48750K .......... .......... .......... .......... .......... 91%  206M 0s
- 48800K .......... .......... .......... .......... .......... 91%  255M 0s
- 48850K .......... .......... .......... .......... .......... 91%  156M 0s
- 48900K .......... .......... .......... .......... .......... 91%  158M 0s
- 48950K .......... .......... .......... .......... .......... 91%  149M 0s
- 49000K .......... .......... .......... .......... .......... 91%  178M 0s
- 49050K .......... .......... .......... .......... .......... 91%  182M 0s
- 49100K .......... .......... .......... .......... .......... 92%  163M 0s
- 49150K .......... .......... .......... .......... .......... 92%  106M 0s
- 49200K .......... .......... .......... .......... .......... 92%  168M 0s
- 49250K .......... .......... .......... .......... .......... 92%  164M 0s
- 49300K .......... .......... .......... .......... .......... 92%  162M 0s
- 49350K .......... .......... .......... .......... .......... 92%  154M 0s
- 49400K .......... .......... .......... .......... .......... 92%  241M 0s
- 49450K .......... .......... .......... .......... .......... 92%  264M 0s
- 49500K .......... .......... .......... .......... .......... 92%  260M 0s
- 49550K .......... .......... .......... .......... .......... 92%  161M 0s
- 49600K .......... .......... .......... .......... .......... 92%  159M 0s
- 49650K .......... .......... .......... .......... .......... 93%  156M 0s
- 49700K .......... .......... .......... .......... .......... 93%  188M 0s
- 49750K .......... .......... .......... .......... .......... 93%  165M 0s
- 49800K .......... .......... .......... .......... .......... 93%  150M 0s
- 49850K .......... .......... .......... .......... .......... 93%  139M 0s
- 49900K .......... .......... .......... .......... .......... 93%  158M 0s
- 49950K .......... .......... .......... .......... .......... 93%  137M 0s
- 50000K .......... .......... .......... .......... .......... 93%  168M 0s
- 50050K .......... .......... .......... .......... .......... 93%  175M 0s
- 50100K .......... .......... .......... .......... .......... 93%  140M 0s
- 50150K .......... .......... .......... .......... .......... 94%  132M 0s
- 50200K .......... .......... .......... .......... .......... 94%  158M 0s
- 50250K .......... .......... .......... .......... .......... 94%  160M 0s
- 50300K .......... .......... .......... .......... .......... 94%  179M 0s
- 50350K .......... .......... .......... .......... .......... 94%  141M 0s
- 50400K .......... .......... .......... .......... .......... 94%  179M 0s
- 50450K .......... .......... .......... .......... .......... 94%  181M 0s
- 50500K .......... .......... .......... .......... .......... 94%  157M 0s
- 50550K .......... .......... .......... .......... .......... 94%  155M 0s
- 50600K .......... .......... .......... .......... .......... 94%  147M 0s
- 50650K .......... .......... .......... .......... .......... 94%  159M 0s
- 50700K .......... .......... .......... .......... .......... 95%  254M 0s
- 50750K .......... .......... .......... .......... .......... 95%  215M 0s
- 50800K .......... .......... .......... .......... .......... 95%  238M 0s
- 50850K .......... .......... .......... .......... .......... 95%  263M 0s
- 50900K .......... .......... .......... .......... .......... 95%  231M 0s
- 50950K .......... .......... .......... .......... .......... 95%  207M 0s
- 51000K .......... .......... .......... .......... .......... 95%  256M 0s
- 51050K .......... .......... .......... .......... .......... 95%  176M 0s
- 51100K .......... .......... .......... .......... .......... 95%  130M 0s
- 51150K .......... .......... .......... .......... .......... 95%  172M 0s
- 51200K .......... .......... .......... .......... .......... 95%  148M 0s
- 51250K .......... .......... .......... .......... .......... 96%  172M 0s
- 51300K .......... .......... .......... .......... .......... 96%  155M 0s
- 51350K .......... .......... .......... .......... .......... 96%  134M 0s
- 51400K .......... .......... .......... .......... .......... 96%  159M 0s
- 51450K .......... .......... .......... .......... .......... 96%  170M 0s
- 51500K .......... .......... .......... .......... .......... 96%  166M 0s
- 51550K .......... .......... .......... .......... .......... 96%  141M 0s
- 51600K .......... .......... .......... .......... .......... 96%  169M 0s
- 51650K .......... .......... .......... .......... .......... 96%  221M 0s
- 51700K .......... .......... .......... .......... .......... 96%  178M 0s
- 51750K .......... .......... .......... .......... .......... 96%  145M 0s
- 51800K .......... .......... .......... .......... .......... 97%  151M 0s
- 51850K .......... .......... .......... .......... .......... 97%  135M 0s
- 51900K .......... .......... .......... .......... .......... 97%  153M 0s
- 51950K .......... .......... .......... .......... .......... 97%  154M 0s
- 52000K .......... .......... .......... .......... .......... 97%  153M 0s
- 52050K .......... .......... .......... .......... .......... 97%  130M 0s
- 52100K .......... .......... .......... .......... .......... 97%  155M 0s
- 52150K .......... .......... .......... .......... .......... 97%  151M 0s
- 52200K .......... .......... .......... .......... .......... 97%  144M 0s
- 52250K .......... .......... .......... .......... .......... 97%  145M 0s
- 52300K .......... .......... .......... .......... .......... 98%  168M 0s
- 52350K .......... .......... .......... .......... .......... 98%  169M 0s
- 52400K .......... .......... .......... .......... .......... 98%  179M 0s
- 52450K .......... .......... .......... .......... .......... 98%  148M 0s
- 52500K .......... .......... .......... .......... .......... 98%  174M 0s
- 52550K .......... .......... .......... .......... .......... 98%  174M 0s
- 52600K .......... .......... .......... .......... .......... 98%  176M 0s
- 52650K .......... .......... .......... .......... .......... 98%  140M 0s
- 52700K .......... .......... .......... .......... .......... 98%  203M 0s
- 52750K .......... .......... .......... .......... .......... 98%  262M 0s
- 52800K .......... .......... .......... .......... .......... 98%  261M 0s
- 52850K .......... .......... .......... .......... .......... 99%  231M 0s
- 52900K .......... .......... .......... .......... .......... 99%  260M 0s
- 52950K .......... .......... .......... .......... .......... 99%  205M 0s
- 53000K .......... .......... .......... .......... .......... 99%  150M 0s
- 53050K .......... .......... .......... .......... .......... 99%  138M 0s
- 53100K .......... .......... .......... .......... .......... 99%  160M 0s
- 53150K .......... .......... .......... .......... .......... 99%  168M 0s
- 53200K .......... .......... .......... .......... .......... 99%  163M 0s
- 53250K .......... .......... .......... .......... .......... 99%  151M 0s
- 53300K .......... .......... .......... .......... .......... 99%  139M 0s
- 53350K .......... .......... .......... .......... .......... 99%  145M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  128M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  223M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  192M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  244M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  255M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  252M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  226M 0s
+ 46150K .......... .......... .......... .......... .......... 86% 99.2M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  208M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  244M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  194M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  219M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  253M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  251M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  221M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  101M 0s
+ 46600K .......... .......... .......... .......... .......... 87% 67.7M 0s
+ 46650K .......... .......... .......... .......... .......... 87% 64.5M 0s
+ 46700K .......... .......... .......... .......... .......... 87% 74.4M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  153M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  200M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  241M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  225M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  258M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  242M 0s
+ 47050K .......... .......... .......... .......... .......... 88% 97.5M 0s
+ 47100K .......... .......... .......... .......... .......... 88% 77.5M 0s
+ 47150K .......... .......... .......... .......... .......... 88% 54.2M 0s
+ 47200K .......... .......... .......... .......... .......... 88%  129M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  248M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  226M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  237M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  142M 0s
+ 47450K .......... .......... .......... .......... .......... 88% 64.9M 0s
+ 47500K .......... .......... .......... .......... .......... 89% 85.2M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  250M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  236M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  226M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  217M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  232M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  217M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  109M 0s
+ 47900K .......... .......... .......... .......... .......... 89% 65.3M 0s
+ 47950K .......... .......... .......... .......... .......... 89% 48.5M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  126M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  228M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  200M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  229M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  209M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  218M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  191M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  174M 0s
+ 48400K .......... .......... .......... .......... .......... 90% 57.3M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  106M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  193M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  250M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  224M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  251M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  217M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  251M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  249M 0s
+ 48850K .......... .......... .......... .......... .......... 91% 94.7M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  155M 0s
+ 48950K .......... .......... .......... .......... .......... 91% 68.1M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  207M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  238M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  159M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  249M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  254M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  245M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  206M 0s
+ 49350K .......... .......... .......... .......... .......... 92% 89.1M 0s
+ 49400K .......... .......... .......... .......... .......... 92% 62.8M 0s
+ 49450K .......... .......... .......... .......... .......... 92% 50.5M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  134M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  247M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  226M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  251M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  226M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  254M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  235M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  116M 0s
+ 49900K .......... .......... .......... .......... .......... 93% 41.7M 0s
+ 49950K .......... .......... .......... .......... .......... 93% 68.8M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  152M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  249M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  227M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  215M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  255M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  254M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  210M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  252M 0s
+ 50400K .......... .......... .......... .......... .......... 94% 59.2M 0s
+ 50450K .......... .......... .......... .......... .......... 94% 77.5M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  154M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  252M 0s
+ 50600K .......... .......... .......... .......... .......... 94% 76.1M 0s
+ 50650K .......... .......... .......... .......... .......... 94% 90.2M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  209M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  251M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  254M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  254M 0s
+ 50900K .......... .......... .......... .......... .......... 95% 76.4M 0s
+ 50950K .......... .......... .......... .......... .......... 95% 53.6M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  220M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  250M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  189M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  245M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  255M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  255M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  223M 0s
+ 51350K .......... .......... .......... .......... .......... 96% 78.7M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  154M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  108M 0s
+ 51500K .......... .......... .......... .......... .......... 96% 67.0M 0s
+ 51550K .......... .......... .......... .......... .......... 96% 74.5M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  246M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  222M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  225M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  258M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  248M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  252M 0s
+ 51900K .......... .......... .......... .......... .......... 97% 62.6M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  237M 0s
+ 52000K .......... .......... .......... .......... .......... 97% 79.3M 0s
+ 52050K .......... .......... .......... .......... .......... 97% 67.3M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  219M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  246M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  239M 0s
+ 52250K .......... .......... .......... .......... .......... 97% 91.4M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  118M 0s
+ 52350K .......... .......... .......... .......... .......... 98% 87.9M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  218M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  247M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  207M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  250M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  256M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  252M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  211M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  203M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  253M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  254M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  228M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  251M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  112M 0s
+ 53050K .......... .......... .......... .......... .......... 99% 65.9M 0s
+ 53100K .......... .......... .......... .......... .......... 99% 56.8M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  109M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  248M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  248M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  105M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  245M 0s
  53400K ...                                                   100% 6.31T=0.4s
 
-2024-11-06 09:51:49 (116 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.5��� saved [54685068/54685068]
+2024-11-11 10:02:54 (123 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.5’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -21523,8 +21678,8 @@ setuptools  53.0.0     70.0.0    python  GHSA-cx63-2mw6-8hw5  High
 urllib3     1.26.5     1.26.17   python  GHSA-v845-jxx5-vc9f  Medium    
 urllib3     1.26.5     1.26.18   python  GHSA-g4mx-q9vg-27p4  Medium    
 urllib3     1.26.5     1.26.19   python  GHSA-34jh-p97f-mpxf  Medium
-+docker sbom quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
 +tee /tmp/sbom.txt
++docker sbom quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
 NAME                                                                  VERSION                                   TYPE      
 PyGObject                                                             3.40.1                                    python     
 PySocks                                                               1.7.1                                     python     
@@ -21624,36 +21779,37 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
+797935172f32: Layer already exists
 unauthorized: access to the requested resource is not authorized
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +docker login -u=[secure] -p=[secure] quay.io
@@ -21663,30 +21819,30 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-c6ce05a09977: Mounted from noiro/aci-containers-operator
-2c2d764c30e5: Mounted from noiro/aci-containers-operator
-ec1dd385222e: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d size: 1160
+d242d05d20ef: Mounted from noiro/aci-containers-operator
+1a6b532927e3: Mounted from noiro/aci-containers-operator
+cf172d512d2f: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f size: 1160
 +docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-ec1dd385222e: Layer already exists
-c6ce05a09977: Layer already exists
-2c2d764c30e5: Layer already exists
+d242d05d20ef: Layer already exists
+cf172d512d2f: Layer already exists
+1a6b532927e3: Layer already exists
 797935172f32: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d size: 1160
+6.0.4.4.81c2369.z: digest: sha256:eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f size: 1160
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -21694,33 +21850,33 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-c6ce05a09977: Mounted from noiro/aci-containers-operator
-2c2d764c30e5: Mounted from noiro/aci-containers-operator
-ec1dd385222e: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d size: 1160
+d242d05d20ef: Mounted from noiro/aci-containers-operator
+1a6b532927e3: Mounted from noiro/aci-containers-operator
+cf172d512d2f: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f size: 1160
 +docker tag quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369 docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/aci-containers-webhook]
-ec1dd385222e: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+cf172d512d2f: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-ec1dd385222e: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d size: 1160
+1a6b532927e3: Layer already exists
+cf172d512d2f: Layer already exists
+d242d05d20ef: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f size: 1160
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-webhook 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051 registry.access.redhat.com/ubi9/ubi:9.3
++IMAGE_SHA=sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-webhook 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -21728,9 +21884,9 @@ c6ce05a09977: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -21748,8 +21904,8 @@ c6ce05a09977: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=aci-containers-webhook
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -21772,42 +21928,42 @@ From https://github.com/noironetworks/cicd-status
  * branch              main       -> FETCH_HEAD
 Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-webhook
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1340k  100 1340k    0     0  6191k      0 --:--:-- --:--:-- --:--:-- 6204k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1349k  100 1349k    0     0  3821k      0 --:--:-- --:--:-- --:--:-- 3813k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-webhook/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-webhook/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-webhook/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051
-Untagged: noiro/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d
+Untagged: noiro/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/aci-containers-webhook:6.0.4.4.81c2369.z
-Untagged: noiro/aci-containers-webhook@sha256:6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d
-Untagged: quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/aci-containers-webhook@sha256:eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f
+Untagged: quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/aci-containers-webhook@sha256:6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d
+Untagged: quay.io/noiro/aci-containers-webhook@sha256:eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f
 Untagged: quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/aci-containers-webhook:6.0.4.4.81c2369.z
-Deleted: sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051
-+python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-webhook 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
+Deleted: sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d
++python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-webhook 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
-2024-11-06T09:53:25.207Z	[34mINFO[0m	Vulnerability scanning is enabled
-2024-11-06T09:53:25.208Z	[34mINFO[0m	Secret scanning is enabled
-2024-11-06T09:53:25.208Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
-2024-11-06T09:53:25.208Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
-2024-11-06T09:53:49.615Z	[34mINFO[0m	Detected OS: redhat
-2024-11-06T09:53:49.615Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
-2024-11-06T09:53:49.717Z	[34mINFO[0m	Number of language-specific files: 1
-2024-11-06T09:53:49.717Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
+2024-11-11T10:04:10.861Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T10:04:10.861Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T10:04:10.861Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T10:04:10.861Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T10:04:18.593Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T10:04:18.594Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T10:04:18.678Z	[34mINFO[0m	Number of language-specific files: 1
+2024-11-11T10:04:18.678Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
 +git_add_commit_push
 +cd /tmp/cicd-status
 +git config --local user.email test@cisco.com
 +git config --local user.name travis-tagger
 +git stash
-Saved working directory and index state WIP on main: 67af861b 6.0.4.4.z-openvswitch-10022-2024-11-06_09:51:42
+Saved working directory and index state WIP on main: 856c3558 6.0.4.4.z-openvswitch-10031-2024-11-11_10:02:47
 +git pull --rebase origin main
 From https://github.com/noironetworks/cicd-status
  * branch              main       -> FETCH_HEAD
@@ -21820,27 +21976,28 @@ Changes not staged for commit:
   (use "git add <file>..." to update what will be committed)
   (use "git restore <file>..." to discard changes in working directory)
 	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-webhook/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-webhook/6.0.4.4-cve.txt
 	modified:   docs/release_artifacts/releases.yaml
 
 no changes added to commit (use "git add" and/or "git commit -a")
-Dropped refs/stash@{0} (8e2325b68b050344e3b306e99af3501ec7997404)
+Dropped refs/stash@{0} (6cdc3fd2124edb5a9052480a2b70a05216a81b6e)
 +git add .
 +[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
 ++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
-+DOCKER_REPO_DIGEST_SHA=6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d
++DOCKER_REPO_DIGEST_SHA=eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f
 ++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/aci-containers-webhook:6.0.4.4.81c2369.z
-+QUAY_REPO_DIGEST_SHA=6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d
++QUAY_REPO_DIGEST_SHA=eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f
 ++date +%F_%H:%M:%S
-+git commit -a -m 6.0.4.4.z-aci-containers-webhook-10022-2024-11-06_09:53:50 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.110624.10022' -m 'ImageId: sha256:5cc383ac633458ba0a429103fc0aa2b34f6f297b22ae9b4f5ecad6b23faef051' -m 'DockerSha: 6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d' -m 'QuaySha: 6a6c777faac75f167fe5120fd7d785a0c79cf162e53f64a16db09262f4d9011d'
-[main 9c1de98e] 6.0.4.4.z-aci-containers-webhook-10022-2024-11-06_09:53:50
- 2 files changed, 12026 insertions(+), 12175 deletions(-)
++git commit -a -m 6.0.4.4.z-aci-containers-webhook-10031-2024-11-11_10:04:19 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:3ecd3075dac1e06b0858bc6b4a6b80319576fab71ac4e8f3759b583f684ee81d' -m 'DockerSha: eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f' -m 'QuaySha: eb49658a654b4ddb0c0961aaf3a6d47689ca0923788269e4b5cf43de3632ab2f'
+[main 1ff65650] 6.0.4.4.z-aci-containers-webhook-10031-2024-11-11_10:04:19
+ 3 files changed, 12100 insertions(+), 11939 deletions(-)
 +git push origin main
 To https://github.com/noironetworks/cicd-status.git
-   67af861b..9c1de98e  main -> main
+   856c3558..1ff65650  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ aci-containers-certmanager != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-certmanager 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-certmanager 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -21848,9 +22005,9 @@ To https://github.com/noironetworks/cicd-status.git
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -21865,12 +22022,12 @@ To https://github.com/noironetworks/cicd-status.git
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=aci-containers-certmanager
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
-+sh -s -- -b /tmp
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
++sh -s -- -b /tmp
 [info] checking github for the current release tag 
 [info] fetching release script for tag='v0.84.0' 
 [info] checking github for the current release tag 
@@ -21882,1087 +22039,1087 @@ To https://github.com/noironetworks/cicd-status.git
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:53:56--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
-Resolving github.com (github.com)... 140.82.114.4
-Connecting to github.com (github.com)|140.82.114.4|:443... connected.
+--2024-11-11 10:04:24--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+Resolving github.com (github.com)... 140.82.113.3
+Connecting to github.com (github.com)|140.82.113.3|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.111.133, 185.199.109.133, ...
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
 Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.6’
 
-     0K .......... .......... .......... .......... ..........  0% 3.66M 14s
-    50K .......... .......... .......... .......... ..........  0% 3.73M 14s
-   100K .......... .......... .......... .......... ..........  0% 14.2M 11s
-   150K .......... .......... .......... .......... ..........  0% 22.0M 9s
-   200K .......... .......... .......... .......... ..........  0% 6.43M 8s
-   250K .......... .......... .......... .......... ..........  0% 29.4M 7s
-   300K .......... .......... .......... .......... ..........  0% 22.5M 7s
-   350K .......... .......... .......... .......... ..........  0% 30.8M 6s
-   400K .......... .......... .......... .......... ..........  0% 46.8M 5s
-   450K .......... .......... .......... .......... ..........  0% 7.47M 6s
-   500K .......... .......... .......... .......... ..........  1%  106M 5s
-   550K .......... .......... .......... .......... ..........  1% 32.8M 5s
-   600K .......... .......... .......... .......... ..........  1% 48.1M 5s
-   650K .......... .......... .......... .......... ..........  1% 35.6M 4s
-   700K .......... .......... .......... .......... ..........  1%  104M 4s
-   750K .......... .......... .......... .......... ..........  1%  228M 4s
-   800K .......... .......... .......... .......... ..........  1% 59.5M 4s
-   850K .......... .......... .......... .......... ..........  1% 52.1M 3s
-   900K .......... .......... .......... .......... ..........  1% 72.3M 3s
-   950K .......... .......... .......... .......... ..........  1%  235M 3s
-  1000K .......... .......... .......... .......... ..........  1% 8.50M 3s
-  1050K .......... .......... .......... .......... ..........  2%  154M 3s
-  1100K .......... .......... .......... .......... ..........  2% 34.9M 3s
-  1150K .......... .......... .......... .......... ..........  2%  246M 3s
-  1200K .......... .......... .......... .......... ..........  2%  247M 3s
-  1250K .......... .......... .......... .......... ..........  2% 68.8M 3s
-  1300K .......... .......... .......... .......... ..........  2% 54.2M 3s
-  1350K .......... .......... .......... .......... ..........  2%  102M 3s
-  1400K .......... .......... .......... .......... ..........  2%  216M 3s
-  1450K .......... .......... .......... .......... ..........  2%  250M 2s
-  1500K .......... .......... .......... .......... ..........  2% 66.5M 2s
-  1550K .......... .......... .......... .......... ..........  2%  181M 2s
-  1600K .......... .......... .......... .......... ..........  3%  100M 2s
-  1650K .......... .......... .......... .......... ..........  3% 93.0M 2s
-  1700K .......... .......... .......... .......... ..........  3% 71.7M 2s
-  1750K .......... .......... .......... .......... ..........  3% 68.5M 2s
-  1800K .......... .......... .......... .......... ..........  3% 91.2M 2s
-  1850K .......... .......... .......... .......... ..........  3%  162M 2s
-  1900K .......... .......... .......... .......... ..........  3%  218M 2s
-  1950K .......... .......... .......... .......... ..........  3%  164M 2s
-  2000K .......... .......... .......... .......... ..........  3% 12.3M 2s
-  2050K .......... .......... .......... .......... ..........  3%  235M 2s
-  2100K .......... .......... .......... .......... ..........  4%  213M 2s
-  2150K .......... .......... .......... .......... ..........  4%  240M 2s
-  2200K .......... .......... .......... .......... ..........  4%  250M 2s
-  2250K .......... .......... .......... .......... ..........  4% 58.7M 2s
-  2300K .......... .......... .......... .......... ..........  4% 70.0M 2s
-  2350K .......... .......... .......... .......... ..........  4% 85.4M 2s
-  2400K .......... .......... .......... .......... ..........  4% 70.7M 2s
-  2450K .......... .......... .......... .......... ..........  4% 68.8M 2s
-  2500K .......... .......... .......... .......... ..........  4% 78.3M 2s
-  2550K .......... .......... .......... .......... ..........  4%  103M 2s
-  2600K .......... .......... .......... .......... ..........  4%  131M 2s
-  2650K .......... .......... .......... .......... ..........  5% 85.6M 2s
-  2700K .......... .......... .......... .......... ..........  5% 79.1M 2s
-  2750K .......... .......... .......... .......... ..........  5% 88.1M 2s
-  2800K .......... .......... .......... .......... ..........  5%  242M 2s
-  2850K .......... .......... .......... .......... ..........  5% 50.9M 2s
-  2900K .......... .......... .......... .......... ..........  5% 57.6M 2s
-  2950K .......... .......... .......... .......... ..........  5% 94.1M 2s
-  3000K .......... .......... .......... .......... ..........  5%  203M 1s
-  3050K .......... .......... .......... .......... ..........  5%  239M 1s
-  3100K .......... .......... .......... .......... ..........  5%  213M 1s
-  3150K .......... .......... .......... .......... ..........  5%  233M 1s
-  3200K .......... .......... .......... .......... ..........  6%  250M 1s
-  3250K .......... .......... .......... .......... ..........  6%  239M 1s
-  3300K .......... .......... .......... .......... ..........  6%  219M 1s
-  3350K .......... .......... .......... .......... ..........  6%  248M 1s
-  3400K .......... .......... .......... .......... ..........  6%  118M 1s
-  3450K .......... .......... .......... .......... ..........  6% 82.6M 1s
-  3500K .......... .......... .......... .......... ..........  6% 84.8M 1s
-  3550K .......... .......... .......... .......... ..........  6% 81.8M 1s
-  3600K .......... .......... .......... .......... ..........  6%  171M 1s
-  3650K .......... .......... .......... .......... ..........  6%  103M 1s
-  3700K .......... .......... .......... .......... ..........  7% 66.8M 1s
-  3750K .......... .......... .......... .......... ..........  7% 96.8M 1s
-  3800K .......... .......... .......... .......... ..........  7% 86.4M 1s
-  3850K .......... .......... .......... .......... ..........  7% 89.4M 1s
-  3900K .......... .......... .......... .......... ..........  7% 89.4M 1s
-  3950K .......... .......... .......... .......... ..........  7% 90.9M 1s
-  4000K .......... .......... .......... .......... ..........  7% 91.8M 1s
-  4050K .......... .......... .......... .......... ..........  7% 83.0M 1s
-  4100K .......... .......... .......... .......... ..........  7% 77.2M 1s
-  4150K .......... .......... .......... .......... ..........  7% 80.4M 1s
-  4200K .......... .......... .......... .......... ..........  7% 98.4M 1s
-  4250K .......... .......... .......... .......... ..........  8%  113M 1s
-  4300K .......... .......... .......... .......... ..........  8%  130M 1s
-  4350K .......... .......... .......... .......... ..........  8%  225M 1s
-  4400K .......... .......... .......... .......... ..........  8%  126M 1s
-  4450K .......... .......... .......... .......... ..........  8%  245M 1s
-  4500K .......... .......... .......... .......... ..........  8%  224M 1s
-  4550K .......... .......... .......... .......... ..........  8%  232M 1s
-  4600K .......... .......... .......... .......... ..........  8%  250M 1s
-  4650K .......... .......... .......... .......... ..........  8%  236M 1s
-  4700K .......... .......... .......... .......... ..........  8%  207M 1s
-  4750K .......... .......... .......... .......... ..........  8%  260M 1s
-  4800K .......... .......... .......... .......... ..........  9% 72.5M 1s
-  4850K .......... .......... .......... .......... ..........  9% 53.7M 1s
-  4900K .......... .......... .......... .......... ..........  9% 70.6M 1s
-  4950K .......... .......... .......... .......... ..........  9% 96.5M 1s
-  5000K .......... .......... .......... .......... ..........  9% 71.8M 1s
-  5050K .......... .......... .......... .......... ..........  9% 70.0M 1s
-  5100K .......... .......... .......... .......... ..........  9% 63.8M 1s
-  5150K .......... .......... .......... .......... ..........  9% 68.8M 1s
-  5200K .......... .......... .......... .......... ..........  9%  104M 1s
-  5250K .......... .......... .......... .......... ..........  9%  103M 1s
-  5300K .......... .......... .......... .......... .......... 10%  216M 1s
-  5350K .......... .......... .......... .......... .......... 10%  247M 1s
-  5400K .......... .......... .......... .......... .......... 10%  218M 1s
-  5450K .......... .......... .......... .......... .......... 10% 33.6M 1s
-  5500K .......... .......... .......... .......... .......... 10% 76.5M 1s
-  5550K .......... .......... .......... .......... .......... 10% 69.2M 1s
-  5600K .......... .......... .......... .......... .......... 10%  172M 1s
-  5650K .......... .......... .......... .......... .......... 10%  223M 1s
-  5700K .......... .......... .......... .......... .......... 10%  220M 1s
-  5750K .......... .......... .......... .......... .......... 10%  251M 1s
-  5800K .......... .......... .......... .......... .......... 10% 28.7M 1s
-  5850K .......... .......... .......... .......... .......... 11% 74.9M 1s
-  5900K .......... .......... .......... .......... .......... 11% 56.4M 1s
-  5950K .......... .......... .......... .......... .......... 11% 79.3M 1s
-  6000K .......... .......... .......... .......... .......... 11% 75.8M 1s
-  6050K .......... .......... .......... .......... .......... 11%  115M 1s
-  6100K .......... .......... .......... .......... .......... 11%  158M 1s
-  6150K .......... .......... .......... .......... .......... 11%  228M 1s
-  6200K .......... .......... .......... .......... .......... 11% 76.4M 1s
-  6250K .......... .......... .......... .......... .......... 11% 61.9M 1s
-  6300K .......... .......... .......... .......... .......... 11%  156M 1s
-  6350K .......... .......... .......... .......... .......... 11%  232M 1s
-  6400K .......... .......... .......... .......... .......... 12%  210M 1s
-  6450K .......... .......... .......... .......... .......... 12%  253M 1s
-  6500K .......... .......... .......... .......... .......... 12%  220M 1s
-  6550K .......... .......... .......... .......... .......... 12%  135M 1s
-  6600K .......... .......... .......... .......... .......... 12% 68.4M 1s
-  6650K .......... .......... .......... .......... .......... 12% 80.0M 1s
-  6700K .......... .......... .......... .......... .......... 12% 76.8M 1s
-  6750K .......... .......... .......... .......... .......... 12% 64.8M 1s
-  6800K .......... .......... .......... .......... .......... 12% 81.1M 1s
-  6850K .......... .......... .......... .......... .......... 12% 77.8M 1s
-  6900K .......... .......... .......... .......... .......... 13%  197M 1s
-  6950K .......... .......... .......... .......... .......... 13%  247M 1s
-  7000K .......... .......... .......... .......... .......... 13%  220M 1s
-  7050K .......... .......... .......... .......... .......... 13%  201M 1s
-  7100K .......... .......... .......... .......... .......... 13%  223M 1s
-  7150K .......... .......... .......... .......... .......... 13%  246M 1s
-  7200K .......... .......... .......... .......... .......... 13%  261M 1s
-  7250K .......... .......... .......... .......... .......... 13%  249M 1s
-  7300K .......... .......... .......... .......... .......... 13%  140M 1s
-  7350K .......... .......... .......... .......... .......... 13% 68.6M 1s
-  7400K .......... .......... .......... .......... .......... 13% 67.6M 1s
-  7450K .......... .......... .......... .......... .......... 14% 71.4M 1s
-  7500K .......... .......... .......... .......... .......... 14% 64.8M 1s
-  7550K .......... .......... .......... .......... .......... 14%  172M 1s
-  7600K .......... .......... .......... .......... .......... 14% 74.4M 1s
-  7650K .......... .......... .......... .......... .......... 14% 92.6M 1s
-  7700K .......... .......... .......... .......... .......... 14% 58.6M 1s
-  7750K .......... .......... .......... .......... .......... 14% 77.8M 1s
-  7800K .......... .......... .......... .......... .......... 14% 92.8M 1s
-  7850K .......... .......... .......... .......... .......... 14% 69.6M 1s
-  7900K .......... .......... .......... .......... .......... 14% 75.4M 1s
-  7950K .......... .......... .......... .......... .......... 14% 71.6M 1s
-  8000K .......... .......... .......... .......... .......... 15% 69.3M 1s
-  8050K .......... .......... .......... .......... .......... 15%  164M 1s
-  8100K .......... .......... .......... .......... .......... 15%  214M 1s
-  8150K .......... .......... .......... .......... .......... 15%  126M 1s
-  8200K .......... .......... .......... .......... .......... 15%  102M 1s
-  8250K .......... .......... .......... .......... .......... 15%  237M 1s
-  8300K .......... .......... .......... .......... .......... 15%  209M 1s
-  8350K .......... .......... .......... .......... .......... 15%  259M 1s
-  8400K .......... .......... .......... .......... .......... 15%  251M 1s
-  8450K .......... .......... .......... .......... .......... 15%  256M 1s
-  8500K .......... .......... .......... .......... .......... 16%  218M 1s
-  8550K .......... .......... .......... .......... .......... 16% 58.8M 1s
-  8600K .......... .......... .......... .......... .......... 16% 51.4M 1s
-  8650K .......... .......... .......... .......... .......... 16%  198M 1s
-  8700K .......... .......... .......... .......... .......... 16% 35.2M 1s
-  8750K .......... .......... .......... .......... .......... 16% 78.4M 1s
-  8800K .......... .......... .......... .......... .......... 16% 69.3M 1s
-  8850K .......... .......... .......... .......... .......... 16% 82.5M 1s
-  8900K .......... .......... .......... .......... .......... 16% 64.2M 1s
-  8950K .......... .......... .......... .......... .......... 16% 80.1M 1s
-  9000K .......... .......... .......... .......... .......... 16%  196M 1s
-  9050K .......... .......... .......... .......... .......... 17%  222M 1s
-  9100K .......... .......... .......... .......... .......... 17%  132M 1s
-  9150K .......... .......... .......... .......... .......... 17%  245M 1s
-  9200K .......... .......... .......... .......... .......... 17%  250M 1s
-  9250K .......... .......... .......... .......... .......... 17% 86.1M 1s
-  9300K .......... .......... .......... .......... .......... 17% 62.8M 1s
-  9350K .......... .......... .......... .......... .......... 17% 73.5M 1s
-  9400K .......... .......... .......... .......... .......... 17%  121M 1s
-  9450K .......... .......... .......... .......... .......... 17%  101M 1s
-  9500K .......... .......... .......... .......... .......... 17%  109M 1s
-  9550K .......... .......... .......... .......... .......... 17%  241M 1s
-  9600K .......... .......... .......... .......... .......... 18%  256M 1s
-  9650K .......... .......... .......... .......... .......... 18%  252M 1s
-  9700K .......... .......... .......... .......... .......... 18% 29.2M 1s
-  9750K .......... .......... .......... .......... .......... 18% 89.1M 1s
-  9800K .......... .......... .......... .......... .......... 18%  210M 1s
-  9850K .......... .......... .......... .......... .......... 18% 98.8M 1s
-  9900K .......... .......... .......... .......... .......... 18% 68.6M 1s
-  9950K .......... .......... .......... .......... .......... 18%  112M 1s
- 10000K .......... .......... .......... .......... .......... 18%  226M 1s
- 10050K .......... .......... .......... .......... .......... 18%  251M 1s
- 10100K .......... .......... .......... .......... .......... 19% 64.1M 1s
- 10150K .......... .......... .......... .......... .......... 19%  238M 1s
- 10200K .......... .......... .......... .......... .......... 19%  228M 1s
- 10250K .......... .......... .......... .......... .......... 19%  266M 1s
- 10300K .......... .......... .......... .......... .......... 19%  219M 1s
- 10350K .......... .......... .......... .......... .......... 19%  227M 1s
- 10400K .......... .......... .......... .......... .......... 19%  250M 1s
- 10450K .......... .......... .......... .......... .......... 19%  248M 1s
- 10500K .......... .......... .......... .......... .......... 19%  224M 1s
- 10550K .......... .......... .......... .......... .......... 19%  249M 1s
- 10600K .......... .......... .......... .......... .......... 19% 21.0M 1s
- 10650K .......... .......... .......... .......... .......... 20% 36.6M 1s
- 10700K .......... .......... .......... .......... .......... 20% 70.0M 1s
- 10750K .......... .......... .......... .......... .......... 20% 64.9M 1s
- 10800K .......... .......... .......... .......... .......... 20%  186M 1s
- 10850K .......... .......... .......... .......... .......... 20%  212M 1s
- 10900K .......... .......... .......... .......... .......... 20%  124M 1s
- 10950K .......... .......... .......... .......... .......... 20% 48.2M 1s
- 11000K .......... .......... .......... .......... .......... 20% 51.3M 1s
- 11050K .......... .......... .......... .......... .......... 20% 78.1M 1s
- 11100K .......... .......... .......... .......... .......... 20% 74.6M 1s
- 11150K .......... .......... .......... .......... .......... 20%  107M 1s
- 11200K .......... .......... .......... .......... .......... 21% 62.7M 1s
- 11250K .......... .......... .......... .......... .......... 21%  229M 1s
- 11300K .......... .......... .......... .......... .......... 21%  246M 1s
- 11350K .......... .......... .......... .......... .......... 21%  234M 1s
- 11400K .......... .......... .......... .......... .......... 21%  201M 1s
- 11450K .......... .......... .......... .......... .......... 21%  241M 1s
- 11500K .......... .......... .......... .......... .......... 21%  241M 1s
- 11550K .......... .......... .......... .......... .......... 21%  248M 1s
- 11600K .......... .......... .......... .......... .......... 21% 33.4M 1s
- 11650K .......... .......... .......... .......... .......... 21% 76.9M 1s
- 11700K .......... .......... .......... .......... .......... 22%  236M 1s
- 11750K .......... .......... .......... .......... .......... 22%  235M 1s
- 11800K .......... .......... .......... .......... .......... 22% 31.3M 1s
- 11850K .......... .......... .......... .......... .......... 22% 87.9M 1s
- 11900K .......... .......... .......... .......... .......... 22% 75.8M 1s
- 11950K .......... .......... .......... .......... .......... 22% 94.6M 1s
- 12000K .......... .......... .......... .......... .......... 22% 58.9M 1s
- 12050K .......... .......... .......... .......... .......... 22% 84.1M 1s
- 12100K .......... .......... .......... .......... .......... 22% 68.8M 1s
- 12150K .......... .......... .......... .......... .......... 22% 80.8M 1s
- 12200K .......... .......... .......... .......... .......... 22% 57.6M 1s
- 12250K .......... .......... .......... .......... .......... 23% 97.0M 1s
- 12300K .......... .......... .......... .......... .......... 23% 64.2M 1s
- 12350K .......... .......... .......... .......... .......... 23%  117M 1s
- 12400K .......... .......... .......... .......... .......... 23%  159M 1s
- 12450K .......... .......... .......... .......... .......... 23%  221M 1s
- 12500K .......... .......... .......... .......... .......... 23% 83.0M 1s
- 12550K .......... .......... .......... .......... .......... 23%  115M 1s
- 12600K .......... .......... .......... .......... .......... 23%  198M 1s
- 12650K .......... .......... .......... .......... .......... 23%  252M 1s
- 12700K .......... .......... .......... .......... .......... 23% 33.7M 1s
- 12750K .......... .......... .......... .......... .......... 23%  138M 1s
- 12800K .......... .......... .......... .......... .......... 24% 96.2M 1s
- 12850K .......... .......... .......... .......... .......... 24%  112M 1s
- 12900K .......... .......... .......... .......... .......... 24% 57.2M 1s
- 12950K .......... .......... .......... .......... .......... 24%  233M 1s
- 13000K .......... .......... .......... .......... .......... 24%  244M 1s
- 13050K .......... .......... .......... .......... .......... 24% 33.1M 1s
- 13100K .......... .......... .......... .......... .......... 24% 67.2M 1s
- 13150K .......... .......... .......... .......... .......... 24% 95.7M 1s
- 13200K .......... .......... .......... .......... .......... 24%  250M 1s
- 13250K .......... .......... .......... .......... .......... 24%  217M 1s
- 13300K .......... .......... .......... .......... .......... 24%  227M 1s
- 13350K .......... .......... .......... .......... .......... 25%  242M 1s
- 13400K .......... .......... .......... .......... .......... 25%  244M 1s
- 13450K .......... .......... .......... .......... .......... 25%  255M 1s
- 13500K .......... .......... .......... .......... .......... 25% 21.5M 1s
- 13550K .......... .......... .......... .......... .......... 25% 85.3M 1s
- 13600K .......... .......... .......... .......... .......... 25% 59.0M 1s
- 13650K .......... .......... .......... .......... .......... 25% 77.1M 1s
- 13700K .......... .......... .......... .......... .......... 25% 65.9M 1s
- 13750K .......... .......... .......... .......... .......... 25% 69.2M 1s
- 13800K .......... .......... .......... .......... .......... 25% 86.7M 1s
- 13850K .......... .......... .......... .......... .......... 26% 74.3M 1s
- 13900K .......... .......... .......... .......... .......... 26% 83.3M 1s
- 13950K .......... .......... .......... .......... .......... 26%  103M 1s
- 14000K .......... .......... .......... .......... .......... 26%  225M 1s
- 14050K .......... .......... .......... .......... .......... 26%  253M 1s
- 14100K .......... .......... .......... .......... .......... 26%  225M 1s
- 14150K .......... .......... .......... .......... .......... 26%  252M 1s
- 14200K .......... .......... .......... .......... .......... 26%  255M 1s
- 14250K .......... .......... .......... .......... .......... 26% 31.5M 1s
- 14300K .......... .......... .......... .......... .......... 26% 39.0M 1s
- 14350K .......... .......... .......... .......... .......... 26%  216M 1s
- 14400K .......... .......... .......... .......... .......... 27% 81.3M 1s
- 14450K .......... .......... .......... .......... .......... 27% 70.2M 1s
- 14500K .......... .......... .......... .......... .......... 27% 83.1M 1s
- 14550K .......... .......... .......... .......... .......... 27% 76.1M 1s
- 14600K .......... .......... .......... .......... .......... 27% 77.1M 1s
- 14650K .......... .......... .......... .......... .......... 27%  251M 1s
- 14700K .......... .......... .......... .......... .......... 27%  197M 1s
- 14750K .......... .......... .......... .......... .......... 27%  253M 1s
- 14800K .......... .......... .......... .......... .......... 27%  253M 1s
- 14850K .......... .......... .......... .......... .......... 27% 85.9M 1s
- 14900K .......... .......... .......... .......... .......... 27% 67.9M 1s
- 14950K .......... .......... .......... .......... .......... 28%  238M 1s
- 15000K .......... .......... .......... .......... .......... 28%  249M 1s
- 15050K .......... .......... .......... .......... .......... 28% 46.0M 1s
- 15100K .......... .......... .......... .......... .......... 28% 62.0M 1s
- 15150K .......... .......... .......... .......... .......... 28%  242M 1s
- 15200K .......... .......... .......... .......... .......... 28%  251M 1s
- 15250K .......... .......... .......... .......... .......... 28% 72.9M 1s
- 15300K .......... .......... .......... .......... .......... 28%  202M 1s
- 15350K .......... .......... .......... .......... .......... 28% 57.5M 1s
- 15400K .......... .......... .......... .......... .......... 28% 77.9M 1s
- 15450K .......... .......... .......... .......... .......... 29% 78.6M 1s
- 15500K .......... .......... .......... .......... .......... 29% 68.1M 1s
- 15550K .......... .......... .......... .......... .......... 29% 74.9M 1s
- 15600K .......... .......... .......... .......... .......... 29% 72.3M 1s
- 15650K .......... .......... .......... .......... .......... 29%  225M 1s
- 15700K .......... .......... .......... .......... .......... 29%  209M 1s
- 15750K .......... .......... .......... .......... .......... 29%  253M 1s
- 15800K .......... .......... .......... .......... .......... 29%  251M 1s
- 15850K .......... .......... .......... .......... .......... 29%  260M 1s
- 15900K .......... .......... .......... .......... .......... 29%  182M 1s
- 15950K .......... .......... .......... .......... .......... 29%  230M 1s
- 16000K .......... .......... .......... .......... .......... 30% 72.0M 1s
- 16050K .......... .......... .......... .......... .......... 30% 58.4M 1s
- 16100K .......... .......... .......... .......... .......... 30% 82.4M 1s
- 16150K .......... .......... .......... .......... .......... 30% 72.3M 1s
- 16200K .......... .......... .......... .......... .......... 30% 87.7M 1s
- 16250K .......... .......... .......... .......... .......... 30% 81.0M 1s
- 16300K .......... .......... .......... .......... .......... 30% 61.4M 1s
- 16350K .......... .......... .......... .......... .......... 30% 74.6M 1s
- 16400K .......... .......... .......... .......... .......... 30% 78.5M 1s
- 16450K .......... .......... .......... .......... .......... 30%  166M 1s
- 16500K .......... .......... .......... .......... .......... 30%  222M 1s
- 16550K .......... .......... .......... .......... .......... 31%  233M 1s
- 16600K .......... .......... .......... .......... .......... 31%  242M 0s
- 16650K .......... .......... .......... .......... .......... 31%  250M 0s
- 16700K .......... .......... .......... .......... .......... 31%  203M 0s
- 16750K .......... .......... .......... .......... .......... 31%  183M 0s
- 16800K .......... .......... .......... .......... .......... 31%  132M 0s
- 16850K .......... .......... .......... .......... .......... 31% 77.7M 0s
- 16900K .......... .......... .......... .......... .......... 31%  217M 0s
- 16950K .......... .......... .......... .......... .......... 31% 57.1M 0s
- 17000K .......... .......... .......... .......... .......... 31% 35.2M 0s
- 17050K .......... .......... .......... .......... .......... 32% 71.9M 0s
- 17100K .......... .......... .......... .......... .......... 32% 89.3M 0s
- 17150K .......... .......... .......... .......... .......... 32% 63.7M 0s
- 17200K .......... .......... .......... .......... .......... 32% 99.1M 0s
- 17250K .......... .......... .......... .......... .......... 32% 67.8M 0s
- 17300K .......... .......... .......... .......... .......... 32% 65.3M 0s
- 17350K .......... .......... .......... .......... .......... 32% 90.6M 0s
- 17400K .......... .......... .......... .......... .......... 32% 77.7M 0s
- 17450K .......... .......... .......... .......... .......... 32% 81.3M 0s
- 17500K .......... .......... .......... .......... .......... 32%  109M 0s
- 17550K .......... .......... .......... .......... .......... 32%  251M 0s
- 17600K .......... .......... .......... .......... .......... 33%  231M 0s
- 17650K .......... .......... .......... .......... .......... 33%  259M 0s
- 17700K .......... .......... .......... .......... .......... 33%  206M 0s
- 17750K .......... .......... .......... .......... .......... 33%  252M 0s
- 17800K .......... .......... .......... .......... .......... 33%  252M 0s
- 17850K .......... .......... .......... .......... .......... 33% 56.5M 0s
- 17900K .......... .......... .......... .......... .......... 33% 72.3M 0s
- 17950K .......... .......... .......... .......... .......... 33%  245M 0s
- 18000K .......... .......... .......... .......... .......... 33%  249M 0s
- 18050K .......... .......... .......... .......... .......... 33%  224M 0s
- 18100K .......... .......... .......... .......... .......... 33%  226M 0s
- 18150K .......... .......... .......... .......... .......... 34%  214M 0s
- 18200K .......... .......... .......... .......... .......... 34%  223M 0s
- 18250K .......... .......... .......... .......... .......... 34%  215M 0s
- 18300K .......... .......... .......... .......... .......... 34% 57.8M 0s
- 18350K .......... .......... .......... .......... .......... 34%  113M 0s
- 18400K .......... .......... .......... .......... .......... 34%  233M 0s
- 18450K .......... .......... .......... .......... .......... 34%  225M 0s
- 18500K .......... .......... .......... .......... .......... 34%  211M 0s
- 18550K .......... .......... .......... .......... .......... 34% 83.4M 0s
- 18600K .......... .......... .......... .......... .......... 34%  113M 0s
- 18650K .......... .......... .......... .......... .......... 35% 73.9M 0s
- 18700K .......... .......... .......... .......... .......... 35%  211M 0s
- 18750K .......... .......... .......... .......... .......... 35%  215M 0s
- 18800K .......... .......... .......... .......... .......... 35%  243M 0s
- 18850K .......... .......... .......... .......... .......... 35%  247M 0s
- 18900K .......... .......... .......... .......... .......... 35%  226M 0s
- 18950K .......... .......... .......... .......... .......... 35%  256M 0s
- 19000K .......... .......... .......... .......... .......... 35%  127M 0s
- 19050K .......... .......... .......... .......... .......... 35% 89.1M 0s
- 19100K .......... .......... .......... .......... .......... 35% 54.1M 0s
- 19150K .......... .......... .......... .......... .......... 35% 68.3M 0s
- 19200K .......... .......... .......... .......... .......... 36%  191M 0s
- 19250K .......... .......... .......... .......... .......... 36%  253M 0s
- 19300K .......... .......... .......... .......... .......... 36%  213M 0s
- 19350K .......... .......... .......... .......... .......... 36%  250M 0s
- 19400K .......... .......... .......... .......... .......... 36%  243M 0s
- 19450K .......... .......... .......... .......... .......... 36%  247M 0s
- 19500K .......... .......... .......... .......... .......... 36%  216M 0s
- 19550K .......... .......... .......... .......... .......... 36% 71.6M 0s
- 19600K .......... .......... .......... .......... .......... 36% 45.9M 0s
- 19650K .......... .......... .......... .......... .......... 36% 83.7M 0s
- 19700K .......... .......... .......... .......... .......... 36%  213M 0s
- 19750K .......... .......... .......... .......... .......... 37%  242M 0s
- 19800K .......... .......... .......... .......... .......... 37%  251M 0s
- 19850K .......... .......... .......... .......... .......... 37%  236M 0s
- 19900K .......... .......... .......... .......... .......... 37%  213M 0s
- 19950K .......... .......... .......... .......... .......... 37%  242M 0s
- 20000K .......... .......... .......... .......... .......... 37%  251M 0s
- 20050K .......... .......... .......... .......... .......... 37%  235M 0s
- 20100K .......... .......... .......... .......... .......... 37%  164M 0s
- 20150K .......... .......... .......... .......... .......... 37%  221M 0s
- 20200K .......... .......... .......... .......... .......... 37%  255M 0s
- 20250K .......... .......... .......... .......... .......... 38%  258M 0s
- 20300K .......... .......... .......... .......... .......... 38%  205M 0s
- 20350K .......... .......... .......... .......... .......... 38%  230M 0s
- 20400K .......... .......... .......... .......... .......... 38%  239M 0s
- 20450K .......... .......... .......... .......... .......... 38%  238M 0s
- 20500K .......... .......... .......... .......... .......... 38%  270M 0s
- 20550K .......... .......... .......... .......... .......... 38% 86.7M 0s
- 20600K .......... .......... .......... .......... .......... 38% 75.2M 0s
- 20650K .......... .......... .......... .......... .......... 38% 54.6M 0s
- 20700K .......... .......... .......... .......... .......... 38% 79.1M 0s
- 20750K .......... .......... .......... .......... .......... 38%  136M 0s
- 20800K .......... .......... .......... .......... .......... 39%  232M 0s
- 20850K .......... .......... .......... .......... .......... 39%  254M 0s
- 20900K .......... .......... .......... .......... .......... 39%  247M 0s
- 20950K .......... .......... .......... .......... .......... 39%  232M 0s
- 21000K .......... .......... .......... .......... .......... 39%  216M 0s
- 21050K .......... .......... .......... .......... .......... 39% 84.1M 0s
- 21100K .......... .......... .......... .......... .......... 39% 66.5M 0s
- 21150K .......... .......... .......... .......... .......... 39% 63.7M 0s
- 21200K .......... .......... .......... .......... .......... 39%  242M 0s
- 21250K .......... .......... .......... .......... .......... 39%  251M 0s
- 21300K .......... .......... .......... .......... .......... 39%  259M 0s
- 21350K .......... .......... .......... .......... .......... 40%  225M 0s
+     0K .......... .......... .......... .......... ..........  0% 4.13M 13s
+    50K .......... .......... .......... .......... ..........  0% 4.90M 12s
+   100K .......... .......... .......... .......... ..........  0% 28.9M 8s
+   150K .......... .......... .......... .......... ..........  0% 22.8M 7s
+   200K .......... .......... .......... .......... ..........  0% 7.03M 7s
+   250K .......... .......... .......... .......... ..........  0% 56.6M 6s
+   300K .......... .......... .......... .......... ..........  0% 46.2M 5s
+   350K .......... .......... .......... .......... ..........  0% 32.5M 5s
+   400K .......... .......... .......... .......... ..........  0% 26.0M 4s
+   450K .......... .......... .......... .......... ..........  0% 8.98M 5s
+   500K .......... .......... .......... .......... ..........  1%  162M 4s
+   550K .......... .......... .......... .......... ..........  1% 50.3M 4s
+   600K .......... .......... .......... .......... ..........  1% 87.5M 4s
+   650K .......... .......... .......... .......... ..........  1% 40.2M 3s
+   700K .......... .......... .......... .......... ..........  1%  224M 3s
+   750K .......... .......... .......... .......... ..........  1%  179M 3s
+   800K .......... .......... .......... .......... ..........  1% 56.3M 3s
+   850K .......... .......... .......... .......... ..........  1% 51.4M 3s
+   900K .......... .......... .......... .......... ..........  1%  207M 3s
+   950K .......... .......... .......... .......... ..........  1%  216M 3s
+  1000K .......... .......... .......... .......... ..........  1% 8.92M 3s
+  1050K .......... .......... .......... .......... ..........  2%  247M 3s
+  1100K .......... .......... .......... .......... ..........  2% 94.5M 3s
+  1150K .......... .......... .......... .......... ..........  2%  139M 2s
+  1200K .......... .......... .......... .......... ..........  2%  244M 2s
+  1250K .......... .......... .......... .......... ..........  2%  219M 2s
+  1300K .......... .......... .......... .......... ..........  2% 68.7M 2s
+  1350K .......... .......... .......... .......... ..........  2%  110M 2s
+  1400K .......... .......... .......... .......... ..........  2%  168M 2s
+  1450K .......... .......... .......... .......... ..........  2%  212M 2s
+  1500K .......... .......... .......... .......... ..........  2%  250M 2s
+  1550K .......... .......... .......... .......... ..........  2% 29.5M 2s
+  1600K .......... .......... .......... .......... ..........  3% 50.0M 2s
+  1650K .......... .......... .......... .......... ..........  3% 73.2M 2s
+  1700K .......... .......... .......... .......... ..........  3% 67.2M 2s
+  1750K .......... .......... .......... .......... ..........  3%  213M 2s
+  1800K .......... .......... .......... .......... ..........  3%  223M 2s
+  1850K .......... .......... .......... .......... ..........  3%  242M 2s
+  1900K .......... .......... .......... .......... ..........  3%  248M 2s
+  1950K .......... .......... .......... .......... ..........  3%  206M 2s
+  2000K .......... .......... .......... .......... ..........  3% 18.0M 2s
+  2050K .......... .......... .......... .......... ..........  3%  187M 2s
+  2100K .......... .......... .......... .......... ..........  4%  225M 2s
+  2150K .......... .......... .......... .......... ..........  4%  163M 2s
+  2200K .......... .......... .......... .......... ..........  4%  215M 2s
+  2250K .......... .......... .......... .......... ..........  4%  122M 1s
+  2300K .......... .......... .......... .......... ..........  4% 41.3M 1s
+  2350K .......... .......... .......... .......... ..........  4% 25.3M 1s
+  2400K .......... .......... .......... .......... ..........  4% 54.0M 1s
+  2450K .......... .......... .......... .......... ..........  4%  135M 1s
+  2500K .......... .......... .......... .......... ..........  4% 55.0M 1s
+  2550K .......... .......... .......... .......... ..........  4% 54.3M 1s
+  2600K .......... .......... .......... .......... ..........  4%  141M 1s
+  2650K .......... .......... .......... .......... ..........  5%  246M 1s
+  2700K .......... .......... .......... .......... ..........  5%  256M 1s
+  2750K .......... .......... .......... .......... ..........  5% 61.7M 1s
+  2800K .......... .......... .......... .......... ..........  5% 67.0M 1s
+  2850K .......... .......... .......... .......... ..........  5% 64.6M 1s
+  2900K .......... .......... .......... .......... ..........  5% 59.3M 1s
+  2950K .......... .......... .......... .......... ..........  5% 37.0M 1s
+  3000K .......... .......... .......... .......... ..........  5% 75.1M 1s
+  3050K .......... .......... .......... .......... ..........  5% 27.3M 1s
+  3100K .......... .......... .......... .......... ..........  5% 52.7M 1s
+  3150K .......... .......... .......... .......... ..........  5% 75.0M 1s
+  3200K .......... .......... .......... .......... ..........  6%  145M 1s
+  3250K .......... .......... .......... .......... ..........  6%  249M 1s
+  3300K .......... .......... .......... .......... ..........  6% 89.3M 1s
+  3350K .......... .......... .......... .......... ..........  6% 20.7M 1s
+  3400K .......... .......... .......... .......... ..........  6%  110M 1s
+  3450K .......... .......... .......... .......... ..........  6%  225M 1s
+  3500K .......... .......... .......... .......... ..........  6% 39.7M 1s
+  3550K .......... .......... .......... .......... ..........  6% 66.4M 1s
+  3600K .......... .......... .......... .......... ..........  6%  207M 1s
+  3650K .......... .......... .......... .......... ..........  6%  252M 1s
+  3700K .......... .......... .......... .......... ..........  7%  256M 1s
+  3750K .......... .......... .......... .......... ..........  7%  171M 1s
+  3800K .......... .......... .......... .......... ..........  7% 26.1M 1s
+  3850K .......... .......... .......... .......... ..........  7% 56.5M 1s
+  3900K .......... .......... .......... .......... ..........  7% 57.6M 1s
+  3950K .......... .......... .......... .......... ..........  7% 65.0M 1s
+  4000K .......... .......... .......... .......... ..........  7%  244M 1s
+  4050K .......... .......... .......... .......... ..........  7%  255M 1s
+  4100K .......... .......... .......... .......... ..........  7%  189M 1s
+  4150K .......... .......... .......... .......... ..........  7% 31.1M 1s
+  4200K .......... .......... .......... .......... ..........  7% 70.0M 1s
+  4250K .......... .......... .......... .......... ..........  8% 82.2M 1s
+  4300K .......... .......... .......... .......... ..........  8% 94.0M 1s
+  4350K .......... .......... .......... .......... ..........  8% 75.4M 1s
+  4400K .......... .......... .......... .......... ..........  8%  170M 1s
+  4450K .......... .......... .......... .......... ..........  8%  250M 1s
+  4500K .......... .......... .......... .......... ..........  8%  255M 1s
+  4550K .......... .......... .......... .......... ..........  8%  158M 1s
+  4600K .......... .......... .......... .......... ..........  8% 51.7M 1s
+  4650K .......... .......... .......... .......... ..........  8% 70.8M 1s
+  4700K .......... .......... .......... .......... ..........  8% 70.1M 1s
+  4750K .......... .......... .......... .......... ..........  8%  100M 1s
+  4800K .......... .......... .......... .......... ..........  9%  229M 1s
+  4850K .......... .......... .......... .......... ..........  9%  240M 1s
+  4900K .......... .......... .......... .......... ..........  9%  217M 1s
+  4950K .......... .......... .......... .......... ..........  9%  161M 1s
+  5000K .......... .......... .......... .......... ..........  9% 25.8M 1s
+  5050K .......... .......... .......... .......... ..........  9% 48.6M 1s
+  5100K .......... .......... .......... .......... ..........  9% 66.5M 1s
+  5150K .......... .......... .......... .......... ..........  9% 56.4M 1s
+  5200K .......... .......... .......... .......... ..........  9% 76.2M 1s
+  5250K .......... .......... .......... .......... ..........  9% 69.1M 1s
+  5300K .......... .......... .......... .......... .......... 10% 66.9M 1s
+  5350K .......... .......... .......... .......... .......... 10%  213M 1s
+  5400K .......... .......... .......... .......... .......... 10%  233M 1s
+  5450K .......... .......... .......... .......... .......... 10%  182M 1s
+  5500K .......... .......... .......... .......... .......... 10% 30.3M 1s
+  5550K .......... .......... .......... .......... .......... 10% 41.1M 1s
+  5600K .......... .......... .......... .......... .......... 10%  130M 1s
+  5650K .......... .......... .......... .......... .......... 10% 72.3M 1s
+  5700K .......... .......... .......... .......... .......... 10%  229M 1s
+  5750K .......... .......... .......... .......... .......... 10%  218M 1s
+  5800K .......... .......... .......... .......... .......... 10%  256M 1s
+  5850K .......... .......... .......... .......... .......... 11%  251M 1s
+  5900K .......... .......... .......... .......... .......... 11% 55.2M 1s
+  5950K .......... .......... .......... .......... .......... 11% 26.4M 1s
+  6000K .......... .......... .......... .......... .......... 11%  119M 1s
+  6050K .......... .......... .......... .......... .......... 11%  230M 1s
+  6100K .......... .......... .......... .......... .......... 11%  116M 1s
+  6150K .......... .......... .......... .......... .......... 11% 51.5M 1s
+  6200K .......... .......... .......... .......... .......... 11%  211M 1s
+  6250K .......... .......... .......... .......... .......... 11%  254M 1s
+  6300K .......... .......... .......... .......... .......... 11% 28.8M 1s
+  6350K .......... .......... .......... .......... .......... 11% 61.4M 1s
+  6400K .......... .......... .......... .......... .......... 12% 73.7M 1s
+  6450K .......... .......... .......... .......... .......... 12% 89.6M 1s
+  6500K .......... .......... .......... .......... .......... 12%  248M 1s
+  6550K .......... .......... .......... .......... .......... 12%  191M 1s
+  6600K .......... .......... .......... .......... .......... 12%  243M 1s
+  6650K .......... .......... .......... .......... .......... 12%  253M 1s
+  6700K .......... .......... .......... .......... .......... 12%  137M 1s
+  6750K .......... .......... .......... .......... .......... 12% 56.5M 1s
+  6800K .......... .......... .......... .......... .......... 12%  248M 1s
+  6850K .......... .......... .......... .......... .......... 12% 30.9M 1s
+  6900K .......... .......... .......... .......... .......... 13% 42.0M 1s
+  6950K .......... .......... .......... .......... .......... 13% 78.2M 1s
+  7000K .......... .......... .......... .......... .......... 13% 72.9M 1s
+  7050K .......... .......... .......... .......... .......... 13% 64.0M 1s
+  7100K .......... .......... .......... .......... .......... 13% 59.2M 1s
+  7150K .......... .......... .......... .......... .......... 13% 79.9M 1s
+  7200K .......... .......... .......... .......... .......... 13%  238M 1s
+  7250K .......... .......... .......... .......... .......... 13%  230M 1s
+  7300K .......... .......... .......... .......... .......... 13%  243M 1s
+  7350K .......... .......... .......... .......... .......... 13%  209M 1s
+  7400K .......... .......... .......... .......... .......... 13%  233M 1s
+  7450K .......... .......... .......... .......... .......... 14%  246M 1s
+  7500K .......... .......... .......... .......... .......... 14%  222M 1s
+  7550K .......... .......... .......... .......... .......... 14%  217M 1s
+  7600K .......... .......... .......... .......... .......... 14%  217M 1s
+  7650K .......... .......... .......... .......... .......... 14% 60.9M 1s
+  7700K .......... .......... .......... .......... .......... 14% 33.8M 1s
+  7750K .......... .......... .......... .......... .......... 14% 71.0M 1s
+  7800K .......... .......... .......... .......... .......... 14%  172M 1s
+  7850K .......... .......... .......... .......... .......... 14% 38.7M 1s
+  7900K .......... .......... .......... .......... .......... 14% 68.8M 1s
+  7950K .......... .......... .......... .......... .......... 14% 62.9M 1s
+  8000K .......... .......... .......... .......... .......... 15% 62.0M 1s
+  8050K .......... .......... .......... .......... .......... 15% 93.0M 1s
+  8100K .......... .......... .......... .......... .......... 15%  246M 1s
+  8150K .......... .......... .......... .......... .......... 15%  221M 1s
+  8200K .......... .......... .......... .......... .......... 15%  143M 1s
+  8250K .......... .......... .......... .......... .......... 15% 30.3M 1s
+  8300K .......... .......... .......... .......... .......... 15% 75.3M 1s
+  8350K .......... .......... .......... .......... .......... 15% 64.9M 1s
+  8400K .......... .......... .......... .......... .......... 15%  166M 1s
+  8450K .......... .......... .......... .......... .......... 15% 60.1M 1s
+  8500K .......... .......... .......... .......... .......... 16%  237M 1s
+  8550K .......... .......... .......... .......... .......... 16%  206M 1s
+  8600K .......... .......... .......... .......... .......... 16%  249M 1s
+  8650K .......... .......... .......... .......... .......... 16% 25.8M 1s
+  8700K .......... .......... .......... .......... .......... 16% 55.3M 1s
+  8750K .......... .......... .......... .......... .......... 16%  136M 1s
+  8800K .......... .......... .......... .......... .......... 16%  216M 1s
+  8850K .......... .......... .......... .......... .......... 16% 41.7M 1s
+  8900K .......... .......... .......... .......... .......... 16%  154M 1s
+  8950K .......... .......... .......... .......... .......... 16%  219M 1s
+  9000K .......... .......... .......... .......... .......... 16% 37.1M 1s
+  9050K .......... .......... .......... .......... .......... 17% 86.1M 1s
+  9100K .......... .......... .......... .......... .......... 17% 83.5M 1s
+  9150K .......... .......... .......... .......... .......... 17%  208M 1s
+  9200K .......... .......... .......... .......... .......... 17%  243M 1s
+  9250K .......... .......... .......... .......... .......... 17%  224M 1s
+  9300K .......... .......... .......... .......... .......... 17%  237M 1s
+  9350K .......... .......... .......... .......... .......... 17%  219M 1s
+  9400K .......... .......... .......... .......... .......... 17%  251M 1s
+  9450K .......... .......... .......... .......... .......... 17%  244M 1s
+  9500K .......... .......... .......... .......... .......... 17% 22.0M 1s
+  9550K .......... .......... .......... .......... .......... 17%  187M 1s
+  9600K .......... .......... .......... .......... .......... 18% 41.4M 1s
+  9650K .......... .......... .......... .......... .......... 18% 62.9M 1s
+  9700K .......... .......... .......... .......... .......... 18% 76.9M 1s
+  9750K .......... .......... .......... .......... .......... 18% 65.3M 1s
+  9800K .......... .......... .......... .......... .......... 18% 75.3M 1s
+  9850K .......... .......... .......... .......... .......... 18% 57.0M 1s
+  9900K .......... .......... .......... .......... .......... 18% 87.5M 1s
+  9950K .......... .......... .......... .......... .......... 18%  132M 1s
+ 10000K .......... .......... .......... .......... .......... 18%  138M 1s
+ 10050K .......... .......... .......... .......... .......... 18%  217M 1s
+ 10100K .......... .......... .......... .......... .......... 19%  238M 1s
+ 10150K .......... .......... .......... .......... .......... 19% 29.7M 1s
+ 10200K .......... .......... .......... .......... .......... 19%  200M 1s
+ 10250K .......... .......... .......... .......... .......... 19% 94.3M 1s
+ 10300K .......... .......... .......... .......... .......... 19% 50.9M 1s
+ 10350K .......... .......... .......... .......... .......... 19% 44.0M 1s
+ 10400K .......... .......... .......... .......... .......... 19% 87.4M 1s
+ 10450K .......... .......... .......... .......... .......... 19%  143M 1s
+ 10500K .......... .......... .......... .......... .......... 19% 88.7M 1s
+ 10550K .......... .......... .......... .......... .......... 19%  203M 1s
+ 10600K .......... .......... .......... .......... .......... 19%  183M 1s
+ 10650K .......... .......... .......... .......... .......... 20%  239M 1s
+ 10700K .......... .......... .......... .......... .......... 20%  254M 1s
+ 10750K .......... .......... .......... .......... .......... 20%  183M 1s
+ 10800K .......... .......... .......... .......... .......... 20% 71.7M 1s
+ 10850K .......... .......... .......... .......... .......... 20% 72.5M 1s
+ 10900K .......... .......... .......... .......... .......... 20% 74.7M 1s
+ 10950K .......... .......... .......... .......... .......... 20% 87.4M 1s
+ 11000K .......... .......... .......... .......... .......... 20%  253M 1s
+ 11050K .......... .......... .......... .......... .......... 20%  256M 1s
+ 11100K .......... .......... .......... .......... .......... 20% 32.7M 1s
+ 11150K .......... .......... .......... .......... .......... 20% 62.4M 1s
+ 11200K .......... .......... .......... .......... .......... 21%  145M 1s
+ 11250K .......... .......... .......... .......... .......... 21%  251M 1s
+ 11300K .......... .......... .......... .......... .......... 21%  256M 1s
+ 11350K .......... .......... .......... .......... .......... 21%  193M 1s
+ 11400K .......... .......... .......... .......... .......... 21%  256M 1s
+ 11450K .......... .......... .......... .......... .......... 21%  259M 1s
+ 11500K .......... .......... .......... .......... .......... 21%  215M 1s
+ 11550K .......... .......... .......... .......... .......... 21% 16.7M 1s
+ 11600K .......... .......... .......... .......... .......... 21% 63.4M 1s
+ 11650K .......... .......... .......... .......... .......... 21%  140M 1s
+ 11700K .......... .......... .......... .......... .......... 22%  232M 1s
+ 11750K .......... .......... .......... .......... .......... 22%  124M 1s
+ 11800K .......... .......... .......... .......... .......... 22% 72.4M 1s
+ 11850K .......... .......... .......... .......... .......... 22% 77.9M 1s
+ 11900K .......... .......... .......... .......... .......... 22% 66.0M 1s
+ 11950K .......... .......... .......... .......... .......... 22% 58.9M 1s
+ 12000K .......... .......... .......... .......... .......... 22%  195M 1s
+ 12050K .......... .......... .......... .......... .......... 22%  257M 1s
+ 12100K .......... .......... .......... .......... .......... 22%  211M 1s
+ 12150K .......... .......... .......... .......... .......... 22%  214M 1s
+ 12200K .......... .......... .......... .......... .......... 22%  255M 1s
+ 12250K .......... .......... .......... .......... .......... 23%  249M 1s
+ 12300K .......... .......... .......... .......... .......... 23%  254M 1s
+ 12350K .......... .......... .......... .......... .......... 23% 19.4M 1s
+ 12400K .......... .......... .......... .......... .......... 23% 78.8M 1s
+ 12450K .......... .......... .......... .......... .......... 23%  222M 1s
+ 12500K .......... .......... .......... .......... .......... 23% 65.2M 1s
+ 12550K .......... .......... .......... .......... .......... 23% 64.4M 1s
+ 12600K .......... .......... .......... .......... .......... 23% 48.2M 1s
+ 12650K .......... .......... .......... .......... .......... 23% 84.0M 1s
+ 12700K .......... .......... .......... .......... .......... 23% 88.3M 1s
+ 12750K .......... .......... .......... .......... .......... 23% 54.2M 1s
+ 12800K .......... .......... .......... .......... .......... 24% 79.2M 1s
+ 12850K .......... .......... .......... .......... .......... 24% 67.7M 1s
+ 12900K .......... .......... .......... .......... .......... 24% 87.1M 1s
+ 12950K .......... .......... .......... .......... .......... 24%  160M 1s
+ 13000K .......... .......... .......... .......... .......... 24% 49.7M 1s
+ 13050K .......... .......... .......... .......... .......... 24%  132M 1s
+ 13100K .......... .......... .......... .......... .......... 24%  200M 1s
+ 13150K .......... .......... .......... .......... .......... 24%  214M 1s
+ 13200K .......... .......... .......... .......... .......... 24%  247M 1s
+ 13250K .......... .......... .......... .......... .......... 24% 81.6M 1s
+ 13300K .......... .......... .......... .......... .......... 24% 47.9M 1s
+ 13350K .......... .......... .......... .......... .......... 25% 55.5M 1s
+ 13400K .......... .......... .......... .......... .......... 25%  152M 1s
+ 13450K .......... .......... .......... .......... .......... 25% 52.4M 1s
+ 13500K .......... .......... .......... .......... .......... 25% 85.6M 1s
+ 13550K .......... .......... .......... .......... .......... 25%  210M 1s
+ 13600K .......... .......... .......... .......... .......... 25%  244M 1s
+ 13650K .......... .......... .......... .......... .......... 25%  234M 1s
+ 13700K .......... .......... .......... .......... .......... 25% 30.4M 1s
+ 13750K .......... .......... .......... .......... .......... 25% 62.5M 1s
+ 13800K .......... .......... .......... .......... .......... 25% 85.7M 1s
+ 13850K .......... .......... .......... .......... .......... 26%  234M 1s
+ 13900K .......... .......... .......... .......... .......... 26%  204M 1s
+ 13950K .......... .......... .......... .......... .......... 26% 39.1M 1s
+ 14000K .......... .......... .......... .......... .......... 26%  204M 1s
+ 14050K .......... .......... .......... .......... .......... 26%  232M 1s
+ 14100K .......... .......... .......... .......... .......... 26%  247M 1s
+ 14150K .......... .......... .......... .......... .......... 26%  220M 1s
+ 14200K .......... .......... .......... .......... .......... 26%  246M 1s
+ 14250K .......... .......... .......... .......... .......... 26%  221M 1s
+ 14300K .......... .......... .......... .......... .......... 26%  121M 1s
+ 14350K .......... .......... .......... .......... .......... 26% 64.2M 1s
+ 14400K .......... .......... .......... .......... .......... 27% 61.7M 1s
+ 14450K .......... .......... .......... .......... .......... 27% 75.2M 1s
+ 14500K .......... .......... .......... .......... .......... 27% 72.0M 1s
+ 14550K .......... .......... .......... .......... .......... 27% 62.6M 1s
+ 14600K .......... .......... .......... .......... .......... 27% 74.8M 1s
+ 14650K .......... .......... .......... .......... .......... 27%  188M 1s
+ 14700K .......... .......... .......... .......... .......... 27%  227M 1s
+ 14750K .......... .......... .......... .......... .......... 27% 36.2M 1s
+ 14800K .......... .......... .......... .......... .......... 27% 72.8M 1s
+ 14850K .......... .......... .......... .......... .......... 27% 78.5M 1s
+ 14900K .......... .......... .......... .......... .......... 27%  142M 1s
+ 14950K .......... .......... .......... .......... .......... 28%  219M 1s
+ 15000K .......... .......... .......... .......... .......... 28%  165M 1s
+ 15050K .......... .......... .......... .......... .......... 28%  197M 1s
+ 15100K .......... .......... .......... .......... .......... 28% 54.8M 1s
+ 15150K .......... .......... .......... .......... .......... 28% 25.3M 1s
+ 15200K .......... .......... .......... .......... .......... 28% 73.5M 1s
+ 15250K .......... .......... .......... .......... .......... 28% 65.5M 1s
+ 15300K .......... .......... .......... .......... .......... 28%  243M 1s
+ 15350K .......... .......... .......... .......... .......... 28% 35.2M 1s
+ 15400K .......... .......... .......... .......... .......... 28% 70.3M 1s
+ 15450K .......... .......... .......... .......... .......... 29%  200M 1s
+ 15500K .......... .......... .......... .......... .......... 29%  231M 1s
+ 15550K .......... .......... .......... .......... .......... 29%  145M 1s
+ 15600K .......... .......... .......... .......... .......... 29%  143M 1s
+ 15650K .......... .......... .......... .......... .......... 29% 74.6M 1s
+ 15700K .......... .......... .......... .......... .......... 29% 82.7M 1s
+ 15750K .......... .......... .......... .......... .......... 29% 61.4M 1s
+ 15800K .......... .......... .......... .......... .......... 29%  193M 1s
+ 15850K .......... .......... .......... .......... .......... 29%  257M 1s
+ 15900K .......... .......... .......... .......... .......... 29%  240M 1s
+ 15950K .......... .......... .......... .......... .......... 29%  210M 1s
+ 16000K .......... .......... .......... .......... .......... 30%  239M 1s
+ 16050K .......... .......... .......... .......... .......... 30%  149M 1s
+ 16100K .......... .......... .......... .......... .......... 30% 59.2M 1s
+ 16150K .......... .......... .......... .......... .......... 30%  226M 1s
+ 16200K .......... .......... .......... .......... .......... 30% 33.0M 1s
+ 16250K .......... .......... .......... .......... .......... 30% 39.3M 1s
+ 16300K .......... .......... .......... .......... .......... 30% 86.9M 1s
+ 16350K .......... .......... .......... .......... .......... 30%  113M 1s
+ 16400K .......... .......... .......... .......... .......... 30% 61.1M 1s
+ 16450K .......... .......... .......... .......... .......... 30% 80.9M 1s
+ 16500K .......... .......... .......... .......... .......... 30% 73.8M 1s
+ 16550K .......... .......... .......... .......... .......... 31% 58.4M 1s
+ 16600K .......... .......... .......... .......... .......... 31% 79.5M 1s
+ 16650K .......... .......... .......... .......... .......... 31%  245M 1s
+ 16700K .......... .......... .......... .......... .......... 31%  255M 1s
+ 16750K .......... .......... .......... .......... .......... 31%  206M 1s
+ 16800K .......... .......... .......... .......... .......... 31%  177M 1s
+ 16850K .......... .......... .......... .......... .......... 31%  246M 1s
+ 16900K .......... .......... .......... .......... .......... 31%  252M 1s
+ 16950K .......... .......... .......... .......... .......... 31% 19.9M 1s
+ 17000K .......... .......... .......... .......... .......... 31% 85.7M 1s
+ 17050K .......... .......... .......... .......... .......... 32% 77.6M 1s
+ 17100K .......... .......... .......... .......... .......... 32%  240M 1s
+ 17150K .......... .......... .......... .......... .......... 32%  206M 1s
+ 17200K .......... .......... .......... .......... .......... 32%  255M 1s
+ 17250K .......... .......... .......... .......... .......... 32% 51.8M 1s
+ 17300K .......... .......... .......... .......... .......... 32% 33.2M 1s
+ 17350K .......... .......... .......... .......... .......... 32% 63.1M 1s
+ 17400K .......... .......... .......... .......... .......... 32%  112M 1s
+ 17450K .......... .......... .......... .......... .......... 32%  257M 1s
+ 17500K .......... .......... .......... .......... .......... 32%  143M 1s
+ 17550K .......... .......... .......... .......... .......... 32% 61.4M 1s
+ 17600K .......... .......... .......... .......... .......... 33%  118M 1s
+ 17650K .......... .......... .......... .......... .......... 33%  239M 1s
+ 17700K .......... .......... .......... .......... .......... 33%  258M 1s
+ 17750K .......... .......... .......... .......... .......... 33%  230M 1s
+ 17800K .......... .......... .......... .......... .......... 33%  229M 1s
+ 17850K .......... .......... .......... .......... .......... 33%  234M 0s
+ 17900K .......... .......... .......... .......... .......... 33%  222M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  215M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  258M 0s
+ 18050K .......... .......... .......... .......... .......... 33% 40.6M 0s
+ 18100K .......... .......... .......... .......... .......... 33% 17.6M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  142M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  220M 0s
+ 18250K .......... .......... .......... .......... .......... 34% 51.0M 0s
+ 18300K .......... .......... .......... .......... .......... 34% 68.0M 0s
+ 18350K .......... .......... .......... .......... .......... 34% 60.2M 0s
+ 18400K .......... .......... .......... .......... .......... 34%  120M 0s
+ 18450K .......... .......... .......... .......... .......... 34% 92.5M 0s
+ 18500K .......... .......... .......... .......... .......... 34% 78.1M 0s
+ 18550K .......... .......... .......... .......... .......... 34% 55.2M 0s
+ 18600K .......... .......... .......... .......... .......... 34% 94.1M 0s
+ 18650K .......... .......... .......... .......... .......... 35% 89.8M 0s
+ 18700K .......... .......... .......... .......... .......... 35% 63.1M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  105M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  236M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  243M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  242M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  218M 0s
+ 19000K .......... .......... .......... .......... .......... 35%  253M 0s
+ 19050K .......... .......... .......... .......... .......... 35%  137M 0s
+ 19100K .......... .......... .......... .......... .......... 35% 21.3M 0s
+ 19150K .......... .......... .......... .......... .......... 35% 38.9M 0s
+ 19200K .......... .......... .......... .......... .......... 36% 51.6M 0s
+ 19250K .......... .......... .......... .......... .......... 36% 63.5M 0s
+ 19300K .......... .......... .......... .......... .......... 36% 73.2M 0s
+ 19350K .......... .......... .......... .......... .......... 36% 74.1M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  248M 0s
+ 19450K .......... .......... .......... .......... .......... 36%  255M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  105M 0s
+ 19550K .......... .......... .......... .......... .......... 36%  192M 0s
+ 19600K .......... .......... .......... .......... .......... 36% 43.8M 0s
+ 19650K .......... .......... .......... .......... .......... 36% 78.7M 0s
+ 19700K .......... .......... .......... .......... .......... 36%  129M 0s
+ 19750K .......... .......... .......... .......... .......... 37%  215M 0s
+ 19800K .......... .......... .......... .......... .......... 37%  223M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  262M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  259M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  216M 0s
+ 20000K .......... .......... .......... .......... .......... 37% 29.0M 0s
+ 20050K .......... .......... .......... .......... .......... 37% 30.1M 0s
+ 20100K .......... .......... .......... .......... .......... 37% 82.5M 0s
+ 20150K .......... .......... .......... .......... .......... 37% 69.2M 0s
+ 20200K .......... .......... .......... .......... .......... 37%  250M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  109M 0s
+ 20300K .......... .......... .......... .......... .......... 38% 72.3M 0s
+ 20350K .......... .......... .......... .......... .......... 38%  144M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  237M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  243M 0s
+ 20500K .......... .......... .......... .......... .......... 38%  244M 0s
+ 20550K .......... .......... .......... .......... .......... 38%  224M 0s
+ 20600K .......... .......... .......... .......... .......... 38%  140M 0s
+ 20650K .......... .......... .......... .......... .......... 38% 97.7M 0s
+ 20700K .......... .......... .......... .......... .......... 38% 58.3M 0s
+ 20750K .......... .......... .......... .......... .......... 38% 71.6M 0s
+ 20800K .......... .......... .......... .......... .......... 39% 68.9M 0s
+ 20850K .......... .......... .......... .......... .......... 39% 74.8M 0s
+ 20900K .......... .......... .......... .......... .......... 39% 66.4M 0s
+ 20950K .......... .......... .......... .......... .......... 39% 53.9M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  210M 0s
+ 21050K .......... .......... .......... .......... .......... 39%  205M 0s
+ 21100K .......... .......... .......... .......... .......... 39%  253M 0s
+ 21150K .......... .......... .......... .......... .......... 39%  232M 0s
+ 21200K .......... .......... .......... .......... .......... 39%  170M 0s
+ 21250K .......... .......... .......... .......... .......... 39%  250M 0s
+ 21300K .......... .......... .......... .......... .......... 39%  250M 0s
+ 21350K .......... .......... .......... .......... .......... 40%  181M 0s
  21400K .......... .......... .......... .......... .......... 40%  137M 0s
- 21450K .......... .......... .......... .......... .......... 40% 57.7M 0s
- 21500K .......... .......... .......... .......... .......... 40%  242M 0s
- 21550K .......... .......... .......... .......... .......... 40% 77.6M 0s
- 21600K .......... .......... .......... .......... .......... 40%  215M 0s
- 21650K .......... .......... .......... .......... .......... 40%  257M 0s
- 21700K .......... .......... .......... .......... .......... 40%  244M 0s
- 21750K .......... .......... .......... .......... .......... 40%  233M 0s
- 21800K .......... .......... .......... .......... .......... 40%  245M 0s
- 21850K .......... .......... .......... .......... .......... 41% 81.0M 0s
- 21900K .......... .......... .......... .......... .......... 41% 67.9M 0s
- 21950K .......... .......... .......... .......... .......... 41%  132M 0s
- 22000K .......... .......... .......... .......... .......... 41% 72.9M 0s
- 22050K .......... .......... .......... .......... .......... 41%  231M 0s
- 22100K .......... .......... .......... .......... .......... 41%  262M 0s
- 22150K .......... .......... .......... .......... .......... 41%  218M 0s
- 22200K .......... .......... .......... .......... .......... 41%  120M 0s
- 22250K .......... .......... .......... .......... .......... 41% 66.1M 0s
- 22300K .......... .......... .......... .......... .......... 41%  136M 0s
- 22350K .......... .......... .......... .......... .......... 41%  212M 0s
- 22400K .......... .......... .......... .......... .......... 42%  261M 0s
- 22450K .......... .......... .......... .......... .......... 42%  256M 0s
- 22500K .......... .......... .......... .......... .......... 42%  216M 0s
- 22550K .......... .......... .......... .......... .......... 42%  217M 0s
- 22600K .......... .......... .......... .......... .......... 42%  262M 0s
- 22650K .......... .......... .......... .......... .......... 42%  254M 0s
- 22700K .......... .......... .......... .......... .......... 42%  159M 0s
- 22750K .......... .......... .......... .......... .......... 42% 71.2M 0s
- 22800K .......... .......... .......... .......... .......... 42% 81.7M 0s
- 22850K .......... .......... .......... .......... .......... 42% 45.0M 0s
- 22900K .......... .......... .......... .......... .......... 42%  219M 0s
- 22950K .......... .......... .......... .......... .......... 43%  225M 0s
- 23000K .......... .......... .......... .......... .......... 43%  220M 0s
- 23050K .......... .......... .......... .......... .......... 43%  256M 0s
- 23100K .......... .......... .......... .......... .......... 43%  235M 0s
- 23150K .......... .......... .......... .......... .......... 43%  230M 0s
- 23200K .......... .......... .......... .......... .......... 43%  261M 0s
- 23250K .......... .......... .......... .......... .......... 43%  181M 0s
- 23300K .......... .......... .......... .......... .......... 43% 41.2M 0s
- 23350K .......... .......... .......... .......... .......... 43% 59.5M 0s
- 23400K .......... .......... .......... .......... .......... 43%  242M 0s
- 23450K .......... .......... .......... .......... .......... 44%  258M 0s
- 23500K .......... .......... .......... .......... .......... 44%  264M 0s
- 23550K .......... .......... .......... .......... .......... 44% 72.6M 0s
- 23600K .......... .......... .......... .......... .......... 44% 73.5M 0s
- 23650K .......... .......... .......... .......... .......... 44%  226M 0s
- 23700K .......... .......... .......... .......... .......... 44%  220M 0s
- 23750K .......... .......... .......... .......... .......... 44%  203M 0s
- 23800K .......... .......... .......... .......... .......... 44%  234M 0s
- 23850K .......... .......... .......... .......... .......... 44%  222M 0s
- 23900K .......... .......... .......... .......... .......... 44%  233M 0s
- 23950K .......... .......... .......... .......... .......... 44%  220M 0s
- 24000K .......... .......... .......... .......... .......... 45%  259M 0s
- 24050K .......... .......... .......... .......... .......... 45% 87.2M 0s
- 24100K .......... .......... .......... .......... .......... 45% 75.4M 0s
- 24150K .......... .......... .......... .......... .......... 45%  189M 0s
- 24200K .......... .......... .......... .......... .......... 45%  244M 0s
- 24250K .......... .......... .......... .......... .......... 45%  252M 0s
- 24300K .......... .......... .......... .......... .......... 45%  254M 0s
- 24350K .......... .......... .......... .......... .......... 45%  199M 0s
- 24400K .......... .......... .......... .......... .......... 45%  251M 0s
- 24450K .......... .......... .......... .......... .......... 45%  210M 0s
- 24500K .......... .......... .......... .......... .......... 45%  264M 0s
- 24550K .......... .......... .......... .......... .......... 46%  218M 0s
- 24600K .......... .......... .......... .......... .......... 46% 54.8M 0s
- 24650K .......... .......... .......... .......... .......... 46% 89.1M 0s
- 24700K .......... .......... .......... .......... .......... 46% 86.6M 0s
- 24750K .......... .......... .......... .......... .......... 46%  206M 0s
- 24800K .......... .......... .......... .......... .......... 46%  245M 0s
- 24850K .......... .......... .......... .......... .......... 46%  262M 0s
- 24900K .......... .......... .......... .......... .......... 46%  263M 0s
- 24950K .......... .......... .......... .......... .......... 46%  135M 0s
- 25000K .......... .......... .......... .......... .......... 46% 79.5M 0s
- 25050K .......... .......... .......... .......... .......... 47% 79.1M 0s
- 25100K .......... .......... .......... .......... .......... 47%  109M 0s
- 25150K .......... .......... .......... .......... .......... 47%  204M 0s
- 25200K .......... .......... .......... .......... .......... 47%  259M 0s
- 25250K .......... .......... .......... .......... .......... 47%  253M 0s
- 25300K .......... .......... .......... .......... .......... 47%  245M 0s
- 25350K .......... .......... .......... .......... .......... 47%  234M 0s
- 25400K .......... .......... .......... .......... .......... 47% 85.7M 0s
- 25450K .......... .......... .......... .......... .......... 47% 46.0M 0s
- 25500K .......... .......... .......... .......... .......... 47%  126M 0s
- 25550K .......... .......... .......... .......... .......... 47%  202M 0s
- 25600K .......... .......... .......... .......... .......... 48%  240M 0s
- 25650K .......... .......... .......... .......... .......... 48%  260M 0s
- 25700K .......... .......... .......... .......... .......... 48%  267M 0s
- 25750K .......... .......... .......... .......... .......... 48%  237M 0s
- 25800K .......... .......... .......... .......... .......... 48%  169M 0s
- 25850K .......... .......... .......... .......... .......... 48%  208M 0s
- 25900K .......... .......... .......... .......... .......... 48%  240M 0s
- 25950K .......... .......... .......... .......... .......... 48%  104M 0s
- 26000K .......... .......... .......... .......... .......... 48% 78.7M 0s
- 26050K .......... .......... .......... .......... .......... 48% 76.7M 0s
- 26100K .......... .......... .......... .......... .......... 48% 90.6M 0s
- 26150K .......... .......... .......... .......... .......... 49%  193M 0s
- 26200K .......... .......... .......... .......... .......... 49%  250M 0s
- 26250K .......... .......... .......... .......... .......... 49%  259M 0s
- 26300K .......... .......... .......... .......... .......... 49%  243M 0s
- 26350K .......... .......... .......... .......... .......... 49%  220M 0s
- 26400K .......... .......... .......... .......... .......... 49%  239M 0s
- 26450K .......... .......... .......... .......... .......... 49%  256M 0s
- 26500K .......... .......... .......... .......... .......... 49%  259M 0s
- 26550K .......... .......... .......... .......... .......... 49%  222M 0s
- 26600K .......... .......... .......... .......... .......... 49%  260M 0s
- 26650K .......... .......... .......... .......... .......... 49%  137M 0s
- 26700K .......... .......... .......... .......... .......... 50% 78.0M 0s
- 26750K .......... .......... .......... .......... .......... 50% 55.7M 0s
- 26800K .......... .......... .......... .......... .......... 50% 64.4M 0s
- 26850K .......... .......... .......... .......... .......... 50% 70.6M 0s
- 26900K .......... .......... .......... .......... .......... 50%  125M 0s
- 26950K .......... .......... .......... .......... .......... 50%  223M 0s
- 27000K .......... .......... .......... .......... .......... 50% 87.0M 0s
- 27050K .......... .......... .......... .......... .......... 50%  138M 0s
- 27100K .......... .......... .......... .......... .......... 50%  240M 0s
- 27150K .......... .......... .......... .......... .......... 50%  211M 0s
- 27200K .......... .......... .......... .......... .......... 51%  249M 0s
- 27250K .......... .......... .......... .......... .......... 51%  263M 0s
- 27300K .......... .......... .......... .......... .......... 51%  245M 0s
- 27350K .......... .......... .......... .......... .......... 51%  122M 0s
- 27400K .......... .......... .......... .......... .......... 51% 56.1M 0s
- 27450K .......... .......... .......... .......... .......... 51%  109M 0s
- 27500K .......... .......... .......... .......... .......... 51%  248M 0s
- 27550K .......... .......... .......... .......... .......... 51%  217M 0s
- 27600K .......... .......... .......... .......... .......... 51% 79.4M 0s
- 27650K .......... .......... .......... .......... .......... 51%  162M 0s
- 27700K .......... .......... .......... .......... .......... 51%  129M 0s
- 27750K .......... .......... .......... .......... .......... 52%  137M 0s
- 27800K .......... .......... .......... .......... .......... 52%  254M 0s
- 27850K .......... .......... .......... .......... .......... 52%  244M 0s
- 27900K .......... .......... .......... .......... .......... 52%  245M 0s
- 27950K .......... .......... .......... .......... .......... 52%  200M 0s
- 28000K .......... .......... .......... .......... .......... 52%  233M 0s
- 28050K .......... .......... .......... .......... .......... 52%  261M 0s
- 28100K .......... .......... .......... .......... .......... 52%  110M 0s
- 28150K .......... .......... .......... .......... .......... 52% 60.5M 0s
- 28200K .......... .......... .......... .......... .......... 52%  101M 0s
- 28250K .......... .......... .......... .......... .......... 52% 79.4M 0s
- 28300K .......... .......... .......... .......... .......... 53%  106M 0s
- 28350K .......... .......... .......... .......... .......... 53%  194M 0s
- 28400K .......... .......... .......... .......... .......... 53%  206M 0s
- 28450K .......... .......... .......... .......... .......... 53%  224M 0s
- 28500K .......... .......... .......... .......... .......... 53%  269M 0s
- 28550K .......... .......... .......... .......... .......... 53%  231M 0s
- 28600K .......... .......... .......... .......... .......... 53%  264M 0s
- 28650K .......... .......... .......... .......... .......... 53%  127M 0s
- 28700K .......... .......... .......... .......... .......... 53%  242M 0s
- 28750K .......... .......... .......... .......... .......... 53%  218M 0s
- 28800K .......... .......... .......... .......... .......... 54%  255M 0s
- 28850K .......... .......... .......... .......... .......... 54%  132M 0s
- 28900K .......... .......... .......... .......... .......... 54% 45.1M 0s
- 28950K .......... .......... .......... .......... .......... 54% 68.0M 0s
- 29000K .......... .......... .......... .......... .......... 54%  239M 0s
- 29050K .......... .......... .......... .......... .......... 54%  245M 0s
- 29100K .......... .......... .......... .......... .......... 54%  257M 0s
- 29150K .......... .......... .......... .......... .......... 54%  221M 0s
- 29200K .......... .......... .......... .......... .......... 54%  240M 0s
- 29250K .......... .......... .......... .......... .......... 54%  254M 0s
- 29300K .......... .......... .......... .......... .......... 54%  242M 0s
- 29350K .......... .......... .......... .......... .......... 55%  234M 0s
- 29400K .......... .......... .......... .......... .......... 55%  259M 0s
- 29450K .......... .......... .......... .......... .......... 55% 83.6M 0s
- 29500K .......... .......... .......... .......... .......... 55% 48.6M 0s
- 29550K .......... .......... .......... .......... .......... 55% 74.0M 0s
- 29600K .......... .......... .......... .......... .......... 55% 84.5M 0s
- 29650K .......... .......... .......... .......... .......... 55% 86.2M 0s
- 29700K .......... .......... .......... .......... .......... 55%  230M 0s
- 29750K .......... .......... .......... .......... .......... 55%  222M 0s
- 29800K .......... .......... .......... .......... .......... 55%  221M 0s
- 29850K .......... .......... .......... .......... .......... 55%  162M 0s
- 29900K .......... .......... .......... .......... .......... 56%  234M 0s
- 29950K .......... .......... .......... .......... .......... 56%  209M 0s
- 30000K .......... .......... .......... .......... .......... 56%  252M 0s
- 30050K .......... .......... .......... .......... .......... 56% 83.7M 0s
- 30100K .......... .......... .......... .......... .......... 56% 93.7M 0s
- 30150K .......... .......... .......... .......... .......... 56%  216M 0s
- 30200K .......... .......... .......... .......... .......... 56%  169M 0s
- 30250K .......... .......... .......... .......... .......... 56%  250M 0s
- 30300K .......... .......... .......... .......... .......... 56%  257M 0s
- 30350K .......... .......... .......... .......... .......... 56% 56.9M 0s
- 30400K .......... .......... .......... .......... .......... 57% 60.5M 0s
- 30450K .......... .......... .......... .......... .......... 57%  160M 0s
- 30500K .......... .......... .......... .......... .......... 57%  235M 0s
- 30550K .......... .......... .......... .......... .......... 57%  216M 0s
- 30600K .......... .......... .......... .......... .......... 57%  224M 0s
- 30650K .......... .......... .......... .......... .......... 57%  208M 0s
- 30700K .......... .......... .......... .......... .......... 57%  244M 0s
- 30750K .......... .......... .......... .......... .......... 57% 57.9M 0s
- 30800K .......... .......... .......... .......... .......... 57%  123M 0s
- 30850K .......... .......... .......... .......... .......... 57%  247M 0s
- 30900K .......... .......... .......... .......... .......... 57%  247M 0s
- 30950K .......... .......... .......... .......... .......... 58% 53.9M 0s
- 31000K .......... .......... .......... .......... .......... 58%  249M 0s
- 31050K .......... .......... .......... .......... .......... 58%  256M 0s
- 31100K .......... .......... .......... .......... .......... 58% 70.5M 0s
- 31150K .......... .......... .......... .......... .......... 58%  151M 0s
- 31200K .......... .......... .......... .......... .......... 58%  223M 0s
- 31250K .......... .......... .......... .......... .......... 58%  250M 0s
- 31300K .......... .......... .......... .......... .......... 58%  258M 0s
- 31350K .......... .......... .......... .......... .......... 58%  231M 0s
- 31400K .......... .......... .......... .......... .......... 58%  253M 0s
- 31450K .......... .......... .......... .......... .......... 58%  229M 0s
- 31500K .......... .......... .......... .......... .......... 59%  246M 0s
- 31550K .......... .......... .......... .......... .......... 59%  194M 0s
- 31600K .......... .......... .......... .......... .......... 59%  208M 0s
- 31650K .......... .......... .......... .......... .......... 59%  106M 0s
- 31700K .......... .......... .......... .......... .......... 59% 65.8M 0s
- 31750K .......... .......... .......... .......... .......... 59% 65.7M 0s
- 31800K .......... .......... .......... .......... .......... 59% 60.5M 0s
- 31850K .......... .......... .......... .......... .......... 59% 54.1M 0s
- 31900K .......... .......... .......... .......... .......... 59%  242M 0s
- 31950K .......... .......... .......... .......... .......... 59%  217M 0s
- 32000K .......... .......... .......... .......... .......... 60%  109M 0s
- 32050K .......... .......... .......... .......... .......... 60%  132M 0s
- 32100K .......... .......... .......... .......... .......... 60%  111M 0s
- 32150K .......... .......... .......... .......... .......... 60%  218M 0s
- 32200K .......... .......... .......... .......... .......... 60%  238M 0s
- 32250K .......... .......... .......... .......... .......... 60%  253M 0s
- 32300K .......... .......... .......... .......... .......... 60%  262M 0s
- 32350K .......... .......... .......... .......... .......... 60%  196M 0s
- 32400K .......... .......... .......... .......... .......... 60%  254M 0s
- 32450K .......... .......... .......... .......... .......... 60%  244M 0s
- 32500K .......... .......... .......... .......... .......... 60%  228M 0s
- 32550K .......... .......... .......... .......... .......... 61% 91.5M 0s
- 32600K .......... .......... .......... .......... .......... 61% 59.4M 0s
- 32650K .......... .......... .......... .......... .......... 61% 44.6M 0s
- 32700K .......... .......... .......... .......... .......... 61% 82.5M 0s
- 32750K .......... .......... .......... .......... .......... 61%  195M 0s
- 32800K .......... .......... .......... .......... .......... 61%  251M 0s
- 32850K .......... .......... .......... .......... .......... 61%  230M 0s
- 32900K .......... .......... .......... .......... .......... 61%  257M 0s
- 32950K .......... .......... .......... .......... .......... 61%  261M 0s
- 33000K .......... .......... .......... .......... .......... 61% 79.9M 0s
- 33050K .......... .......... .......... .......... .......... 61% 51.2M 0s
- 33100K .......... .......... .......... .......... .......... 62%  171M 0s
- 33150K .......... .......... .......... .......... .......... 62%  232M 0s
- 33200K .......... .......... .......... .......... .......... 62%  206M 0s
- 33250K .......... .......... .......... .......... .......... 62%  195M 0s
- 33300K .......... .......... .......... .......... .......... 62%  253M 0s
- 33350K .......... .......... .......... .......... .......... 62%  259M 0s
- 33400K .......... .......... .......... .......... .......... 62%  130M 0s
- 33450K .......... .......... .......... .......... .......... 62% 60.5M 0s
- 33500K .......... .......... .......... .......... .......... 62% 53.7M 0s
- 33550K .......... .......... .......... .......... .......... 62%  220M 0s
- 33600K .......... .......... .......... .......... .......... 63%  258M 0s
- 33650K .......... .......... .......... .......... .......... 63%  233M 0s
- 33700K .......... .......... .......... .......... .......... 63%  257M 0s
- 33750K .......... .......... .......... .......... .......... 63%  231M 0s
- 33800K .......... .......... .......... .......... .......... 63% 78.5M 0s
- 33850K .......... .......... .......... .......... .......... 63%  111M 0s
- 33900K .......... .......... .......... .......... .......... 63% 70.2M 0s
- 33950K .......... .......... .......... .......... .......... 63%  212M 0s
- 34000K .......... .......... .......... .......... .......... 63%  181M 0s
- 34050K .......... .......... .......... .......... .......... 63%  157M 0s
- 34100K .......... .......... .......... .......... .......... 63%  257M 0s
- 34150K .......... .......... .......... .......... .......... 64%  230M 0s
- 34200K .......... .......... .......... .......... .......... 64%  112M 0s
- 34250K .......... .......... .......... .......... .......... 64%  214M 0s
- 34300K .......... .......... .......... .......... .......... 64% 68.0M 0s
- 34350K .......... .......... .......... .......... .......... 64%  206M 0s
- 34400K .......... .......... .......... .......... .......... 64%  253M 0s
- 34450K .......... .......... .......... .......... .......... 64%  255M 0s
- 34500K .......... .......... .......... .......... .......... 64%  228M 0s
- 34550K .......... .......... .......... .......... .......... 64%  222M 0s
- 34600K .......... .......... .......... .......... .......... 64%  254M 0s
- 34650K .......... .......... .......... .......... .......... 64%  256M 0s
- 34700K .......... .......... .......... .......... .......... 65%  248M 0s
- 34750K .......... .......... .......... .......... .......... 65%  112M 0s
- 34800K .......... .......... .......... .......... .......... 65% 46.6M 0s
- 34850K .......... .......... .......... .......... .......... 65% 56.2M 0s
- 34900K .......... .......... .......... .......... .......... 65%  133M 0s
- 34950K .......... .......... .......... .......... .......... 65%  211M 0s
- 35000K .......... .......... .......... .......... .......... 65%  201M 0s
- 35050K .......... .......... .......... .......... .......... 65%  228M 0s
- 35100K .......... .......... .......... .......... .......... 65%  216M 0s
- 35150K .......... .......... .......... .......... .......... 65%  194M 0s
- 35200K .......... .......... .......... .......... .......... 66%  131M 0s
- 35250K .......... .......... .......... .......... .......... 66% 69.4M 0s
- 35300K .......... .......... .......... .......... .......... 66% 77.4M 0s
- 35350K .......... .......... .......... .......... .......... 66% 59.0M 0s
- 35400K .......... .......... .......... .......... .......... 66%  242M 0s
- 35450K .......... .......... .......... .......... .......... 66%  251M 0s
- 35500K .......... .......... .......... .......... .......... 66%  260M 0s
- 35550K .......... .......... .......... .......... .......... 66%  193M 0s
- 35600K .......... .......... .......... .......... .......... 66%  256M 0s
- 35650K .......... .......... .......... .......... .......... 66%  264M 0s
- 35700K .......... .......... .......... .......... .......... 66%  241M 0s
- 35750K .......... .......... .......... .......... .......... 67%  150M 0s
- 35800K .......... .......... .......... .......... .......... 67% 51.3M 0s
- 35850K .......... .......... .......... .......... .......... 67% 58.2M 0s
- 35900K .......... .......... .......... .......... .......... 67% 72.2M 0s
- 35950K .......... .......... .......... .......... .......... 67%  179M 0s
- 36000K .......... .......... .......... .......... .......... 67%  206M 0s
- 36050K .......... .......... .......... .......... .......... 67%  243M 0s
- 36100K .......... .......... .......... .......... .......... 67%  248M 0s
- 36150K .......... .......... .......... .......... .......... 67%  229M 0s
- 36200K .......... .......... .......... .......... .......... 67%  256M 0s
- 36250K .......... .......... .......... .......... .......... 67% 99.0M 0s
- 36300K .......... .......... .......... .......... .......... 68%  209M 0s
- 36350K .......... .......... .......... .......... .......... 68% 48.9M 0s
- 36400K .......... .......... .......... .......... .......... 68% 66.9M 0s
- 36450K .......... .......... .......... .......... .......... 68%  213M 0s
- 36500K .......... .......... .......... .......... .......... 68%  258M 0s
- 36550K .......... .......... .......... .......... .......... 68%  230M 0s
- 36600K .......... .......... .......... .......... .......... 68% 53.5M 0s
- 36650K .......... .......... .......... .......... .......... 68%  224M 0s
- 36700K .......... .......... .......... .......... .......... 68%  223M 0s
- 36750K .......... .......... .......... .......... .......... 68%  182M 0s
- 36800K .......... .......... .......... .......... .......... 69%  206M 0s
- 36850K .......... .......... .......... .......... .......... 69%  219M 0s
- 36900K .......... .......... .......... .......... .......... 69%  219M 0s
- 36950K .......... .......... .......... .......... .......... 69%  229M 0s
- 37000K .......... .......... .......... .......... .......... 69%  254M 0s
- 37050K .......... .......... .......... .......... .......... 69%  255M 0s
- 37100K .......... .......... .......... .......... .......... 69%  129M 0s
- 37150K .......... .......... .......... .......... .......... 69%  105M 0s
- 37200K .......... .......... .......... .......... .......... 69%  240M 0s
- 37250K .......... .......... .......... .......... .......... 69%  227M 0s
- 37300K .......... .......... .......... .......... .......... 69%  265M 0s
- 37350K .......... .......... .......... .......... .......... 70%  225M 0s
- 37400K .......... .......... .......... .......... .......... 70%  247M 0s
- 37450K .......... .......... .......... .......... .......... 70%  251M 0s
- 37500K .......... .......... .......... .......... .......... 70% 91.7M 0s
- 37550K .......... .......... .......... .......... .......... 70% 58.5M 0s
- 37600K .......... .......... .......... .......... .......... 70%  133M 0s
- 37650K .......... .......... .......... .......... .......... 70% 75.9M 0s
- 37700K .......... .......... .......... .......... .......... 70% 67.7M 0s
- 37750K .......... .......... .......... .......... .......... 70%  208M 0s
- 37800K .......... .......... .......... .......... .......... 70%  255M 0s
- 37850K .......... .......... .......... .......... .......... 70%  254M 0s
- 37900K .......... .......... .......... .......... .......... 71%  258M 0s
- 37950K .......... .......... .......... .......... .......... 71%  115M 0s
- 38000K .......... .......... .......... .......... .......... 71%  129M 0s
- 38050K .......... .......... .......... .......... .......... 71% 53.3M 0s
- 38100K .......... .......... .......... .......... .......... 71%  141M 0s
- 38150K .......... .......... .......... .......... .......... 71%  195M 0s
- 38200K .......... .......... .......... .......... .......... 71%  255M 0s
- 38250K .......... .......... .......... .......... .......... 71%  255M 0s
- 38300K .......... .......... .......... .......... .......... 71%  259M 0s
- 38350K .......... .......... .......... .......... .......... 71%  211M 0s
- 38400K .......... .......... .......... .......... .......... 71% 85.9M 0s
- 38450K .......... .......... .......... .......... .......... 72% 43.9M 0s
- 38500K .......... .......... .......... .......... .......... 72%  151M 0s
- 38550K .......... .......... .......... .......... .......... 72%  204M 0s
- 38600K .......... .......... .......... .......... .......... 72%  243M 0s
- 38650K .......... .......... .......... .......... .......... 72%  262M 0s
- 38700K .......... .......... .......... .......... .......... 72%  226M 0s
+ 21450K .......... .......... .......... .......... .......... 40%  171M 0s
+ 21500K .......... .......... .......... .......... .......... 40%  135M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  120M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  159M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  174M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  189M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  188M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  155M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  165M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  180M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  182M 0s
+ 22000K .......... .......... .......... .......... .......... 41%  157M 0s
+ 22050K .......... .......... .......... .......... .......... 41%  182M 0s
+ 22100K .......... .......... .......... .......... .......... 41%  162M 0s
+ 22150K .......... .......... .......... .......... .......... 41%  166M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  123M 0s
+ 22250K .......... .......... .......... .......... .......... 41%  167M 0s
+ 22300K .......... .......... .......... .......... .......... 41%  165M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  155M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  157M 0s
+ 22450K .......... .......... .......... .......... .......... 42%  178M 0s
+ 22500K .......... .......... .......... .......... .......... 42%  166M 0s
+ 22550K .......... .......... .......... .......... .......... 42%  166M 0s
+ 22600K .......... .......... .......... .......... .......... 42%  134M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  168M 0s
+ 22700K .......... .......... .......... .......... .......... 42%  164M 0s
+ 22750K .......... .......... .......... .......... .......... 42% 61.8M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  133M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  144M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  153M 0s
+ 22950K .......... .......... .......... .......... .......... 43%  105M 0s
+ 23000K .......... .......... .......... .......... .......... 43%  145M 0s
+ 23050K .......... .......... .......... .......... .......... 43%  167M 0s
+ 23100K .......... .......... .......... .......... .......... 43%  178M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  259M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  113M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  131M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  135M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  140M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  180M 0s
+ 23450K .......... .......... .......... .......... .......... 44%  173M 0s
+ 23500K .......... .......... .......... .......... .......... 44%  159M 0s
+ 23550K .......... .......... .......... .......... .......... 44%  227M 0s
+ 23600K .......... .......... .......... .......... .......... 44%  246M 0s
+ 23650K .......... .......... .......... .......... .......... 44%  255M 0s
+ 23700K .......... .......... .......... .......... .......... 44%  216M 0s
+ 23750K .......... .......... .......... .......... .......... 44%  162M 0s
+ 23800K .......... .......... .......... .......... .......... 44%  208M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  170M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  137M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  163M 0s
+ 24000K .......... .......... .......... .......... .......... 45%  164M 0s
+ 24050K .......... .......... .......... .......... .......... 45%  169M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  136M 0s
+ 24150K .......... .......... .......... .......... .......... 45%  175M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  180M 0s
+ 24250K .......... .......... .......... .......... .......... 45%  155M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  159M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  170M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  170M 0s
+ 24450K .......... .......... .......... .......... .......... 45%  175M 0s
+ 24500K .......... .......... .......... .......... .......... 45%  133M 0s
+ 24550K .......... .......... .......... .......... .......... 46% 50.8M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  105M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  134M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  148M 0s
+ 24750K .......... .......... .......... .......... .......... 46%  161M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  248M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  198M 0s
+ 24900K .......... .......... .......... .......... .......... 46%  106M 0s
+ 24950K .......... .......... .......... .......... .......... 46%  142M 0s
+ 25000K .......... .......... .......... .......... .......... 46%  181M 0s
+ 25050K .......... .......... .......... .......... .......... 47%  177M 0s
+ 25100K .......... .......... .......... .......... .......... 47%  152M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  176M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  178M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  179M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  151M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  188M 0s
+ 25400K .......... .......... .......... .......... .......... 47%  248M 0s
+ 25450K .......... .......... .......... .......... .......... 47%  236M 0s
+ 25500K .......... .......... .......... .......... .......... 47%  217M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  254M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  238M 0s
+ 25650K .......... .......... .......... .......... .......... 48%  252M 0s
+ 25700K .......... .......... .......... .......... .......... 48%  181M 0s
+ 25750K .......... .......... .......... .......... .......... 48%  253M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  252M 0s
+ 25850K .......... .......... .......... .......... .......... 48%  259M 0s
+ 25900K .......... .......... .......... .......... .......... 48%  188M 0s
+ 25950K .......... .......... .......... .......... .......... 48%  163M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  167M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  164M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  142M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  172M 0s
+ 26200K .......... .......... .......... .......... .......... 49%  162M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  150M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  143M 0s
+ 26350K .......... .......... .......... .......... .......... 49%  155M 0s
+ 26400K .......... .......... .......... .......... .......... 49% 45.9M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  151M 0s
+ 26500K .......... .......... .......... .......... .......... 49%  118M 0s
+ 26550K .......... .......... .......... .......... .......... 49%  183M 0s
+ 26600K .......... .......... .......... .......... .......... 49%  168M 0s
+ 26650K .......... .......... .......... .......... .......... 49%  179M 0s
+ 26700K .......... .......... .......... .......... .......... 50% 88.2M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  223M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  221M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  162M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  127M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  144M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  168M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  166M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  151M 0s
+ 27150K .......... .......... .......... .......... .......... 50%  164M 0s
+ 27200K .......... .......... .......... .......... .......... 51%  152M 0s
+ 27250K .......... .......... .......... .......... .......... 51%  166M 0s
+ 27300K .......... .......... .......... .......... .......... 51%  145M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  178M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  159M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  160M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  163M 0s
+ 27550K .......... .......... .......... .......... .......... 51%  174M 0s
+ 27600K .......... .......... .......... .......... .......... 51%  195M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  208M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  141M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  175M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  181M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  182M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  147M 0s
+ 27950K .......... .......... .......... .......... .......... 52%  144M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  164M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  131M 0s
+ 28100K .......... .......... .......... .......... .......... 52% 35.6M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  162M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  153M 0s
+ 28250K .......... .......... .......... .......... .......... 52%  176M 0s
+ 28300K .......... .......... .......... .......... .......... 53% 90.5M 0s
+ 28350K .......... .......... .......... .......... .......... 53%  148M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  162M 0s
+ 28450K .......... .......... .......... .......... .......... 53%  154M 0s
+ 28500K .......... .......... .......... .......... .......... 53%  131M 0s
+ 28550K .......... .......... .......... .......... .......... 53%  250M 0s
+ 28600K .......... .......... .......... .......... .......... 53%  255M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  254M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  178M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  241M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  253M 0s
+ 28850K .......... .......... .......... .......... .......... 54%  256M 0s
+ 28900K .......... .......... .......... .......... .......... 54%  230M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  163M 0s
+ 29000K .......... .......... .......... .......... .......... 54%  157M 0s
+ 29050K .......... .......... .......... .......... .......... 54%  185M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  158M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  180M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  172M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  188M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  150M 0s
+ 29350K .......... .......... .......... .......... .......... 55%  190M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  182M 0s
+ 29450K .......... .......... .......... .......... .......... 55%  167M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  154M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  176M 0s
+ 29600K .......... .......... .......... .......... .......... 55%  218M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  159M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  144M 0s
+ 29750K .......... .......... .......... .......... .......... 55%  146M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  172M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  135M 0s
+ 29900K .......... .......... .......... .......... .......... 56% 51.0M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  120M 0s
+ 30000K .......... .......... .......... .......... .......... 56%  167M 0s
+ 30050K .......... .......... .......... .......... .......... 56% 95.3M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  163M 0s
+ 30150K .......... .......... .......... .......... .......... 56%  167M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  180M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  153M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  131M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  167M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  166M 0s
+ 30450K .......... .......... .......... .......... .......... 57%  168M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  162M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  253M 0s
+ 30600K .......... .......... .......... .......... .......... 57%  226M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  173M 0s
+ 30700K .......... .......... .......... .......... .......... 57%  137M 0s
+ 30750K .......... .......... .......... .......... .......... 57%  178M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  189M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  154M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  184M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  176M 0s
+ 31000K .......... .......... .......... .......... .......... 58%  173M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  168M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  182M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  143M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  156M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  159M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  157M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  145M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  175M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  177M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  162M 0s
+ 31550K .......... .......... .......... .......... .......... 59%  141M 0s
+ 31600K .......... .......... .......... .......... .......... 59% 60.3M 0s
+ 31650K .......... .......... .......... .......... .......... 59% 82.2M 0s
+ 31700K .......... .......... .......... .......... .......... 59% 97.3M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  146M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  167M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  153M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  156M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  139M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  159M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  182M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  180M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  159M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  176M 0s
+ 32250K .......... .......... .......... .......... .......... 60%  163M 0s
+ 32300K .......... .......... .......... .......... .......... 60%  183M 0s
+ 32350K .......... .......... .......... .......... .......... 60%  147M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  243M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  254M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  208M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  138M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  167M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  199M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  237M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  156M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  164M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  167M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  171M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  165M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  174M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  175M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  180M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  159M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  178M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  159M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  137M 0s
+ 33350K .......... .......... .......... .......... .......... 62% 45.3M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  171M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  163M 0s
+ 33500K .......... .......... .......... .......... .......... 62%  233M 0s
+ 33550K .......... .......... .......... .......... .......... 62%  214M 0s
+ 33600K .......... .......... .......... .......... .......... 63%  254M 0s
+ 33650K .......... .......... .......... .......... .......... 63%  169M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  170M 0s
+ 33750K .......... .......... .......... .......... .......... 63%  136M 0s
+ 33800K .......... .......... .......... .......... .......... 63%  155M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  161M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  165M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  137M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  154M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  167M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  168M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  147M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  175M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  161M 0s
+ 34300K .......... .......... .......... .......... .......... 64%  163M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  146M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  170M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  171M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  155M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  156M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  158M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  205M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  253M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  145M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  154M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  170M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  193M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  167M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  160M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  153M 0s
+ 35100K .......... .......... .......... .......... .......... 65% 74.6M 0s
+ 35150K .......... .......... .......... .......... .......... 65% 54.1M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  237M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  253M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  227M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  201M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  163M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  158M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  161M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  130M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  179M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  168M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  181M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  141M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  152M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  148M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  156M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  136M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  162M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  156M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  173M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  153M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  169M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  179M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  167M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  140M 0s
+ 36400K .......... .......... .......... .......... .......... 68%  167M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  187M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  157M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  137M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  253M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  255M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  189M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  150M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  110M 0s
+ 36850K .......... .......... .......... .......... .......... 69% 50.6M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  129M 0s
+ 36950K .......... .......... .......... .......... .......... 69%  218M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  234M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  219M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  194M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  142M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  175M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  170M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  153M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  158M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  185M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  161M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  171M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  153M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  144M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  155M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  171M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  142M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  164M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  179M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  198M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  137M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  165M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  151M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  150M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  127M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  153M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  170M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  164M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  143M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  175M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  194M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  101M 0s
+ 38550K .......... .......... .......... .......... .......... 72% 39.1M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  165M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  178M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  171M 0s
  38750K .......... .......... .......... .......... .......... 72%  133M 0s
- 38800K .......... .......... .......... .......... .......... 72% 76.7M 0s
- 38850K .......... .......... .......... .......... .......... 72% 88.1M 0s
- 38900K .......... .......... .......... .......... .......... 72%  246M 0s
- 38950K .......... .......... .......... .......... .......... 73%  202M 0s
- 39000K .......... .......... .......... .......... .......... 73%  239M 0s
- 39050K .......... .......... .......... .......... .......... 73% 65.1M 0s
- 39100K .......... .......... .......... .......... .......... 73%  251M 0s
- 39150K .......... .......... .......... .......... .......... 73% 80.3M 0s
- 39200K .......... .......... .......... .......... .......... 73%  236M 0s
- 39250K .......... .......... .......... .......... .......... 73%  255M 0s
- 39300K .......... .......... .......... .......... .......... 73%  228M 0s
- 39350K .......... .......... .......... .......... .......... 73%  229M 0s
- 39400K .......... .......... .......... .......... .......... 73%  257M 0s
- 39450K .......... .......... .......... .......... .......... 73%  214M 0s
- 39500K .......... .......... .......... .......... .......... 74%  141M 0s
- 39550K .......... .......... .......... .......... .......... 74% 44.9M 0s
- 39600K .......... .......... .......... .......... .......... 74% 75.7M 0s
- 39650K .......... .......... .......... .......... .......... 74%  191M 0s
- 39700K .......... .......... .......... .......... .......... 74%  224M 0s
- 39750K .......... .......... .......... .......... .......... 74%  216M 0s
- 39800K .......... .......... .......... .......... .......... 74%  217M 0s
- 39850K .......... .......... .......... .......... .......... 74% 27.6M 0s
- 39900K .......... .......... .......... .......... .......... 74%  232M 0s
- 39950K .......... .......... .......... .......... .......... 74%  220M 0s
- 40000K .......... .......... .......... .......... .......... 74%  217M 0s
- 40050K .......... .......... .......... .......... .......... 75%  242M 0s
- 40100K .......... .......... .......... .......... .......... 75%  250M 0s
- 40150K .......... .......... .......... .......... .......... 75%  220M 0s
- 40200K .......... .......... .......... .......... .......... 75%  216M 0s
- 40250K .......... .......... .......... .......... .......... 75%  230M 0s
- 40300K .......... .......... .......... .......... .......... 75%  249M 0s
- 40350K .......... .......... .......... .......... .......... 75%  210M 0s
- 40400K .......... .......... .......... .......... .......... 75%  246M 0s
- 40450K .......... .......... .......... .......... .......... 75%  207M 0s
- 40500K .......... .......... .......... .......... .......... 75%  248M 0s
- 40550K .......... .......... .......... .......... .......... 76%  219M 0s
- 40600K .......... .......... .......... .......... .......... 76%  252M 0s
- 40650K .......... .......... .......... .......... .......... 76%  243M 0s
- 40700K .......... .......... .......... .......... .......... 76%  164M 0s
- 40750K .......... .......... .......... .......... .......... 76%  180M 0s
- 40800K .......... .......... .......... .......... .......... 76%  249M 0s
- 40850K .......... .......... .......... .......... .......... 76%  256M 0s
- 40900K .......... .......... .......... .......... .......... 76%  213M 0s
- 40950K .......... .......... .......... .......... .......... 76%  225M 0s
- 41000K .......... .......... .......... .......... .......... 76%  246M 0s
- 41050K .......... .......... .......... .......... .......... 76%  244M 0s
- 41100K .......... .......... .......... .......... .......... 77%  240M 0s
- 41150K .......... .......... .......... .......... .......... 77%  172M 0s
- 41200K .......... .......... .......... .......... .......... 77%  239M 0s
- 41250K .......... .......... .......... .......... .......... 77%  238M 0s
- 41300K .......... .......... .......... .......... .......... 77%  249M 0s
- 41350K .......... .......... .......... .......... .......... 77%  192M 0s
- 41400K .......... .......... .......... .......... .......... 77%  236M 0s
- 41450K .......... .......... .......... .......... .......... 77%  245M 0s
- 41500K .......... .......... .......... .......... .......... 77%  249M 0s
- 41550K .......... .......... .......... .......... .......... 77%  211M 0s
- 41600K .......... .......... .......... .......... .......... 77%  214M 0s
- 41650K .......... .......... .......... .......... .......... 78%  238M 0s
- 41700K .......... .......... .......... .......... .......... 78%  246M 0s
- 41750K .......... .......... .......... .......... .......... 78%  219M 0s
- 41800K .......... .......... .......... .......... .......... 78%  239M 0s
- 41850K .......... .......... .......... .......... .......... 78%  191M 0s
- 41900K .......... .......... .......... .......... .......... 78%  217M 0s
- 41950K .......... .......... .......... .......... .......... 78%  189M 0s
- 42000K .......... .......... .......... .......... .......... 78%  251M 0s
- 42050K .......... .......... .......... .......... .......... 78%  212M 0s
- 42100K .......... .......... .......... .......... .......... 78%  246M 0s
- 42150K .......... .......... .......... .......... .......... 79%  220M 0s
- 42200K .......... .......... .......... .......... .......... 79%  244M 0s
- 42250K .......... .......... .......... .......... .......... 79%  238M 0s
- 42300K .......... .......... .......... .......... .......... 79%  208M 0s
- 42350K .......... .......... .......... .......... .......... 79%  209M 0s
- 42400K .......... .......... .......... .......... .......... 79%  246M 0s
- 42450K .......... .......... .......... .......... .......... 79%  242M 0s
- 42500K .......... .......... .......... .......... .......... 79%  221M 0s
- 42550K .......... .......... .......... .......... .......... 79%  191M 0s
- 42600K .......... .......... .......... .......... .......... 79%  256M 0s
- 42650K .......... .......... .......... .......... .......... 79%  237M 0s
- 42700K .......... .......... .......... .......... .......... 80%  249M 0s
- 42750K .......... .......... .......... .......... .......... 80%  183M 0s
- 42800K .......... .......... .......... .......... .......... 80%  248M 0s
- 42850K .......... .......... .......... .......... .......... 80%  247M 0s
- 42900K .......... .......... .......... .......... .......... 80%  235M 0s
- 42950K .......... .......... .......... .......... .......... 80%  210M 0s
- 43000K .......... .......... .......... .......... .......... 80%  230M 0s
- 43050K .......... .......... .......... .......... .......... 80%  247M 0s
- 43100K .......... .......... .......... .......... .......... 80%  249M 0s
- 43150K .......... .......... .......... .......... .......... 80%  207M 0s
- 43200K .......... .......... .......... .......... .......... 80%  234M 0s
- 43250K .......... .......... .......... .......... .......... 81%  233M 0s
- 43300K .......... .......... .......... .......... .......... 81%  244M 0s
- 43350K .......... .......... .......... .......... .......... 81%  221M 0s
- 43400K .......... .......... .......... .......... .......... 81%  249M 0s
- 43450K .......... .......... .......... .......... .......... 81%  220M 0s
- 43500K .......... .......... .......... .......... .......... 81%  247M 0s
- 43550K .......... .......... .......... .......... .......... 81%  211M 0s
- 43600K .......... .......... .......... .......... .......... 81%  254M 0s
- 43650K .......... .......... .......... .......... .......... 81%  245M 0s
- 43700K .......... .......... .......... .......... .......... 81%  226M 0s
- 43750K .......... .......... .......... .......... .......... 82%  207M 0s
- 43800K .......... .......... .......... .......... .......... 82%  230M 0s
- 43850K .......... .......... .......... .......... .......... 82%  224M 0s
- 43900K .......... .......... .......... .......... .......... 82%  221M 0s
- 43950K .......... .......... .......... .......... .......... 82%  187M 0s
- 44000K .......... .......... .......... .......... .......... 82%  245M 0s
- 44050K .......... .......... .......... .......... .......... 82%  246M 0s
- 44100K .......... .......... .......... .......... .......... 82%  239M 0s
- 44150K .......... .......... .......... .......... .......... 82%  154M 0s
- 44200K .......... .......... .......... .......... .......... 82%  224M 0s
- 44250K .......... .......... .......... .......... .......... 82%  237M 0s
- 44300K .......... .......... .......... .......... .......... 83%  238M 0s
- 44350K .......... .......... .......... .......... .......... 83%  185M 0s
- 44400K .......... .......... .......... .......... .......... 83%  243M 0s
- 44450K .......... .......... .......... .......... .......... 83%  239M 0s
- 44500K .......... .......... .......... .......... .......... 83%  242M 0s
- 44550K .......... .......... .......... .......... .......... 83%  214M 0s
- 44600K .......... .......... .......... .......... .......... 83%  208M 0s
- 44650K .......... .......... .......... .......... .......... 83%  237M 0s
- 44700K .......... .......... .......... .......... .......... 83%  251M 0s
- 44750K .......... .......... .......... .......... .......... 83%  209M 0s
- 44800K .......... .......... .......... .......... .......... 83%  227M 0s
- 44850K .......... .......... .......... .......... .......... 84%  231M 0s
- 44900K .......... .......... .......... .......... .......... 84%  216M 0s
- 44950K .......... .......... .......... .......... .......... 84%  199M 0s
- 45000K .......... .......... .......... .......... .......... 84%  207M 0s
- 45050K .......... .......... .......... .......... .......... 84%  218M 0s
- 45100K .......... .......... .......... .......... .......... 84%  246M 0s
- 45150K .......... .......... .......... .......... .......... 84%  217M 0s
- 45200K .......... .......... .......... .......... .......... 84%  254M 0s
- 45250K .......... .......... .......... .......... .......... 84%  252M 0s
- 45300K .......... .......... .......... .......... .......... 84%  214M 0s
- 45350K .......... .......... .......... .......... .......... 85%  215M 0s
- 45400K .......... .......... .......... .......... .......... 85%  241M 0s
- 45450K .......... .......... .......... .......... .......... 85%  244M 0s
- 45500K .......... .......... .......... .......... .......... 85%  223M 0s
- 45550K .......... .......... .......... .......... .......... 85%  199M 0s
- 45600K .......... .......... .......... .......... .......... 85%  223M 0s
- 45650K .......... .......... .......... .......... .......... 85%  229M 0s
- 45700K .......... .......... .......... .......... .......... 85%  230M 0s
- 45750K .......... .......... .......... .......... .......... 85%  190M 0s
- 45800K .......... .......... .......... .......... .......... 85%  247M 0s
- 45850K .......... .......... .......... .......... .......... 85%  248M 0s
- 45900K .......... .......... .......... .......... .......... 86%  252M 0s
- 45950K .......... .......... .......... .......... .......... 86%  196M 0s
- 46000K .......... .......... .......... .......... .......... 86%  225M 0s
- 46050K .......... .......... .......... .......... .......... 86%  236M 0s
- 46100K .......... .......... .......... .......... .......... 86%  237M 0s
- 46150K .......... .......... .......... .......... .......... 86%  221M 0s
- 46200K .......... .......... .......... .......... .......... 86%  224M 0s
- 46250K .......... .......... .......... .......... .......... 86%  241M 0s
- 46300K .......... .......... .......... .......... .......... 86%  237M 0s
- 46350K .......... .......... .......... .......... .......... 86%  203M 0s
- 46400K .......... .......... .......... .......... .......... 86%  248M 0s
- 46450K .......... .......... .......... .......... .......... 87%  218M 0s
- 46500K .......... .......... .......... .......... .......... 87%  250M 0s
- 46550K .......... .......... .......... .......... .......... 87%  213M 0s
- 46600K .......... .......... .......... .......... .......... 87%  248M 0s
- 46650K .......... .......... .......... .......... .......... 87%  229M 0s
- 46700K .......... .......... .......... .......... .......... 87%  229M 0s
- 46750K .......... .......... .......... .......... .......... 87%  207M 0s
- 46800K .......... .......... .......... .......... .......... 87%  242M 0s
- 46850K .......... .......... .......... .......... .......... 87%  208M 0s
- 46900K .......... .......... .......... .......... .......... 87%  183M 0s
- 46950K .......... .......... .......... .......... .......... 88%  204M 0s
- 47000K .......... .......... .......... .......... .......... 88%  233M 0s
- 47050K .......... .......... .......... .......... .......... 88%  254M 0s
- 47100K .......... .......... .......... .......... .......... 88%  245M 0s
- 47150K .......... .......... .......... .......... .......... 88%  177M 0s
- 47200K .......... .......... .......... .......... .......... 88%  231M 0s
- 47250K .......... .......... .......... .......... .......... 88%  210M 0s
- 47300K .......... .......... .......... .......... .......... 88%  239M 0s
- 47350K .......... .......... .......... .......... .......... 88%  193M 0s
- 47400K .......... .......... .......... .......... .......... 88%  237M 0s
- 47450K .......... .......... .......... .......... .......... 88%  244M 0s
- 47500K .......... .......... .......... .......... .......... 89%  247M 0s
- 47550K .......... .......... .......... .......... .......... 89%  192M 0s
- 47600K .......... .......... .......... .......... .......... 89%  225M 0s
- 47650K .......... .......... .......... .......... .......... 89%  245M 0s
- 47700K .......... .......... .......... .......... .......... 89%  239M 0s
- 47750K .......... .......... .......... .......... .......... 89%  223M 0s
- 47800K .......... .......... .......... .......... .......... 89%  237M 0s
- 47850K .......... .......... .......... .......... .......... 89%  199M 0s
- 47900K .......... .......... .......... .......... .......... 89%  249M 0s
- 47950K .......... .......... .......... .......... .......... 89%  237M 0s
- 48000K .......... .......... .......... .......... .......... 89%  224M 0s
- 48050K .......... .......... .......... .......... .......... 90%  172M 0s
- 48100K .......... .......... .......... .......... .......... 90%  217M 0s
- 48150K .......... .......... .......... .......... .......... 90%  247M 0s
- 48200K .......... .......... .......... .......... .......... 90%  247M 0s
- 48250K .......... .......... .......... .......... .......... 90%  185M 0s
- 48300K .......... .......... .......... .......... .......... 90%  250M 0s
- 48350K .......... .......... .......... .......... .......... 90%  245M 0s
- 48400K .......... .......... .......... .......... .......... 90%  241M 0s
- 48450K .......... .......... .......... .......... .......... 90%  209M 0s
- 48500K .......... .......... .......... .......... .......... 90%  204M 0s
- 48550K .......... .......... .......... .......... .......... 91%  248M 0s
- 48600K .......... .......... .......... .......... .......... 91%  245M 0s
- 48650K .......... .......... .......... .......... .......... 91%  195M 0s
- 48700K .......... .......... .......... .......... .......... 91%  209M 0s
- 48750K .......... .......... .......... .......... .......... 91%  214M 0s
- 48800K .......... .......... .......... .......... .......... 91%  238M 0s
- 48850K .......... .......... .......... .......... .......... 91%  221M 0s
- 48900K .......... .......... .......... .......... .......... 91%  248M 0s
- 48950K .......... .......... .......... .......... .......... 91%  223M 0s
- 49000K .......... .......... .......... .......... .......... 91%  246M 0s
- 49050K .......... .......... .......... .......... .......... 91%  207M 0s
- 49100K .......... .......... .......... .......... .......... 92%  241M 0s
- 49150K .......... .......... .......... .......... .......... 92%  233M 0s
- 49200K .......... .......... .......... .......... .......... 92%  219M 0s
- 49250K .......... .......... .......... .......... .......... 92%  222M 0s
- 49300K .......... .......... .......... .......... .......... 92%  249M 0s
- 49350K .......... .......... .......... .......... .......... 92%  244M 0s
- 49400K .......... .......... .......... .......... .......... 92%  222M 0s
- 49450K .......... .......... .......... .......... .......... 92%  202M 0s
- 49500K .......... .......... .......... .......... .......... 92%  252M 0s
- 49550K .......... .......... .......... .......... .......... 92%  248M 0s
- 49600K .......... .......... .......... .......... .......... 92%  246M 0s
- 49650K .......... .......... .......... .......... .......... 93%  194M 0s
- 49700K .......... .......... .......... .......... .......... 93%  247M 0s
- 49750K .......... .......... .......... .......... .......... 93%  251M 0s
- 49800K .......... .......... .......... .......... .......... 93%  256M 0s
- 49850K .......... .......... .......... .......... .......... 93%  214M 0s
- 49900K .......... .......... .......... .......... .......... 93%  200M 0s
- 49950K .......... .......... .......... .......... .......... 93%  222M 0s
- 50000K .......... .......... .......... .......... .......... 93%  214M 0s
- 50050K .......... .......... .......... .......... .......... 93%  201M 0s
- 50100K .......... .......... .......... .......... .......... 93%  203M 0s
- 50150K .......... .......... .......... .......... .......... 94%  225M 0s
- 50200K .......... .......... .......... .......... .......... 94%  232M 0s
- 50250K .......... .......... .......... .......... .......... 94%  213M 0s
- 50300K .......... .......... .......... .......... .......... 94%  261M 0s
- 50350K .......... .......... .......... .......... .......... 94%  213M 0s
- 50400K .......... .......... .......... .......... .......... 94%  237M 0s
- 50450K .......... .......... .......... .......... .......... 94%  213M 0s
- 50500K .......... .......... .......... .......... .......... 94%  259M 0s
- 50550K .......... .......... .......... .......... .......... 94%  243M 0s
- 50600K .......... .......... .......... .......... .......... 94%  233M 0s
- 50650K .......... .......... .......... .......... .......... 94%  205M 0s
- 50700K .......... .......... .......... .......... .......... 95%  250M 0s
- 50750K .......... .......... .......... .......... .......... 95%  243M 0s
- 50800K .......... .......... .......... .......... .......... 95%  222M 0s
- 50850K .......... .......... .......... .......... .......... 95%  209M 0s
- 50900K .......... .......... .......... .......... .......... 95%  248M 0s
- 50950K .......... .......... .......... .......... .......... 95%  250M 0s
- 51000K .......... .......... .......... .......... .......... 95%  226M 0s
- 51050K .......... .......... .......... .......... .......... 95%  188M 0s
- 51100K .......... .......... .......... .......... .......... 95%  225M 0s
- 51150K .......... .......... .......... .......... .......... 95%  200M 0s
- 51200K .......... .......... .......... .......... .......... 95%  203M 0s
- 51250K .......... .......... .......... .......... .......... 96%  217M 0s
- 51300K .......... .......... .......... .......... .......... 96%  238M 0s
- 51350K .......... .......... .......... .......... .......... 96%  218M 0s
- 51400K .......... .......... .......... .......... .......... 96%  247M 0s
- 51450K .......... .......... .......... .......... .......... 96%  236M 0s
- 51500K .......... .......... .......... .......... .......... 96%  174M 0s
- 51550K .......... .......... .......... .......... .......... 96%  201M 0s
- 51600K .......... .......... .......... .......... .......... 96%  247M 0s
- 51650K .......... .......... .......... .......... .......... 96%  245M 0s
- 51700K .......... .......... .......... .......... .......... 96%  224M 0s
- 51750K .......... .......... .......... .......... .......... 96%  190M 0s
- 51800K .......... .......... .......... .......... .......... 97%  217M 0s
- 51850K .......... .......... .......... .......... .......... 97%  245M 0s
- 51900K .......... .......... .......... .......... .......... 97%  251M 0s
- 51950K .......... .......... .......... .......... .......... 97%  187M 0s
- 52000K .......... .......... .......... .......... .......... 97%  246M 0s
- 52050K .......... .......... .......... .......... .......... 97%  240M 0s
- 52100K .......... .......... .......... .......... .......... 97%  245M 0s
- 52150K .......... .......... .......... .......... .......... 97%  203M 0s
- 52200K .......... .......... .......... .......... .......... 97%  229M 0s
- 52250K .......... .......... .......... .......... .......... 97%  245M 0s
- 52300K .......... .......... .......... .......... .......... 98%  252M 0s
- 52350K .......... .......... .......... .......... .......... 98%  207M 0s
- 52400K .......... .......... .......... .......... .......... 98%  213M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  151M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  236M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  231M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  216M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  250M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  234M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  254M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  150M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  177M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  178M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  170M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  153M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  179M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  163M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  131M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  157M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  170M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  135M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  164M 0s
+ 39750K .......... .......... .......... .......... .......... 74%  178M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  183M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  149M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  170M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  165M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  184M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  153M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  191M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  153M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  108M 0s
+ 40250K .......... .......... .......... .......... .......... 75% 51.1M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  206M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  104M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  178M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  146M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  167M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  179M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  177M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  140M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  139M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  163M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  159M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  134M 0s
+ 40900K .......... .......... .......... .......... .......... 76%  163M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  235M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  167M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  178M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  152M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  178M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  141M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  195M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  219M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  229M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  241M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  243M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  196M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  249M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  152M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  160M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  149M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  169M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  179M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  178M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  142M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  129M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  121M 0s
+ 42050K .......... .......... .......... .......... .......... 78% 38.7M 0s
+ 42100K .......... .......... .......... .......... .......... 78%  192M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  246M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  246M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  132M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  142M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  162M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  139M 0s
+ 42450K .......... .......... .......... .......... .......... 79%  163M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  159M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  151M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  152M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  176M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  186M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  167M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  135M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  190M 0s
+ 42900K .......... .......... .......... .......... .......... 80%  176M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  179M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  165M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  175M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  194M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  165M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  138M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  153M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  152M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  150M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  146M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  168M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  165M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  153M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  145M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  101M 0s
+ 43700K .......... .......... .......... .......... .......... 81% 48.7M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  161M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  205M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  253M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  257M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  212M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  155M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  169M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  180M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  164M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  148M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  168M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  140M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  162M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  142M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  172M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  162M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  155M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  143M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  170M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  174M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  192M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  156M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  179M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  179M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  169M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  163M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  158M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  147M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  156M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  129M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  166M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  160M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  144M 0s
+ 45400K .......... .......... .......... .......... .......... 85% 39.9M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  223M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  235M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  250M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  203M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  257M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  195M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  182M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  170M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  155M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  170M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  176M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  152M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  159M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  162M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  162M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  145M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  189M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  173M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  162M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  132M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  223M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  180M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  147M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  148M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  199M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  181M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  175M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  150M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  183M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  154M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  183M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  143M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  152M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  166M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  176M 0s
+ 47200K .......... .......... .......... .......... .......... 88% 29.1M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  162M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  181M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  158M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  139M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  165M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  148M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  154M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  140M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  160M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  225M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  257M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  186M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  164M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  181M 0s
+ 47950K .......... .......... .......... .......... .......... 89%  215M 0s
+ 48000K .......... .......... .......... .......... .......... 89%  180M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  234M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  248M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  252M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  206M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  164M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  172M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  174M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  135M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  152M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  163M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  178M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  179M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  178M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  169M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  145M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  136M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  153M 0s
+ 48900K .......... .......... .......... .......... .......... 91% 69.6M 0s
+ 48950K .......... .......... .......... .......... .......... 91% 49.6M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  208M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  230M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  231M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  240M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  208M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  199M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  201M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  241M 0s
+ 49400K .......... .......... .......... .......... .......... 92%  188M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  241M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  154M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  216M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  243M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  240M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  214M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  218M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  194M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  241M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  199M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  227M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  233M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  220M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  218M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  244M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  214M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  232M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  193M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  245M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  226M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  229M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  219M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  215M 0s
+ 50600K .......... .......... .......... .......... .......... 94%  241M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  224M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  189M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  226M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  239M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  243M 0s
+ 50900K .......... .......... .......... .......... .......... 95%  200M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  247M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  213M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  243M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  117M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  188M 0s
+ 51200K .......... .......... .......... .......... .......... 95% 68.7M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  237M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  222M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  214M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  223M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  224M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  242M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  159M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  226M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  239M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  244M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  221M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  249M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  193M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  240M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  205M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  229M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  249M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  193M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  219M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  247M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  249M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  224M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  184M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  243M 0s
  52450K .......... .......... .......... .......... .......... 98%  243M 0s
- 52500K .......... .......... .......... .......... .......... 98%  240M 0s
- 52550K .......... .......... .......... .......... .......... 98%  215M 0s
- 52600K .......... .......... .......... .......... .......... 98%  246M 0s
- 52650K .......... .......... .......... .......... .......... 98%  219M 0s
- 52700K .......... .......... .......... .......... .......... 98%  249M 0s
- 52750K .......... .......... .......... .......... .......... 98%  209M 0s
- 52800K .......... .......... .......... .......... .......... 98%  248M 0s
- 52850K .......... .......... .......... .......... .......... 99%  235M 0s
- 52900K .......... .......... .......... .......... .......... 99%  228M 0s
- 52950K .......... .......... .......... .......... .......... 99%  220M 0s
- 53000K .......... .......... .......... .......... .......... 99%  250M 0s
- 53050K .......... .......... .......... .......... .......... 99%  241M 0s
- 53100K .......... .......... .......... .......... .......... 99%  230M 0s
- 53150K .......... .......... .......... .......... .......... 99%  188M 0s
- 53200K .......... .......... .......... .......... .......... 99%  250M 0s
- 53250K .......... .......... .......... .......... .......... 99%  248M 0s
- 53300K .......... .......... .......... .......... .......... 99%  250M 0s
- 53350K .......... .......... .......... .......... .......... 99%  199M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  246M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  198M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  227M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  224M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  246M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  191M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  247M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  255M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  198M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  216M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  224M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  230M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  250M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  194M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  228M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  219M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  248M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  224M 0s
  53400K ...                                                   100% 6.31T=0.5s
 
-2024-11-06 09:53:57 (114 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.6’ saved [54685068/54685068]
+2024-11-11 10:04:25 (107 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.6’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -22970,8 +23127,8 @@ Preparing to unpack trivy_0.44.1_Linux-64bit.deb ...
 Unpacking trivy (0.44.1) over (0.44.1) ...
 Setting up trivy (0.44.1) ...
 +docker sbom --format spdx-json quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
-+/tmp/grype
 +tee /tmp/cve.txt
++/tmp/grype
 NAME        INSTALLED  FIXED-IN  TYPE    VULNERABILITY        SEVERITY 
 idna        2.10       3.7       python  GHSA-jjg7-2v4v-x38h  Medium    
 requests    2.25.1     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium    
@@ -22981,8 +23138,8 @@ setuptools  53.0.0     70.0.0    python  GHSA-cx63-2mw6-8hw5  High
 urllib3     1.26.5     1.26.17   python  GHSA-v845-jxx5-vc9f  Medium    
 urllib3     1.26.5     1.26.18   python  GHSA-g4mx-q9vg-27p4  Medium    
 urllib3     1.26.5     1.26.19   python  GHSA-34jh-p97f-mpxf  Medium
-+tee /tmp/sbom.txt
 +docker sbom quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
++tee /tmp/sbom.txt
 NAME                                                                  VERSION                                   TYPE      
 PyGObject                                                             3.40.1                                    python     
 PySocks                                                               1.7.1                                     python     
@@ -23063,8 +23220,8 @@ subscription-manager                                                  1.29.40
 systemd-python                                                        234                                       python     
 urllib3                                                               1.26.5                                    python     
 +docker sbom --format spdx-json registry.access.redhat.com/ubi9/ubi:9.3
-+/tmp/grype
 +tee /tmp/cve-base.txt
++/tmp/grype
 NAME        INSTALLED  FIXED-IN  TYPE    VULNERABILITY        SEVERITY 
 idna        2.10       3.7       python  GHSA-jjg7-2v4v-x38h  Medium    
 requests    2.25.1     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium    
@@ -23083,36 +23240,36 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 unauthorized: access to the requested resource is not authorized
 +docker login -u=[secure] -p=[secure] quay.io
@@ -23122,30 +23279,31 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
+797935172f32: Waiting
+1a6b532927e3: Mounted from noiro/aci-containers-webhook
+d242d05d20ef: Mounted from noiro/aci-containers-webhook
 797935172f32: Layer already exists
-c6ce05a09977: Mounted from noiro/aci-containers-webhook
-2c2d764c30e5: Mounted from noiro/aci-containers-webhook
-99399243a4d6: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2 size: 1160
+af1f442c2945: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6 size: 1160
 +docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-99399243a4d6: Layer already exists
+d242d05d20ef: Layer already exists
+1a6b532927e3: Layer already exists
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-c6ce05a09977: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2 size: 1160
+af1f442c2945: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6 size: 1160
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -23153,33 +23311,33 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
 797935172f32: Layer already exists
-2c2d764c30e5: Mounted from noiro/aci-containers-webhook
-c6ce05a09977: Mounted from noiro/aci-containers-webhook
-99399243a4d6: Pushed
-6.0.4.4.81c2369.110624.10022: digest: sha256:f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2 size: 1160
+d242d05d20ef: Mounted from noiro/aci-containers-webhook
+1a6b532927e3: Mounted from noiro/aci-containers-webhook
+af1f442c2945: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6 size: 1160
 +docker tag quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369 docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
 +docker push docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
 The push refers to repository [docker.io/noiro/aci-containers-certmanager]
-99399243a4d6: Preparing
-c6ce05a09977: Preparing
-2c2d764c30e5: Preparing
+af1f442c2945: Preparing
+1a6b532927e3: Preparing
+d242d05d20ef: Preparing
 797935172f32: Preparing
-c6ce05a09977: Layer already exists
+d242d05d20ef: Layer already exists
 797935172f32: Layer already exists
-2c2d764c30e5: Layer already exists
-99399243a4d6: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2 size: 1160
+1a6b532927e3: Layer already exists
+af1f442c2945: Layer already exists
+6.0.4.4.81c2369.z: digest: sha256:7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6 size: 1160
 ++docker image inspect '--format={{.Id}}' quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
-+IMAGE_SHA=sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479
-+/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-certmanager 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479 registry.access.redhat.com/ubi9/ubi:9.3
++IMAGE_SHA=sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92
++/tmp/cicd/travis/push-to-cicd-status.sh quay.io/noiro aci-containers-certmanager 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-to-cicd-status.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -23187,9 +23345,9 @@ c6ce05a09977: Layer already exists
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -23207,8 +23365,8 @@ c6ce05a09977: Layer already exists
 +IMAGE_BUILD_REGISTRY=quay.io/noiro
 +IMAGE=aci-containers-certmanager
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022
-+IMAGE_SHA=sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479
++OTHER_IMAGE_TAGS=6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031
++IMAGE_SHA=sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
 +GIT_REPO=https://github.com/noironetworks/cicd-status.git
 +GIT_LOCAL_DIR=cicd-status
@@ -23231,42 +23389,42 @@ From https://github.com/noironetworks/cicd-status
  * branch              main       -> FETCH_HEAD
 Already up to date.
 +mkdir -p /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-certmanager
-+curl https://api.travis-ci.com/v3/job/627824803/log.txt
++curl https://api.travis-ci.com/v3/job/627965097/log.txt
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
-  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1449k  100 1449k    0     0  6654k      0 --:--:-- --:--:-- --:--:-- 6679k
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100 1459k  100 1459k    0     0  6968k      0 --:--:-- --:--:-- --:--:-- 6981k
 +cp /tmp/sbom.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-certmanager/6.0.4.4-sbom.txt
 +cp /tmp/cve.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-certmanager/6.0.4.4-cve.txt
 +cp /tmp/cve-base.txt /tmp/cicd-status/docs/release_artifacts/6.0.4.4/z/aci-containers-certmanager/6.0.4.4-cve-base.txt
 +update_container_release
-+docker rmi -f sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479
-Untagged: noiro/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
++docker rmi -f sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92
+Untagged: noiro/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
 Untagged: noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
-Untagged: noiro/aci-containers-certmanager@sha256:f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2
-Untagged: quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
+Untagged: noiro/aci-containers-certmanager@sha256:7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6
+Untagged: quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
-Untagged: quay.io/noiro/aci-containers-certmanager@sha256:f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2
+Untagged: quay.io/noiro/aci-containers-certmanager@sha256:7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6
 Untagged: quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369
-Untagged: quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.110624.10022
+Untagged: quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.111124.10031
 Untagged: quay.io/noirolabs/aci-containers-certmanager:6.0.4.4.81c2369.z
-Deleted: sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479
-+python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-certmanager 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479 6.0.4.4.81c2369.z 6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
+Deleted: sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92
++python /tmp/cicd/travis/update-release.py quay.io/noiro aci-containers-certmanager 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92 6.0.4.4.81c2369.z 6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 +add_trivy_vulnerabilites
 +trivy image quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
-2024-11-06T09:55:29.011Z	[34mINFO[0m	Vulnerability scanning is enabled
-2024-11-06T09:55:29.011Z	[34mINFO[0m	Secret scanning is enabled
-2024-11-06T09:55:29.011Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
-2024-11-06T09:55:29.011Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
-2024-11-06T09:55:36.248Z	[34mINFO[0m	Detected OS: redhat
-2024-11-06T09:55:36.248Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
-2024-11-06T09:55:36.298Z	[34mINFO[0m	Number of language-specific files: 1
-2024-11-06T09:55:36.298Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
+2024-11-11T10:05:48.483Z	[34mINFO[0m	Vulnerability scanning is enabled
+2024-11-11T10:05:48.483Z	[34mINFO[0m	Secret scanning is enabled
+2024-11-11T10:05:48.483Z	[34mINFO[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
+2024-11-11T10:05:48.483Z	[34mINFO[0m	Please see also https://aquasecurity.github.io/trivy/v0.44/docs/scanner/secret/#recommendation for faster secret detection
+2024-11-11T10:05:55.895Z	[34mINFO[0m	Detected OS: redhat
+2024-11-11T10:05:55.895Z	[34mINFO[0m	Detecting RHEL/CentOS vulnerabilities...
+2024-11-11T10:05:55.945Z	[34mINFO[0m	Number of language-specific files: 1
+2024-11-11T10:05:55.945Z	[34mINFO[0m	Detecting gobinary vulnerabilities...
 +git_add_commit_push
 +cd /tmp/cicd-status
 +git config --local user.email test@cisco.com
 +git config --local user.name travis-tagger
 +git stash
-Saved working directory and index state WIP on main: 9c1de98e 6.0.4.4.z-aci-containers-webhook-10022-2024-11-06_09:53:50
+Saved working directory and index state WIP on main: 1ff65650 6.0.4.4.z-aci-containers-webhook-10031-2024-11-11_10:04:19
 +git pull --rebase origin main
 From https://github.com/noironetworks/cicd-status
  * branch              main       -> FETCH_HEAD
@@ -23279,27 +23437,28 @@ Changes not staged for commit:
   (use "git add <file>..." to update what will be committed)
   (use "git restore <file>..." to discard changes in working directory)
 	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-certmanager/6.0.4.4-buildlog.txt
+	modified:   docs/release_artifacts/6.0.4.4/z/aci-containers-certmanager/6.0.4.4-cve.txt
 	modified:   docs/release_artifacts/releases.yaml
 
 no changes added to commit (use "git add" and/or "git commit -a")
-Dropped refs/stash@{0} (29270206371cf08608d41bea1d5049714df7a5cd)
+Dropped refs/stash@{0} (adc2d06bf0aac83f813da2bef10b36c43646f6ac)
 +git add .
 +[[ aci-containers != \a\c\c\-\p\r\o\v\i\s\i\o\n ]]
 ++docker image inspect --format '{{index (split (index .RepoDigests 0) "@sha256:") 1}}' docker.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
-+DOCKER_REPO_DIGEST_SHA=f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2
++DOCKER_REPO_DIGEST_SHA=7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6
 ++docker image inspect --format '{{index (split (index .RepoDigests 1) "@sha256:") 1}}' quay.io/noiro/aci-containers-certmanager:6.0.4.4.81c2369.z
-+QUAY_REPO_DIGEST_SHA=f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2
++QUAY_REPO_DIGEST_SHA=7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6
 ++date +%F_%H:%M:%S
-+git commit -a -m 6.0.4.4.z-aci-containers-certmanager-10022-2024-11-06_09:55:36 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.110624.10022' -m 'ImageId: sha256:8a32036d3745833dbe26564ae6d79602290190cb9c3085563a5140f3cae4d479' -m 'DockerSha: f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2' -m 'QuaySha: f326a6c7d6e3fb10fc8f82e729a59c701d2fdafda9aa58bb277801f6e22e7cb2'
-[main 18cb01f9] 6.0.4.4.z-aci-containers-certmanager-10022-2024-11-06_09:55:36
- 2 files changed, 13202 insertions(+), 13373 deletions(-)
++git commit -a -m 6.0.4.4.z-aci-containers-certmanager-10031-2024-11-11_10:05:56 -m 'Commit: d090ca19b2ebe458b0f15e91dc685e6ba807e693' -m 'Tags: 6.0.4.4.81c2369.z, 6.0.4.4.81c2369.111124.10031' -m 'ImageId: sha256:e5ce9f068a85298f0321840081046fedf0b26960929a3c6dcdd3d9d45efeec92' -m 'DockerSha: 7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6' -m 'QuaySha: 7650417b42e051bee1877956b51f4c1cb85fe69017fe9b045f9a8a912d4a02e6'
+[main 6837a5a8] 6.0.4.4.z-aci-containers-certmanager-10031-2024-11-11_10:05:56
+ 3 files changed, 13264 insertions(+), 13105 deletions(-)
 +git push origin main
 To https://github.com/noironetworks/cicd-status.git
-   9c1de98e..18cb01f9  main -> main
+   1ff65650..6837a5a8  main -> main
 +break
 +for IMAGE in "${ALL_IMAGES[@]}"
 +[[ aci-containers-host-ovscni != \o\p\e\n\v\s\w\i\t\c\h ]]
-+/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-host-ovscni 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.110624.10022 registry.access.redhat.com/ubi9/ubi:9.3
++/tmp/cicd/travis/push-images.sh quay.io/noirolabs aci-containers-host-ovscni 6.0.4.4.81c2369 6.0.4.4.81c2369,6.0.4.4.81c2369.111124.10031 registry.access.redhat.com/ubi9/ubi:9.3
 ++dirname /tmp/cicd/travis/push-images.sh
 +SCRIPTS_DIR=/tmp/cicd/travis
 +source /tmp/cicd/travis/globals.sh
@@ -23307,9 +23466,9 @@ To https://github.com/noironetworks/cicd-status.git
 ++RELEASE_TAG=6.0.4.4
 ++export RELEASE_TAG
 +++date +%m%d%y
-++DATE_TAG=110624
+++DATE_TAG=111124
 ++TRAVIS_TAG_WITH_UPSTREAM_ID=6.0.4.4.81c2369
-++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.110624.10022
+++TRAVIS_TAG_WITH_UPSTREAM_ID_DATE_TRAVIS_BUILD_NUMBER=6.0.4.4.81c2369.111124.10031
 ++IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_TAG=6.0.4.4.81c2369
 ++UPSTREAM_IMAGE_Z_TAG=6.0.4.4.81c2369.z
@@ -23324,9 +23483,9 @@ To https://github.com/noironetworks/cicd-status.git
 +IMAGE_BUILD_REGISTRY=quay.io/noirolabs
 +IMAGE=aci-containers-host-ovscni
 +IMAGE_BUILD_TAG=6.0.4.4.81c2369
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031'
 +BASE_IMAGE=registry.access.redhat.com/ubi9/ubi:9.3
-+OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.110624.10022 6.0.4.4.81c2369.z'
++OTHER_IMAGE_TAGS='6.0.4.4.81c2369 6.0.4.4.81c2369.111124.10031 6.0.4.4.81c2369.z'
 +BUILT_IMAGE=quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369
 +curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh
 +sh -s -- -b /tmp
@@ -23341,1087 +23500,1087 @@ To https://github.com/noironetworks/cicd-status.git
 [info] using release tag='v0.6.1' version='0.6.1' os='linux' arch='amd64' 
 [info] installed /home/travis/.docker/cli-plugins/docker-sbom 
 +wget https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
---2024-11-06 09:55:43--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
-Resolving github.com (github.com)... 140.82.113.3
-Connecting to github.com (github.com)|140.82.113.3|:443... connected.
+--2024-11-11 10:06:03--  https://github.com/aquasecurity/trivy/releases/download/v0.44.1/trivy_0.44.1_Linux-64bit.deb
+Resolving github.com (github.com)... 140.82.112.4
+Connecting to github.com (github.com)|140.82.112.4|:443... connected.
 HTTP request sent, awaiting response... 302 Found
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.109.133, ...
-Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
+Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
+Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 54685068 (52M) [application/octet-stream]
 Saving to: ‘trivy_0.44.1_Linux-64bit.deb.7’
 
-     0K .......... .......... .......... .......... ..........  0% 3.50M 15s
-    50K .......... .......... .......... .......... ..........  0% 3.90M 14s
-   100K .......... .......... .......... .......... ..........  0% 14.5M 11s
-   150K .......... .......... .......... .......... ..........  0% 20.2M 9s
-   200K .......... .......... .......... .......... ..........  0% 6.70M 8s
-   250K .......... .......... .......... .......... ..........  0% 22.5M 7s
-   300K .......... .......... .......... .......... ..........  0% 18.9M 7s
-   350K .......... .......... .......... .......... ..........  0% 40.1M 6s
-   400K .......... .......... .......... .......... ..........  0% 30.2M 6s
-   450K .......... .......... .......... .......... ..........  0% 9.00M 6s
-   500K .......... .......... .......... .......... ..........  1% 75.1M 5s
-   550K .......... .......... .......... .......... ..........  1% 37.4M 5s
-   600K .......... .......... .......... .......... ..........  1% 32.5M 5s
-   650K .......... .......... .......... .......... ..........  1%  142M 4s
-   700K .......... .......... .......... .......... ..........  1% 53.8M 4s
-   750K .......... .......... .......... .......... ..........  1% 28.2M 4s
-   800K .......... .......... .......... .......... ..........  1%  169M 4s
-   850K .......... .......... .......... .......... ..........  1% 32.7M 4s
-   900K .......... .......... .......... .......... ..........  1%  139M 3s
-   950K .......... .......... .......... .......... ..........  1%  233M 3s
-  1000K .......... .......... .......... .......... ..........  1% 10.1M 3s
-  1050K .......... .......... .......... .......... ..........  2%  237M 3s
-  1100K .......... .......... .......... .......... ..........  2% 35.7M 3s
-  1150K .......... .......... .......... .......... ..........  2%  201M 3s
-  1200K .......... .......... .......... .......... ..........  2%  234M 3s
-  1250K .......... .......... .......... .......... ..........  2% 36.4M 3s
-  1300K .......... .......... .......... .......... ..........  2%  198M 3s
-  1350K .......... .......... .......... .......... ..........  2%  257M 3s
-  1400K .......... .......... .......... .......... ..........  2% 88.0M 3s
-  1450K .......... .......... .......... .......... ..........  2% 59.1M 2s
-  1500K .......... .......... .......... .......... ..........  2% 45.2M 2s
-  1550K .......... .......... .......... .......... ..........  2%  239M 2s
-  1600K .......... .......... .......... .......... ..........  3%  164M 2s
-  1650K .......... .......... .......... .......... ..........  3% 34.1M 2s
-  1700K .......... .......... .......... .......... ..........  3%  221M 2s
-  1750K .......... .......... .......... .......... ..........  3%  177M 2s
-  1800K .......... .......... .......... .......... ..........  3% 51.3M 2s
-  1850K .......... .......... .......... .......... ..........  3% 61.7M 2s
-  1900K .......... .......... .......... .......... ..........  3%  151M 2s
-  1950K .......... .......... .......... .......... ..........  3%  250M 2s
-  2000K .......... .......... .......... .......... ..........  3% 15.8M 2s
-  2050K .......... .......... .......... .......... ..........  3%  249M 2s
-  2100K .......... .......... .......... .......... ..........  4%  219M 2s
-  2150K .......... .......... .......... .......... ..........  4%  246M 2s
-  2200K .......... .......... .......... .......... ..........  4%  248M 2s
-  2250K .......... .......... .......... .......... ..........  4%  204M 2s
-  2300K .......... .......... .......... .......... ..........  4%  214M 2s
-  2350K .......... .......... .......... .......... ..........  4%  244M 2s
-  2400K .......... .......... .......... .......... ..........  4%  267M 2s
-  2450K .......... .......... .......... .......... ..........  4%  256M 2s
-  2500K .......... .......... .......... .......... ..........  4% 34.5M 2s
-  2550K .......... .......... .......... .......... ..........  4% 17.9M 2s
-  2600K .......... .......... .......... .......... ..........  4% 46.7M 2s
-  2650K .......... .......... .......... .......... ..........  5% 64.6M 2s
-  2700K .......... .......... .......... .......... ..........  5% 38.9M 2s
-  2750K .......... .......... .......... .......... ..........  5% 63.5M 2s
-  2800K .......... .......... .......... .......... ..........  5%  214M 2s
-  2850K .......... .......... .......... .......... ..........  5%  225M 2s
-  2900K .......... .......... .......... .......... ..........  5%  215M 2s
-  2950K .......... .......... .......... .......... ..........  5%  248M 2s
-  3000K .......... .......... .......... .......... ..........  5%  246M 2s
-  3050K .......... .......... .......... .......... ..........  5% 20.0M 2s
-  3100K .......... .......... .......... .......... ..........  5% 60.2M 2s
-  3150K .......... .......... .......... .......... ..........  5% 48.1M 1s
-  3200K .......... .......... .......... .......... ..........  6% 66.8M 1s
-  3250K .......... .......... .......... .......... ..........  6% 45.2M 1s
-  3300K .......... .......... .......... .......... ..........  6%  103M 1s
-  3350K .......... .......... .......... .......... ..........  6%  239M 1s
-  3400K .......... .......... .......... .......... ..........  6% 75.6M 1s
-  3450K .......... .......... .......... .......... ..........  6%  215M 1s
-  3500K .......... .......... .......... .......... ..........  6%  203M 1s
-  3550K .......... .......... .......... .......... ..........  6% 43.8M 1s
-  3600K .......... .......... .......... .......... ..........  6%  117M 1s
-  3650K .......... .......... .......... .......... ..........  6% 97.5M 1s
-  3700K .......... .......... .......... .......... ..........  7%  104M 1s
-  3750K .......... .......... .......... .......... ..........  7%  234M 1s
-  3800K .......... .......... .......... .......... ..........  7%  251M 1s
-  3850K .......... .......... .......... .......... ..........  7%  240M 1s
-  3900K .......... .......... .......... .......... ..........  7% 24.5M 1s
-  3950K .......... .......... .......... .......... ..........  7% 48.7M 1s
-  4000K .......... .......... .......... .......... ..........  7% 44.5M 1s
-  4050K .......... .......... .......... .......... ..........  7% 70.7M 1s
-  4100K .......... .......... .......... .......... ..........  7%  182M 1s
-  4150K .......... .......... .......... .......... ..........  7%  172M 1s
-  4200K .......... .......... .......... .......... ..........  7%  245M 1s
-  4250K .......... .......... .......... .......... ..........  8%  253M 1s
-  4300K .......... .......... .......... .......... ..........  8% 87.4M 1s
-  4350K .......... .......... .......... .......... ..........  8%  212M 1s
-  4400K .......... .......... .......... .......... ..........  8%  246M 1s
-  4450K .......... .......... .......... .......... ..........  8%  239M 1s
-  4500K .......... .......... .......... .......... ..........  8% 33.6M 1s
-  4550K .......... .......... .......... .......... ..........  8% 60.4M 1s
-  4600K .......... .......... .......... .......... ..........  8% 81.2M 1s
-  4650K .......... .......... .......... .......... ..........  8% 54.2M 1s
-  4700K .......... .......... .......... .......... ..........  8% 51.9M 1s
-  4750K .......... .......... .......... .......... ..........  8%  176M 1s
-  4800K .......... .......... .......... .......... ..........  9% 99.3M 1s
-  4850K .......... .......... .......... .......... ..........  9% 57.1M 1s
-  4900K .......... .......... .......... .......... ..........  9%  127M 1s
-  4950K .......... .......... .......... .......... ..........  9%  256M 1s
-  5000K .......... .......... .......... .......... ..........  9%  239M 1s
-  5050K .......... .......... .......... .......... ..........  9%  229M 1s
-  5100K .......... .......... .......... .......... ..........  9%  205M 1s
-  5150K .......... .......... .......... .......... ..........  9%  257M 1s
-  5200K .......... .......... .......... .......... ..........  9%  233M 1s
-  5250K .......... .......... .......... .......... ..........  9%  178M 1s
-  5300K .......... .......... .......... .......... .......... 10% 48.5M 1s
-  5350K .......... .......... .......... .......... .......... 10% 94.3M 1s
-  5400K .......... .......... .......... .......... .......... 10% 52.6M 1s
-  5450K .......... .......... .......... .......... .......... 10% 53.3M 1s
-  5500K .......... .......... .......... .......... .......... 10% 48.5M 1s
-  5550K .......... .......... .......... .......... .......... 10% 51.4M 1s
-  5600K .......... .......... .......... .......... .......... 10% 72.9M 1s
-  5650K .......... .......... .......... .......... .......... 10%  241M 1s
-  5700K .......... .......... .......... .......... .......... 10%  205M 1s
-  5750K .......... .......... .......... .......... .......... 10% 53.7M 1s
-  5800K .......... .......... .......... .......... .......... 10%  104M 1s
-  5850K .......... .......... .......... .......... .......... 11% 46.7M 1s
-  5900K .......... .......... .......... .......... .......... 11%  123M 1s
-  5950K .......... .......... .......... .......... .......... 11% 89.2M 1s
-  6000K .......... .......... .......... .......... .......... 11%  227M 1s
-  6050K .......... .......... .......... .......... .......... 11%  255M 1s
-  6100K .......... .......... .......... .......... .......... 11%  208M 1s
-  6150K .......... .......... .......... .......... .......... 11%  255M 1s
-  6200K .......... .......... .......... .......... .......... 11%  246M 1s
-  6250K .......... .......... .......... .......... .......... 11% 19.6M 1s
-  6300K .......... .......... .......... .......... .......... 11%  187M 1s
-  6350K .......... .......... .......... .......... .......... 11%  239M 1s
-  6400K .......... .......... .......... .......... .......... 12% 28.3M 1s
-  6450K .......... .......... .......... .......... .......... 12% 62.6M 1s
-  6500K .......... .......... .......... .......... .......... 12%  139M 1s
-  6550K .......... .......... .......... .......... .......... 12% 40.3M 1s
-  6600K .......... .......... .......... .......... .......... 12%  150M 1s
-  6650K .......... .......... .......... .......... .......... 12%  245M 1s
-  6700K .......... .......... .......... .......... .......... 12%  215M 1s
-  6750K .......... .......... .......... .......... .......... 12%  245M 1s
-  6800K .......... .......... .......... .......... .......... 12%  234M 1s
-  6850K .......... .......... .......... .......... .......... 12%  253M 1s
-  6900K .......... .......... .......... .......... .......... 13%  221M 1s
-  6950K .......... .......... .......... .......... .......... 13%  252M 1s
-  7000K .......... .......... .......... .......... .......... 13%  244M 1s
-  7050K .......... .......... .......... .......... .......... 13% 96.8M 1s
-  7100K .......... .......... .......... .......... .......... 13% 80.1M 1s
-  7150K .......... .......... .......... .......... .......... 13%  241M 1s
-  7200K .......... .......... .......... .......... .......... 13% 17.8M 1s
-  7250K .......... .......... .......... .......... .......... 13% 41.7M 1s
-  7300K .......... .......... .......... .......... .......... 13% 58.4M 1s
-  7350K .......... .......... .......... .......... .......... 13% 53.1M 1s
-  7400K .......... .......... .......... .......... .......... 13% 50.0M 1s
-  7450K .......... .......... .......... .......... .......... 14% 98.2M 1s
-  7500K .......... .......... .......... .......... .......... 14%  240M 1s
-  7550K .......... .......... .......... .......... .......... 14%  156M 1s
-  7600K .......... .......... .......... .......... .......... 14% 62.3M 1s
-  7650K .......... .......... .......... .......... .......... 14% 55.8M 1s
-  7700K .......... .......... .......... .......... .......... 14% 57.8M 1s
-  7750K .......... .......... .......... .......... .......... 14%  177M 1s
-  7800K .......... .......... .......... .......... .......... 14%  205M 1s
-  7850K .......... .......... .......... .......... .......... 14%  232M 1s
-  7900K .......... .......... .......... .......... .......... 14%  253M 1s
-  7950K .......... .......... .......... .......... .......... 14%  229M 1s
-  8000K .......... .......... .......... .......... .......... 15%  214M 1s
-  8050K .......... .......... .......... .......... .......... 15%  248M 1s
-  8100K .......... .......... .......... .......... .......... 15% 67.5M 1s
-  8150K .......... .......... .......... .......... .......... 15% 64.4M 1s
-  8200K .......... .......... .......... .......... .......... 15% 47.3M 1s
-  8250K .......... .......... .......... .......... .......... 15%  119M 1s
-  8300K .......... .......... .......... .......... .......... 15%  192M 1s
-  8350K .......... .......... .......... .......... .......... 15%  241M 1s
-  8400K .......... .......... .......... .......... .......... 15% 65.7M 1s
-  8450K .......... .......... .......... .......... .......... 15% 67.0M 1s
-  8500K .......... .......... .......... .......... .......... 16% 63.9M 1s
-  8550K .......... .......... .......... .......... .......... 16% 62.1M 1s
-  8600K .......... .......... .......... .......... .......... 16%  139M 1s
-  8650K .......... .......... .......... .......... .......... 16%  243M 1s
-  8700K .......... .......... .......... .......... .......... 16% 94.0M 1s
-  8750K .......... .......... .......... .......... .......... 16% 48.1M 1s
-  8800K .......... .......... .......... .......... .......... 16% 48.2M 1s
-  8850K .......... .......... .......... .......... .......... 16% 74.6M 1s
-  8900K .......... .......... .......... .......... .......... 16%  244M 1s
-  8950K .......... .......... .......... .......... .......... 16%  246M 1s
-  9000K .......... .......... .......... .......... .......... 16%  216M 1s
-  9050K .......... .......... .......... .......... .......... 17%  249M 1s
-  9100K .......... .......... .......... .......... .......... 17%  236M 1s
-  9150K .......... .......... .......... .......... .......... 17%  257M 1s
-  9200K .......... .......... .......... .......... .......... 17%  228M 1s
-  9250K .......... .......... .......... .......... .......... 17%  257M 1s
-  9300K .......... .......... .......... .......... .......... 17%  222M 1s
-  9350K .......... .......... .......... .......... .......... 17%  109M 1s
-  9400K .......... .......... .......... .......... .......... 17% 69.3M 1s
-  9450K .......... .......... .......... .......... .......... 17% 47.9M 1s
-  9500K .......... .......... .......... .......... .......... 17% 57.4M 1s
-  9550K .......... .......... .......... .......... .......... 17% 46.0M 1s
-  9600K .......... .......... .......... .......... .......... 18% 58.7M 1s
-  9650K .......... .......... .......... .......... .......... 18% 86.9M 1s
-  9700K .......... .......... .......... .......... .......... 18%  217M 1s
-  9750K .......... .......... .......... .......... .......... 18% 40.7M 1s
-  9800K .......... .......... .......... .......... .......... 18% 67.5M 1s
-  9850K .......... .......... .......... .......... .......... 18% 52.6M 1s
-  9900K .......... .......... .......... .......... .......... 18% 55.4M 1s
-  9950K .......... .......... .......... .......... .......... 18% 86.3M 1s
- 10000K .......... .......... .......... .......... .......... 18%  230M 1s
- 10050K .......... .......... .......... .......... .......... 18%  255M 1s
- 10100K .......... .......... .......... .......... .......... 19%  225M 1s
- 10150K .......... .......... .......... .......... .......... 19%  230M 1s
- 10200K .......... .......... .......... .......... .......... 19%  131M 1s
- 10250K .......... .......... .......... .......... .......... 19% 29.9M 1s
- 10300K .......... .......... .......... .......... .......... 19%  198M 1s
- 10350K .......... .......... .......... .......... .......... 19% 46.9M 1s
- 10400K .......... .......... .......... .......... .......... 19% 51.4M 1s
- 10450K .......... .......... .......... .......... .......... 19% 66.7M 1s
- 10500K .......... .......... .......... .......... .......... 19% 52.8M 1s
- 10550K .......... .......... .......... .......... .......... 19% 53.1M 1s
- 10600K .......... .......... .......... .......... .......... 19% 51.2M 1s
- 10650K .......... .......... .......... .......... .......... 20%  211M 1s
- 10700K .......... .......... .......... .......... .......... 20%  202M 1s
- 10750K .......... .......... .......... .......... .......... 20%  244M 1s
- 10800K .......... .......... .......... .......... .......... 20%  256M 1s
- 10850K .......... .......... .......... .......... .......... 20%  255M 1s
- 10900K .......... .......... .......... .......... .......... 20%  216M 1s
- 10950K .......... .......... .......... .......... .......... 20%  207M 1s
- 11000K .......... .......... .......... .......... .......... 20%  245M 1s
- 11050K .......... .......... .......... .......... .......... 20%  221M 1s
- 11100K .......... .......... .......... .......... .......... 20% 28.0M 1s
- 11150K .......... .......... .......... .......... .......... 20% 62.8M 1s
- 11200K .......... .......... .......... .......... .......... 21% 69.5M 1s
- 11250K .......... .......... .......... .......... .......... 21% 50.7M 1s
- 11300K .......... .......... .......... .......... .......... 21% 58.4M 1s
- 11350K .......... .......... .......... .......... .......... 21% 46.5M 1s
- 11400K .......... .......... .......... .......... .......... 21%  125M 1s
- 11450K .......... .......... .......... .......... .......... 21% 80.2M 1s
- 11500K .......... .......... .......... .......... .......... 21%  199M 1s
- 11550K .......... .......... .......... .......... .......... 21% 54.6M 1s
- 11600K .......... .......... .......... .......... .......... 21%  213M 1s
- 11650K .......... .......... .......... .......... .......... 21% 41.4M 1s
- 11700K .......... .......... .......... .......... .......... 22% 49.8M 1s
- 11750K .......... .......... .......... .......... .......... 22% 56.3M 1s
- 11800K .......... .......... .......... .......... .......... 22%  206M 1s
- 11850K .......... .......... .......... .......... .......... 22%  256M 1s
- 11900K .......... .......... .......... .......... .......... 22%  217M 1s
- 11950K .......... .......... .......... .......... .......... 22%  248M 1s
- 12000K .......... .......... .......... .......... .......... 22% 44.9M 1s
- 12050K .......... .......... .......... .......... .......... 22% 54.7M 1s
- 12100K .......... .......... .......... .......... .......... 22%  203M 1s
- 12150K .......... .......... .......... .......... .......... 22% 35.8M 1s
- 12200K .......... .......... .......... .......... .......... 22% 50.1M 1s
- 12250K .......... .......... .......... .......... .......... 23%  113M 1s
- 12300K .......... .......... .......... .......... .......... 23% 44.7M 1s
- 12350K .......... .......... .......... .......... .......... 23% 50.7M 1s
- 12400K .......... .......... .......... .......... .......... 23%  108M 1s
- 12450K .......... .......... .......... .......... .......... 23%  246M 1s
- 12500K .......... .......... .......... .......... .......... 23%  223M 1s
- 12550K .......... .......... .......... .......... .......... 23%  243M 1s
- 12600K .......... .......... .......... .......... .......... 23% 49.8M 1s
- 12650K .......... .......... .......... .......... .......... 23%  192M 1s
- 12700K .......... .......... .......... .......... .......... 23% 35.4M 1s
- 12750K .......... .......... .......... .......... .......... 23% 53.6M 1s
- 12800K .......... .......... .......... .......... .......... 24% 84.4M 1s
- 12850K .......... .......... .......... .......... .......... 24%  131M 1s
- 12900K .......... .......... .......... .......... .......... 24%  228M 1s
- 12950K .......... .......... .......... .......... .......... 24%  249M 1s
- 13000K .......... .......... .......... .......... .......... 24% 32.7M 1s
- 13050K .......... .......... .......... .......... .......... 24% 46.9M 1s
- 13100K .......... .......... .......... .......... .......... 24% 67.6M 1s
- 13150K .......... .......... .......... .......... .......... 24%  248M 1s
- 13200K .......... .......... .......... .......... .......... 24%  257M 1s
- 13250K .......... .......... .......... .......... .......... 24% 28.2M 1s
- 13300K .......... .......... .......... .......... .......... 24% 97.5M 1s
- 13350K .......... .......... .......... .......... .......... 25%  240M 1s
- 13400K .......... .......... .......... .......... .......... 25%  230M 1s
- 13450K .......... .......... .......... .......... .......... 25%  225M 1s
- 13500K .......... .......... .......... .......... .......... 25%  210M 1s
- 13550K .......... .......... .......... .......... .......... 25%  254M 1s
- 13600K .......... .......... .......... .......... .......... 25%  246M 1s
- 13650K .......... .......... .......... .......... .......... 25% 15.4M 1s
- 13700K .......... .......... .......... .......... .......... 25%  212M 1s
- 13750K .......... .......... .......... .......... .......... 25%  250M 1s
- 13800K .......... .......... .......... .......... .......... 25% 57.7M 1s
- 13850K .......... .......... .......... .......... .......... 26% 52.2M 1s
- 13900K .......... .......... .......... .......... .......... 26% 56.4M 1s
- 13950K .......... .......... .......... .......... .......... 26%  165M 1s
- 14000K .......... .......... .......... .......... .......... 26%  252M 1s
- 14050K .......... .......... .......... .......... .......... 26%  240M 1s
- 14100K .......... .......... .......... .......... .......... 26% 44.2M 1s
- 14150K .......... .......... .......... .......... .......... 26%  223M 1s
- 14200K .......... .......... .......... .......... .......... 26%  237M 1s
- 14250K .......... .......... .......... .......... .......... 26%  256M 1s
- 14300K .......... .......... .......... .......... .......... 26%  220M 1s
- 14350K .......... .......... .......... .......... .......... 26%  239M 1s
- 14400K .......... .......... .......... .......... .......... 27%  239M 1s
- 14450K .......... .......... .......... .......... .......... 27%  241M 1s
- 14500K .......... .......... .......... .......... .......... 27%  214M 1s
- 14550K .......... .......... .......... .......... .......... 27%  243M 1s
- 14600K .......... .......... .......... .......... .......... 27%  187M 1s
- 14650K .......... .......... .......... .......... .......... 27%  229M 1s
- 14700K .......... .......... .......... .......... .......... 27% 12.5M 1s
- 14750K .......... .......... .......... .......... .......... 27% 57.5M 1s
- 14800K .......... .......... .......... .......... .......... 27% 57.3M 1s
- 14850K .......... .......... .......... .......... .......... 27% 53.9M 1s
- 14900K .......... .......... .......... .......... .......... 27% 89.3M 1s
- 14950K .......... .......... .......... .......... .......... 28%  241M 1s
- 15000K .......... .......... .......... .......... .......... 28% 78.7M 1s
- 15050K .......... .......... .......... .......... .......... 28% 59.1M 1s
- 15100K .......... .......... .......... .......... .......... 28% 44.1M 1s
- 15150K .......... .......... .......... .......... .......... 28% 50.2M 1s
- 15200K .......... .......... .......... .......... .......... 28%  100M 1s
- 15250K .......... .......... .......... .......... .......... 28%  241M 1s
- 15300K .......... .......... .......... .......... .......... 28%  197M 1s
- 15350K .......... .......... .......... .......... .......... 28%  255M 1s
- 15400K .......... .......... .......... .......... .......... 28%  252M 1s
- 15450K .......... .......... .......... .......... .......... 29%  256M 1s
- 15500K .......... .......... .......... .......... .......... 29%  195M 1s
- 15550K .......... .......... .......... .......... .......... 29% 31.6M 1s
- 15600K .......... .......... .......... .......... .......... 29%  238M 1s
- 15650K .......... .......... .......... .......... .......... 29% 31.3M 1s
- 15700K .......... .......... .......... .......... .......... 29% 45.8M 1s
- 15750K .......... .......... .......... .......... .......... 29%  115M 1s
- 15800K .......... .......... .......... .......... .......... 29% 53.0M 1s
- 15850K .......... .......... .......... .......... .......... 29% 53.0M 1s
- 15900K .......... .......... .......... .......... .......... 29% 51.3M 1s
- 15950K .......... .......... .......... .......... .......... 29% 50.3M 1s
- 16000K .......... .......... .......... .......... .......... 30%  206M 1s
- 16050K .......... .......... .......... .......... .......... 30%  242M 1s
- 16100K .......... .......... .......... .......... .......... 30% 37.8M 1s
- 16150K .......... .......... .......... .......... .......... 30%  229M 1s
- 16200K .......... .......... .......... .......... .......... 30%  216M 1s
- 16250K .......... .......... .......... .......... .......... 30%  249M 1s
- 16300K .......... .......... .......... .......... .......... 30% 94.4M 1s
- 16350K .......... .......... .......... .......... .......... 30% 28.3M 1s
- 16400K .......... .......... .......... .......... .......... 30% 47.8M 1s
- 16450K .......... .......... .......... .......... .......... 30% 49.4M 1s
- 16500K .......... .......... .......... .......... .......... 30%  142M 1s
- 16550K .......... .......... .......... .......... .......... 31%  174M 1s
- 16600K .......... .......... .......... .......... .......... 31%  187M 1s
- 16650K .......... .......... .......... .......... .......... 31%  217M 1s
- 16700K .......... .......... .......... .......... .......... 31%  193M 1s
- 16750K .......... .......... .......... .......... .......... 31%  204M 1s
- 16800K .......... .......... .......... .......... .......... 31%  102M 1s
- 16850K .......... .......... .......... .......... .......... 31%  119M 1s
- 16900K .......... .......... .......... .......... .......... 31% 92.3M 1s
- 16950K .......... .......... .......... .......... .......... 31%  138M 1s
- 17000K .......... .......... .......... .......... .......... 31%  253M 1s
- 17050K .......... .......... .......... .......... .......... 32%  248M 1s
- 17100K .......... .......... .......... .......... .......... 32%  199M 1s
- 17150K .......... .......... .......... .......... .......... 32%  245M 1s
- 17200K .......... .......... .......... .......... .......... 32%  257M 1s
- 17250K .......... .......... .......... .......... .......... 32%  257M 1s
- 17300K .......... .......... .......... .......... .......... 32%  223M 1s
- 17350K .......... .......... .......... .......... .......... 32%  185M 1s
- 17400K .......... .......... .......... .......... .......... 32%  129M 1s
- 17450K .......... .......... .......... .......... .......... 32%  122M 1s
- 17500K .......... .......... .......... .......... .......... 32%  101M 1s
- 17550K .......... .......... .......... .......... .......... 32%  150M 1s
- 17600K .......... .......... .......... .......... .......... 33%  151M 1s
- 17650K .......... .......... .......... .......... .......... 33%  166M 1s
- 17700K .......... .......... .......... .......... .......... 33%  158M 1s
- 17750K .......... .......... .......... .......... .......... 33%  166M 1s
- 17800K .......... .......... .......... .......... .......... 33%  152M 1s
- 17850K .......... .......... .......... .......... .......... 33%  154M 1s
- 17900K .......... .......... .......... .......... .......... 33% 88.2M 1s
- 17950K .......... .......... .......... .......... .......... 33%  122M 1s
- 18000K .......... .......... .......... .......... .......... 33%  118M 1s
- 18050K .......... .......... .......... .......... .......... 33%  136M 1s
- 18100K .......... .......... .......... .......... .......... 33%  115M 1s
- 18150K .......... .......... .......... .......... .......... 34%  119M 1s
- 18200K .......... .......... .......... .......... .......... 34%  173M 1s
- 18250K .......... .......... .......... .......... .......... 34%  170M 1s
- 18300K .......... .......... .......... .......... .......... 34%  155M 1s
- 18350K .......... .......... .......... .......... .......... 34%  239M 1s
- 18400K .......... .......... .......... .......... .......... 34%  247M 1s
- 18450K .......... .......... .......... .......... .......... 34%  197M 1s
- 18500K .......... .......... .......... .......... .......... 34%  107M 1s
- 18550K .......... .......... .......... .......... .......... 34%  149M 0s
- 18600K .......... .......... .......... .......... .......... 34%  153M 0s
- 18650K .......... .......... .......... .......... .......... 35%  131M 0s
- 18700K .......... .......... .......... .......... .......... 35%  106M 0s
- 18750K .......... .......... .......... .......... .......... 35%  129M 0s
- 18800K .......... .......... .......... .......... .......... 35%  163M 0s
- 18850K .......... .......... .......... .......... .......... 35%  166M 0s
- 18900K .......... .......... .......... .......... .......... 35%  147M 0s
- 18950K .......... .......... .......... .......... .......... 35%  164M 0s
- 19000K .......... .......... .......... .......... .......... 35%  155M 0s
- 19050K .......... .......... .......... .......... .......... 35%  228M 0s
- 19100K .......... .......... .......... .......... .......... 35%  168M 0s
- 19150K .......... .......... .......... .......... .......... 35%  147M 0s
- 19200K .......... .......... .......... .......... .......... 36%  128M 0s
- 19250K .......... .......... .......... .......... .......... 36%  132M 0s
- 19300K .......... .......... .......... .......... .......... 36%  125M 0s
- 19350K .......... .......... .......... .......... .......... 36%  137M 0s
- 19400K .......... .......... .......... .......... .......... 36%  120M 0s
- 19450K .......... .......... .......... .......... .......... 36%  114M 0s
- 19500K .......... .......... .......... .......... .......... 36%  110M 0s
- 19550K .......... .......... .......... .......... .......... 36%  118M 0s
- 19600K .......... .......... .......... .......... .......... 36%  146M 0s
- 19650K .......... .......... .......... .......... .......... 36%  161M 0s
- 19700K .......... .......... .......... .......... .......... 36%  154M 0s
- 19750K .......... .......... .......... .......... .......... 37%  161M 0s
- 19800K .......... .......... .......... .......... .......... 37%  174M 0s
- 19850K .......... .......... .......... .......... .......... 37%  141M 0s
- 19900K .......... .......... .......... .......... .......... 37%  111M 0s
- 19950K .......... .......... .......... .......... .......... 37%  188M 0s
- 20000K .......... .......... .......... .......... .......... 37%  249M 0s
- 20050K .......... .......... .......... .......... .......... 37%  231M 0s
- 20100K .......... .......... .......... .......... .......... 37%  200M 0s
- 20150K .......... .......... .......... .......... .......... 37%  220M 0s
- 20200K .......... .......... .......... .......... .......... 37%  144M 0s
- 20250K .......... .......... .......... .......... .......... 38%  152M 0s
- 20300K .......... .......... .......... .......... .......... 38%  107M 0s
- 20350K .......... .......... .......... .......... .......... 38%  237M 0s
- 20400K .......... .......... .......... .......... .......... 38%  255M 0s
- 20450K .......... .......... .......... .......... .......... 38%  214M 0s
- 20500K .......... .......... .......... .......... .......... 38%  103M 0s
- 20550K .......... .......... .......... .......... .......... 38%  142M 0s
- 20600K .......... .......... .......... .......... .......... 38%  111M 0s
- 20650K .......... .......... .......... .......... .......... 38%  149M 0s
- 20700K .......... .......... .......... .......... .......... 38%  141M 0s
- 20750K .......... .......... .......... .......... .......... 38%  120M 0s
- 20800K .......... .......... .......... .......... .......... 39%  154M 0s
- 20850K .......... .......... .......... .......... .......... 39%  129M 0s
- 20900K .......... .......... .......... .......... .......... 39%  143M 0s
- 20950K .......... .......... .......... .......... .......... 39%  162M 0s
- 21000K .......... .......... .......... .......... .......... 39%  174M 0s
- 21050K .......... .......... .......... .......... .......... 39%  140M 0s
- 21100K .......... .......... .......... .......... .......... 39%  202M 0s
- 21150K .......... .......... .......... .......... .......... 39%  168M 0s
- 21200K .......... .......... .......... .......... .......... 39%  110M 0s
- 21250K .......... .......... .......... .......... .......... 39% 99.2M 0s
- 21300K .......... .......... .......... .......... .......... 39%  129M 0s
- 21350K .......... .......... .......... .......... .......... 40%  164M 0s
- 21400K .......... .......... .......... .......... .......... 40%  140M 0s
- 21450K .......... .......... .......... .......... .......... 40%  106M 0s
- 21500K .......... .......... .......... .......... .......... 40%  135M 0s
- 21550K .......... .......... .......... .......... .......... 40%  150M 0s
- 21600K .......... .......... .......... .......... .......... 40%  149M 0s
- 21650K .......... .......... .......... .......... .......... 40%  158M 0s
- 21700K .......... .......... .......... .......... .......... 40%  171M 0s
- 21750K .......... .......... .......... .......... .......... 40%  152M 0s
- 21800K .......... .......... .......... .......... .......... 40%  147M 0s
- 21850K .......... .......... .......... .......... .......... 41%  115M 0s
- 21900K .......... .......... .......... .......... .......... 41%  125M 0s
- 21950K .......... .......... .......... .......... .......... 41%  163M 0s
- 22000K .......... .......... .......... .......... .......... 41%  108M 0s
- 22050K .......... .......... .......... .......... .......... 41%  131M 0s
- 22100K .......... .......... .......... .......... .......... 41%  172M 0s
- 22150K .......... .......... .......... .......... .......... 41%  140M 0s
- 22200K .......... .......... .......... .......... .......... 41%  146M 0s
- 22250K .......... .......... .......... .......... .......... 41%  138M 0s
- 22300K .......... .......... .......... .......... .......... 41%  167M 0s
- 22350K .......... .......... .......... .......... .......... 41%  215M 0s
- 22400K .......... .......... .......... .......... .......... 42%  234M 0s
- 22450K .......... .......... .......... .......... .......... 42%  233M 0s
- 22500K .......... .......... .......... .......... .......... 42%  183M 0s
- 22550K .......... .......... .......... .......... .......... 42%  245M 0s
- 22600K .......... .......... .......... .......... .......... 42%  238M 0s
- 22650K .......... .......... .......... .......... .......... 42%  213M 0s
- 22700K .......... .......... .......... .......... .......... 42%  235M 0s
- 22750K .......... .......... .......... .......... .......... 42%  207M 0s
- 22800K .......... .......... .......... .......... .......... 42%  196M 0s
- 22850K .......... .......... .......... .......... .......... 42%  132M 0s
- 22900K .......... .......... .......... .......... .......... 42%  146M 0s
- 22950K .......... .......... .......... .......... .......... 43%  119M 0s
- 23000K .......... .......... .......... .......... .......... 43%  121M 0s
- 23050K .......... .......... .......... .......... .......... 43%  119M 0s
- 23100K .......... .......... .......... .......... .......... 43%  198M 0s
- 23150K .......... .......... .......... .......... .......... 43%  191M 0s
- 23200K .......... .......... .......... .......... .......... 43%  143M 0s
- 23250K .......... .......... .......... .......... .......... 43%  130M 0s
- 23300K .......... .......... .......... .......... .......... 43%  126M 0s
- 23350K .......... .......... .......... .......... .......... 43%  137M 0s
- 23400K .......... .......... .......... .......... .......... 43%  174M 0s
- 23450K .......... .......... .......... .......... .......... 44%  200M 0s
- 23500K .......... .......... .......... .......... .......... 44%  142M 0s
- 23550K .......... .......... .......... .......... .......... 44%  121M 0s
- 23600K .......... .......... .......... .......... .......... 44%  130M 0s
- 23650K .......... .......... .......... .......... .......... 44%  144M 0s
- 23700K .......... .......... .......... .......... .......... 44%  158M 0s
- 23750K .......... .......... .......... .......... .......... 44%  172M 0s
- 23800K .......... .......... .......... .......... .......... 44%  161M 0s
- 23850K .......... .......... .......... .......... .......... 44%  139M 0s
- 23900K .......... .......... .......... .......... .......... 44%  143M 0s
- 23950K .......... .......... .......... .......... .......... 44%  130M 0s
- 24000K .......... .......... .......... .......... .......... 45%  136M 0s
- 24050K .......... .......... .......... .......... .......... 45%  121M 0s
- 24100K .......... .......... .......... .......... .......... 45%  114M 0s
- 24150K .......... .......... .......... .......... .......... 45%  137M 0s
- 24200K .......... .......... .......... .......... .......... 45%  149M 0s
- 24250K .......... .......... .......... .......... .......... 45%  108M 0s
- 24300K .......... .......... .......... .......... .......... 45%  151M 0s
- 24350K .......... .......... .......... .......... .......... 45%  181M 0s
- 24400K .......... .......... .......... .......... .......... 45%  236M 0s
- 24450K .......... .......... .......... .......... .......... 45%  220M 0s
- 24500K .......... .......... .......... .......... .......... 45%  193M 0s
- 24550K .......... .......... .......... .......... .......... 46%  157M 0s
- 24600K .......... .......... .......... .......... .......... 46%  172M 0s
- 24650K .......... .......... .......... .......... .......... 46%  116M 0s
- 24700K .......... .......... .......... .......... .......... 46%  148M 0s
- 24750K .......... .......... .......... .......... .......... 46%  168M 0s
- 24800K .......... .......... .......... .......... .......... 46%  151M 0s
- 24850K .......... .......... .......... .......... .......... 46%  130M 0s
- 24900K .......... .......... .......... .......... .......... 46%  158M 0s
- 24950K .......... .......... .......... .......... .......... 46%  121M 0s
- 25000K .......... .......... .......... .......... .......... 46%  134M 0s
- 25050K .......... .......... .......... .......... .......... 47%  113M 0s
- 25100K .......... .......... .......... .......... .......... 47%  141M 0s
- 25150K .......... .......... .......... .......... .......... 47%  146M 0s
- 25200K .......... .......... .......... .......... .......... 47%  192M 0s
- 25250K .......... .......... .......... .......... .......... 47%  205M 0s
- 25300K .......... .......... .......... .......... .......... 47%  169M 0s
- 25350K .......... .......... .......... .......... .......... 47%  176M 0s
- 25400K .......... .......... .......... .......... .......... 47%  251M 0s
- 25450K .......... .......... .......... .......... .......... 47%  257M 0s
- 25500K .......... .......... .......... .......... .......... 47%  260M 0s
- 25550K .......... .......... .......... .......... .......... 47%  201M 0s
- 25600K .......... .......... .......... .......... .......... 48%  155M 0s
- 25650K .......... .......... .......... .......... .......... 48%  114M 0s
- 25700K .......... .......... .......... .......... .......... 48%  125M 0s
- 25750K .......... .......... .......... .......... .......... 48%  124M 0s
- 25800K .......... .......... .......... .......... .......... 48%  145M 0s
- 25850K .......... .......... .......... .......... .......... 48%  149M 0s
- 25900K .......... .......... .......... .......... .......... 48%  138M 0s
- 25950K .......... .......... .......... .......... .......... 48%  113M 0s
- 26000K .......... .......... .......... .......... .......... 48%  150M 0s
- 26050K .......... .......... .......... .......... .......... 48%  169M 0s
- 26100K .......... .......... .......... .......... .......... 48%  163M 0s
- 26150K .......... .......... .......... .......... .......... 49%  152M 0s
- 26200K .......... .......... .......... .......... .......... 49%  155M 0s
- 26250K .......... .......... .......... .......... .......... 49%  132M 0s
- 26300K .......... .......... .......... .......... .......... 49%  145M 0s
- 26350K .......... .......... .......... .......... .......... 49%  120M 0s
- 26400K .......... .......... .......... .......... .......... 49%  130M 0s
- 26450K .......... .......... .......... .......... .......... 49%  135M 0s
- 26500K .......... .......... .......... .......... .......... 49%  224M 0s
- 26550K .......... .......... .......... .......... .......... 49%  224M 0s
- 26600K .......... .......... .......... .......... .......... 49%  202M 0s
- 26650K .......... .......... .......... .......... .......... 49%  148M 0s
- 26700K .......... .......... .......... .......... .......... 50%  172M 0s
- 26750K .......... .......... .......... .......... .......... 50%  140M 0s
- 26800K .......... .......... .......... .......... .......... 50%  157M 0s
- 26850K .......... .......... .......... .......... .......... 50%  183M 0s
- 26900K .......... .......... .......... .......... .......... 50%  161M 0s
- 26950K .......... .......... .......... .......... .......... 50%  165M 0s
- 27000K .......... .......... .......... .......... .......... 50%  153M 0s
- 27050K .......... .......... .......... .......... .......... 50%  135M 0s
- 27100K .......... .......... .......... .......... .......... 50%  130M 0s
- 27150K .......... .......... .......... .......... .......... 50%  116M 0s
- 27200K .......... .......... .......... .......... .......... 51%  143M 0s
- 27250K .......... .......... .......... .......... .......... 51%  183M 0s
- 27300K .......... .......... .......... .......... .......... 51%  147M 0s
- 27350K .......... .......... .......... .......... .......... 51%  123M 0s
- 27400K .......... .......... .......... .......... .......... 51%  106M 0s
- 27450K .......... .......... .......... .......... .......... 51%  121M 0s
- 27500K .......... .......... .......... .......... .......... 51%  128M 0s
- 27550K .......... .......... .......... .......... .......... 51%  127M 0s
- 27600K .......... .......... .......... .......... .......... 51%  160M 0s
- 27650K .......... .......... .......... .......... .......... 51%  161M 0s
- 27700K .......... .......... .......... .......... .......... 51%  171M 0s
- 27750K .......... .......... .......... .......... .......... 52%  152M 0s
- 27800K .......... .......... .......... .......... .......... 52%  174M 0s
- 27850K .......... .......... .......... .......... .......... 52%  148M 0s
- 27900K .......... .......... .......... .......... .......... 52%  130M 0s
- 27950K .......... .......... .......... .......... .......... 52%  121M 0s
- 28000K .......... .......... .......... .......... .......... 52%  137M 0s
- 28050K .......... .......... .......... .......... .......... 52%  125M 0s
- 28100K .......... .......... .......... .......... .......... 52%  132M 0s
- 28150K .......... .......... .......... .......... .......... 52%  121M 0s
- 28200K .......... .......... .......... .......... .......... 52%  189M 0s
- 28250K .......... .......... .......... .......... .......... 52%  237M 0s
- 28300K .......... .......... .......... .......... .......... 53%  257M 0s
- 28350K .......... .......... .......... .......... .......... 53%  212M 0s
- 28400K .......... .......... .......... .......... .......... 53%  216M 0s
- 28450K .......... .......... .......... .......... .......... 53%  225M 0s
- 28500K .......... .......... .......... .......... .......... 53%  229M 0s
- 28550K .......... .......... .......... .......... .......... 53%  200M 0s
- 28600K .......... .......... .......... .......... .......... 53%  149M 0s
- 28650K .......... .......... .......... .......... .......... 53%  167M 0s
- 28700K .......... .......... .......... .......... .......... 53%  140M 0s
- 28750K .......... .......... .......... .......... .......... 53%  116M 0s
- 28800K .......... .......... .......... .......... .......... 54%  148M 0s
- 28850K .......... .......... .......... .......... .......... 54%  171M 0s
- 28900K .......... .......... .......... .......... .......... 54%  168M 0s
- 28950K .......... .......... .......... .......... .......... 54%  166M 0s
- 29000K .......... .......... .......... .......... .......... 54%  177M 0s
- 29050K .......... .......... .......... .......... .......... 54%  206M 0s
- 29100K .......... .......... .......... .......... .......... 54%  149M 0s
- 29150K .......... .......... .......... .......... .......... 54%  109M 0s
- 29200K .......... .......... .......... .......... .......... 54%  145M 0s
- 29250K .......... .......... .......... .......... .......... 54%  142M 0s
- 29300K .......... .......... .......... .......... .......... 54%  148M 0s
- 29350K .......... .......... .......... .......... .......... 55%  152M 0s
- 29400K .......... .......... .......... .......... .......... 55%  167M 0s
- 29450K .......... .......... .......... .......... .......... 55%  157M 0s
- 29500K .......... .......... .......... .......... .......... 55%  139M 0s
- 29550K .......... .......... .......... .......... .......... 55%  101M 0s
- 29600K .......... .......... .......... .......... .......... 55%  140M 0s
- 29650K .......... .......... .......... .......... .......... 55%  144M 0s
- 29700K .......... .......... .......... .......... .......... 55%  157M 0s
- 29750K .......... .......... .......... .......... .......... 55%  152M 0s
- 29800K .......... .......... .......... .......... .......... 55%  187M 0s
- 29850K .......... .......... .......... .......... .......... 55%  160M 0s
- 29900K .......... .......... .......... .......... .......... 56%  164M 0s
- 29950K .......... .......... .......... .......... .......... 56%  122M 0s
- 30000K .......... .......... .......... .......... .......... 56%  128M 0s
- 30050K .......... .......... .......... .......... .......... 56%  149M 0s
- 30100K .......... .......... .......... .......... .......... 56%  156M 0s
- 30150K .......... .......... .......... .......... .......... 56%  112M 0s
- 30200K .......... .......... .......... .......... .......... 56%  140M 0s
- 30250K .......... .......... .......... .......... .......... 56%  132M 0s
- 30300K .......... .......... .......... .......... .......... 56%  147M 0s
- 30350K .......... .......... .......... .......... .......... 56% 81.8M 0s
- 30400K .......... .......... .......... .......... .......... 57%  181M 0s
- 30450K .......... .......... .......... .......... .......... 57%  216M 0s
- 30500K .......... .......... .......... .......... .......... 57%  212M 0s
- 30550K .......... .......... .......... .......... .......... 57%  196M 0s
- 30600K .......... .......... .......... .......... .......... 57%  176M 0s
- 30650K .......... .......... .......... .......... .......... 57%  137M 0s
- 30700K .......... .......... .......... .......... .......... 57%  140M 0s
- 30750K .......... .......... .......... .......... .......... 57%  178M 0s
- 30800K .......... .......... .......... .......... .......... 57%  252M 0s
- 30850K .......... .......... .......... .......... .......... 57%  251M 0s
- 30900K .......... .......... .......... .......... .......... 57%  263M 0s
- 30950K .......... .......... .......... .......... .......... 58%  158M 0s
- 31000K .......... .......... .......... .......... .......... 58%  138M 0s
- 31050K .......... .......... .......... .......... .......... 58%  117M 0s
- 31100K .......... .......... .......... .......... .......... 58%  172M 0s
- 31150K .......... .......... .......... .......... .......... 58%  113M 0s
- 31200K .......... .......... .......... .......... .......... 58%  137M 0s
- 31250K .......... .......... .......... .......... .......... 58%  159M 0s
- 31300K .......... .......... .......... .......... .......... 58%  160M 0s
- 31350K .......... .......... .......... .......... .......... 58%  145M 0s
- 31400K .......... .......... .......... .......... .......... 58%  161M 0s
- 31450K .......... .......... .......... .......... .......... 58%  170M 0s
- 31500K .......... .......... .......... .......... .......... 59%  128M 0s
- 31550K .......... .......... .......... .......... .......... 59%  108M 0s
- 31600K .......... .......... .......... .......... .......... 59%  124M 0s
- 31650K .......... .......... .......... .......... .......... 59%  103M 0s
- 31700K .......... .......... .......... .......... .......... 59%  130M 0s
- 31750K .......... .......... .......... .......... .......... 59%  117M 0s
- 31800K .......... .......... .......... .......... .......... 59%  146M 0s
- 31850K .......... .......... .......... .......... .......... 59%  151M 0s
- 31900K .......... .......... .......... .......... .......... 59%  161M 0s
- 31950K .......... .......... .......... .......... .......... 59%  136M 0s
- 32000K .......... .......... .......... .......... .......... 60%  152M 0s
- 32050K .......... .......... .......... .......... .......... 60%  131M 0s
- 32100K .......... .......... .......... .......... .......... 60%  121M 0s
- 32150K .......... .......... .......... .......... .......... 60%  119M 0s
- 32200K .......... .......... .......... .......... .......... 60%  116M 0s
- 32250K .......... .......... .......... .......... .......... 60%  165M 0s
- 32300K .......... .......... .......... .......... .......... 60%  210M 0s
- 32350K .......... .......... .......... .......... .......... 60%  195M 0s
- 32400K .......... .......... .......... .......... .......... 60%  223M 0s
- 32450K .......... .......... .......... .......... .......... 60%  152M 0s
- 32500K .......... .......... .......... .......... .......... 60%  147M 0s
- 32550K .......... .......... .......... .......... .......... 61%  109M 0s
- 32600K .......... .......... .......... .......... .......... 61%  138M 0s
- 32650K .......... .......... .......... .......... .......... 61%  171M 0s
- 32700K .......... .......... .......... .......... .......... 61%  171M 0s
- 32750K .......... .......... .......... .......... .......... 61%  124M 0s
- 32800K .......... .......... .......... .......... .......... 61%  129M 0s
- 32850K .......... .......... .......... .......... .......... 61%  135M 0s
- 32900K .......... .......... .......... .......... .......... 61%  133M 0s
- 32950K .......... .......... .......... .......... .......... 61%  129M 0s
- 33000K .......... .......... .......... .......... .......... 61%  175M 0s
- 33050K .......... .......... .......... .......... .......... 61%  172M 0s
- 33100K .......... .......... .......... .......... .......... 62%  195M 0s
- 33150K .......... .......... .......... .......... .......... 62%  131M 0s
- 33200K .......... .......... .......... .......... .......... 62%  135M 0s
- 33250K .......... .......... .......... .......... .......... 62%  139M 0s
- 33300K .......... .......... .......... .......... .......... 62%  135M 0s
- 33350K .......... .......... .......... .......... .......... 62%  124M 0s
- 33400K .......... .......... .......... .......... .......... 62%  157M 0s
- 33450K .......... .......... .......... .......... .......... 62%  153M 0s
- 33500K .......... .......... .......... .......... .......... 62%  163M 0s
- 33550K .......... .......... .......... .......... .......... 62%  136M 0s
- 33600K .......... .......... .......... .......... .......... 63%  178M 0s
- 33650K .......... .......... .......... .......... .......... 63%  139M 0s
- 33700K .......... .......... .......... .......... .......... 63%  133M 0s
- 33750K .......... .......... .......... .......... .......... 63%  141M 0s
- 33800K .......... .......... .......... .......... .......... 63%  229M 0s
- 33850K .......... .......... .......... .......... .......... 63%  243M 0s
- 33900K .......... .......... .......... .......... .......... 63%  233M 0s
- 33950K .......... .......... .......... .......... .......... 63%  143M 0s
- 34000K .......... .......... .......... .......... .......... 63%  137M 0s
- 34050K .......... .......... .......... .......... .......... 63%  137M 0s
- 34100K .......... .......... .......... .......... .......... 63%  163M 0s
- 34150K .......... .......... .......... .......... .......... 64%  153M 0s
- 34200K .......... .......... .......... .......... .......... 64%  175M 0s
- 34250K .......... .......... .......... .......... .......... 64%  181M 0s
+     0K .......... .......... .......... .......... ..........  0% 4.48M 12s
+    50K .......... .......... .......... .......... ..........  0% 4.66M 11s
+   100K .......... .......... .......... .......... ..........  0% 26.6M 8s
+   150K .......... .......... .......... .......... ..........  0% 22.5M 7s
+   200K .......... .......... .......... .......... ..........  0% 8.06M 7s
+   250K .......... .......... .......... .......... ..........  0% 35.5M 6s
+   300K .......... .......... .......... .......... ..........  0% 39.3M 5s
+   350K .......... .......... .......... .......... ..........  0% 26.2M 5s
+   400K .......... .......... .......... .......... ..........  0% 55.5M 4s
+   450K .......... .......... .......... .......... ..........  0% 59.6M 4s
+   500K .......... .......... .......... .......... ..........  1% 11.0M 4s
+   550K .......... .......... .......... .......... ..........  1% 28.3M 4s
+   600K .......... .......... .......... .......... ..........  1%  234M 4s
+   650K .......... .......... .......... .......... ..........  1% 50.6M 3s
+   700K .......... .......... .......... .......... ..........  1% 88.7M 3s
+   750K .......... .......... .......... .......... ..........  1% 63.9M 3s
+   800K .......... .......... .......... .......... ..........  1% 86.6M 3s
+   850K .......... .......... .......... .......... ..........  1%  218M 3s
+   900K .......... .......... .......... .......... ..........  1% 30.6M 3s
+   950K .......... .......... .......... .......... ..........  1% 91.9M 3s
+  1000K .......... .......... .......... .......... ..........  1%  225M 2s
+  1050K .......... .......... .......... .......... ..........  2%  238M 2s
+  1100K .......... .......... .......... .......... ..........  2% 15.5M 2s
+  1150K .......... .......... .......... .......... ..........  2% 42.9M 2s
+  1200K .......... .......... .......... .......... ..........  2% 60.2M 2s
+  1250K .......... .......... .......... .......... ..........  2%  234M 2s
+  1300K .......... .......... .......... .......... ..........  2%  172M 2s
+  1350K .......... .......... .......... .......... ..........  2%  128M 2s
+  1400K .......... .......... .......... .......... ..........  2%  142M 2s
+  1450K .......... .......... .......... .......... ..........  2%  121M 2s
+  1500K .......... .......... .......... .......... ..........  2%  147M 2s
+  1550K .......... .......... .......... .......... ..........  2% 91.5M 2s
+  1600K .......... .......... .......... .......... ..........  3%  169M 2s
+  1650K .......... .......... .......... .......... ..........  3%  162M 2s
+  1700K .......... .......... .......... .......... ..........  3%  203M 2s
+  1750K .......... .......... .......... .......... ..........  3%  209M 2s
+  1800K .......... .......... .......... .......... ..........  3%  156M 2s
+  1850K .......... .......... .......... .......... ..........  3%  202M 2s
+  1900K .......... .......... .......... .......... ..........  3%  168M 2s
+  1950K .......... .......... .......... .......... ..........  3%  160M 2s
+  2000K .......... .......... .......... .......... ..........  3%  210M 1s
+  2050K .......... .......... .......... .......... ..........  3%  171M 1s
+  2100K .......... .......... .......... .......... ..........  4%  123M 1s
+  2150K .......... .......... .......... .......... ..........  4%  193M 1s
+  2200K .......... .......... .......... .......... ..........  4% 19.1M 1s
+  2250K .......... .......... .......... .......... ..........  4%  202M 1s
+  2300K .......... .......... .......... .......... ..........  4%  222M 1s
+  2350K .......... .......... .......... .......... ..........  4% 42.3M 1s
+  2400K .......... .......... .......... .......... ..........  4%  243M 1s
+  2450K .......... .......... .......... .......... ..........  4% 82.6M 1s
+  2500K .......... .......... .......... .......... ..........  4% 45.2M 1s
+  2550K .......... .......... .......... .......... ..........  4%  190M 1s
+  2600K .......... .......... .......... .......... ..........  4%  122M 1s
+  2650K .......... .......... .......... .......... ..........  5% 62.9M 1s
+  2700K .......... .......... .......... .......... ..........  5% 30.0M 1s
+  2750K .......... .......... .......... .......... ..........  5% 48.8M 1s
+  2800K .......... .......... .......... .......... ..........  5%  191M 1s
+  2850K .......... .......... .......... .......... ..........  5%  223M 1s
+  2900K .......... .......... .......... .......... ..........  5%  240M 1s
+  2950K .......... .......... .......... .......... ..........  5%  204M 1s
+  3000K .......... .......... .......... .......... ..........  5%  253M 1s
+  3050K .......... .......... .......... .......... ..........  5%  238M 1s
+  3100K .......... .......... .......... .......... ..........  5%  252M 1s
+  3150K .......... .......... .......... .......... ..........  5% 53.8M 1s
+  3200K .......... .......... .......... .......... ..........  6% 39.0M 1s
+  3250K .......... .......... .......... .......... ..........  6% 68.9M 1s
+  3300K .......... .......... .......... .......... ..........  6% 21.6M 1s
+  3350K .......... .......... .......... .......... ..........  6% 41.1M 1s
+  3400K .......... .......... .......... .......... ..........  6% 69.1M 1s
+  3450K .......... .......... .......... .......... ..........  6%  131M 1s
+  3500K .......... .......... .......... .......... ..........  6%  143M 1s
+  3550K .......... .......... .......... .......... ..........  6%  197M 1s
+  3600K .......... .......... .......... .......... ..........  6% 55.6M 1s
+  3650K .......... .......... .......... .......... ..........  6% 80.4M 1s
+  3700K .......... .......... .......... .......... ..........  7% 92.2M 1s
+  3750K .......... .......... .......... .......... ..........  7% 30.1M 1s
+  3800K .......... .......... .......... .......... ..........  7% 63.9M 1s
+  3850K .......... .......... .......... .......... ..........  7%  120M 1s
+  3900K .......... .......... .......... .......... ..........  7%  250M 1s
+  3950K .......... .......... .......... .......... ..........  7% 27.1M 1s
+  4000K .......... .......... .......... .......... ..........  7% 64.7M 1s
+  4050K .......... .......... .......... .......... ..........  7%  108M 1s
+  4100K .......... .......... .......... .......... ..........  7%  172M 1s
+  4150K .......... .......... .......... .......... ..........  7%  220M 1s
+  4200K .......... .......... .......... .......... ..........  7%  259M 1s
+  4250K .......... .......... .......... .......... ..........  8%  225M 1s
+  4300K .......... .......... .......... .......... ..........  8%  246M 1s
+  4350K .......... .......... .......... .......... ..........  8%  133M 1s
+  4400K .......... .......... .......... .......... ..........  8% 51.4M 1s
+  4450K .......... .......... .......... .......... ..........  8% 24.0M 1s
+  4500K .......... .......... .......... .......... ..........  8%  120M 1s
+  4550K .......... .......... .......... .......... ..........  8% 86.6M 1s
+  4600K .......... .......... .......... .......... ..........  8% 72.7M 1s
+  4650K .......... .......... .......... .......... ..........  8% 67.4M 1s
+  4700K .......... .......... .......... .......... ..........  8% 65.4M 1s
+  4750K .......... .......... .......... .......... ..........  8% 54.9M 1s
+  4800K .......... .......... .......... .......... ..........  9%  101M 1s
+  4850K .......... .......... .......... .......... ..........  9%  215M 1s
+  4900K .......... .......... .......... .......... ..........  9%  229M 1s
+  4950K .......... .......... .......... .......... ..........  9%  169M 1s
+  5000K .......... .......... .......... .......... ..........  9%  175M 1s
+  5050K .......... .......... .......... .......... ..........  9%  240M 1s
+  5100K .......... .......... .......... .......... ..........  9% 18.4M 1s
+  5150K .......... .......... .......... .......... ..........  9% 78.5M 1s
+  5200K .......... .......... .......... .......... ..........  9% 92.4M 1s
+  5250K .......... .......... .......... .......... ..........  9% 60.1M 1s
+  5300K .......... .......... .......... .......... .......... 10% 76.5M 1s
+  5350K .......... .......... .......... .......... .......... 10%  134M 1s
+  5400K .......... .......... .......... .......... .......... 10%  253M 1s
+  5450K .......... .......... .......... .......... .......... 10%  244M 1s
+  5500K .......... .......... .......... .......... .......... 10% 27.7M 1s
+  5550K .......... .......... .......... .......... .......... 10%  116M 1s
+  5600K .......... .......... .......... .......... .......... 10%  248M 1s
+  5650K .......... .......... .......... .......... .......... 10% 73.7M 1s
+  5700K .......... .......... .......... .......... .......... 10%  237M 1s
+  5750K .......... .......... .......... .......... .......... 10%  161M 1s
+  5800K .......... .......... .......... .......... .......... 10%  224M 1s
+  5850K .......... .......... .......... .......... .......... 11%  242M 1s
+  5900K .......... .......... .......... .......... .......... 11%  177M 1s
+  5950K .......... .......... .......... .......... .......... 11%  209M 1s
+  6000K .......... .......... .......... .......... .......... 11%  238M 1s
+  6050K .......... .......... .......... .......... .......... 11%  252M 1s
+  6100K .......... .......... .......... .......... .......... 11% 41.3M 1s
+  6150K .......... .......... .......... .......... .......... 11% 60.3M 1s
+  6200K .......... .......... .......... .......... .......... 11% 70.6M 1s
+  6250K .......... .......... .......... .......... .......... 11% 68.5M 1s
+  6300K .......... .......... .......... .......... .......... 11% 83.9M 1s
+  6350K .......... .......... .......... .......... .......... 11% 63.6M 1s
+  6400K .......... .......... .......... .......... .......... 12%  250M 1s
+  6450K .......... .......... .......... .......... .......... 12%  207M 1s
+  6500K .......... .......... .......... .......... .......... 12% 80.0M 1s
+  6550K .......... .......... .......... .......... .......... 12% 63.0M 1s
+  6600K .......... .......... .......... .......... .......... 12% 64.5M 1s
+  6650K .......... .......... .......... .......... .......... 12% 79.7M 1s
+  6700K .......... .......... .......... .......... .......... 12% 88.1M 1s
+  6750K .......... .......... .......... .......... .......... 12% 60.7M 1s
+  6800K .......... .......... .......... .......... .......... 12%  168M 1s
+  6850K .......... .......... .......... .......... .......... 12%  252M 1s
+  6900K .......... .......... .......... .......... .......... 13%  258M 1s
+  6950K .......... .......... .......... .......... .......... 13% 29.0M 1s
+  7000K .......... .......... .......... .......... .......... 13% 60.8M 1s
+  7050K .......... .......... .......... .......... .......... 13% 82.0M 1s
+  7100K .......... .......... .......... .......... .......... 13%  152M 1s
+  7150K .......... .......... .......... .......... .......... 13%  213M 1s
+  7200K .......... .......... .......... .......... .......... 13%  143M 1s
+  7250K .......... .......... .......... .......... .......... 13% 69.4M 1s
+  7300K .......... .......... .......... .......... .......... 13%  143M 1s
+  7350K .......... .......... .......... .......... .......... 13%  185M 1s
+  7400K .......... .......... .......... .......... .......... 13%  254M 1s
+  7450K .......... .......... .......... .......... .......... 14%  252M 1s
+  7500K .......... .......... .......... .......... .......... 14%  234M 1s
+  7550K .......... .......... .......... .......... .......... 14%  205M 1s
+  7600K .......... .......... .......... .......... .......... 14% 87.3M 1s
+  7650K .......... .......... .......... .......... .......... 14% 73.8M 1s
+  7700K .......... .......... .......... .......... .......... 14% 77.3M 1s
+  7750K .......... .......... .......... .......... .......... 14% 47.7M 1s
+  7800K .......... .......... .......... .......... .......... 14% 71.9M 1s
+  7850K .......... .......... .......... .......... .......... 14% 59.5M 1s
+  7900K .......... .......... .......... .......... .......... 14% 75.2M 1s
+  7950K .......... .......... .......... .......... .......... 14%  180M 1s
+  8000K .......... .......... .......... .......... .......... 15%  226M 1s
+  8050K .......... .......... .......... .......... .......... 15% 92.2M 1s
+  8100K .......... .......... .......... .......... .......... 15% 63.3M 1s
+  8150K .......... .......... .......... .......... .......... 15% 48.2M 1s
+  8200K .......... .......... .......... .......... .......... 15% 97.6M 1s
+  8250K .......... .......... .......... .......... .......... 15%  250M 1s
+  8300K .......... .......... .......... .......... .......... 15%  242M 1s
+  8350K .......... .......... .......... .......... .......... 15%  212M 1s
+  8400K .......... .......... .......... .......... .......... 15% 29.2M 1s
+  8450K .......... .......... .......... .......... .......... 15% 69.4M 1s
+  8500K .......... .......... .......... .......... .......... 16% 77.2M 1s
+  8550K .......... .......... .......... .......... .......... 16% 66.2M 1s
+  8600K .......... .......... .......... .......... .......... 16%  128M 1s
+  8650K .......... .......... .......... .......... .......... 16%  242M 1s
+  8700K .......... .......... .......... .......... .......... 16%  256M 1s
+  8750K .......... .......... .......... .......... .......... 16%  208M 1s
+  8800K .......... .......... .......... .......... .......... 16%  245M 1s
+  8850K .......... .......... .......... .......... .......... 16% 32.3M 1s
+  8900K .......... .......... .......... .......... .......... 16% 35.3M 1s
+  8950K .......... .......... .......... .......... .......... 16% 47.3M 1s
+  9000K .......... .......... .......... .......... .......... 16% 49.8M 1s
+  9050K .......... .......... .......... .......... .......... 17% 68.3M 1s
+  9100K .......... .......... .......... .......... .......... 17% 69.0M 1s
+  9150K .......... .......... .......... .......... .......... 17%  125M 1s
+  9200K .......... .......... .......... .......... .......... 17%  238M 1s
+  9250K .......... .......... .......... .......... .......... 17%  244M 1s
+  9300K .......... .......... .......... .......... .......... 17% 30.1M 1s
+  9350K .......... .......... .......... .......... .......... 17% 60.3M 1s
+  9400K .......... .......... .......... .......... .......... 17% 88.8M 1s
+  9450K .......... .......... .......... .......... .......... 17%  118M 1s
+  9500K .......... .......... .......... .......... .......... 17%  100M 1s
+  9550K .......... .......... .......... .......... .......... 17%  178M 1s
+  9600K .......... .......... .......... .......... .......... 18%  143M 1s
+  9650K .......... .......... .......... .......... .......... 18%  230M 1s
+  9700K .......... .......... .......... .......... .......... 18%  190M 1s
+  9750K .......... .......... .......... .......... .......... 18% 73.6M 1s
+  9800K .......... .......... .......... .......... .......... 18% 68.4M 1s
+  9850K .......... .......... .......... .......... .......... 18% 74.5M 1s
+  9900K .......... .......... .......... .......... .......... 18%  188M 1s
+  9950K .......... .......... .......... .......... .......... 18%  209M 1s
+ 10000K .......... .......... .......... .......... .......... 18% 29.7M 1s
+ 10050K .......... .......... .......... .......... .......... 18% 69.9M 1s
+ 10100K .......... .......... .......... .......... .......... 19% 98.9M 1s
+ 10150K .......... .......... .......... .......... .......... 19% 52.1M 1s
+ 10200K .......... .......... .......... .......... .......... 19% 65.2M 1s
+ 10250K .......... .......... .......... .......... .......... 19%  134M 1s
+ 10300K .......... .......... .......... .......... .......... 19%  253M 1s
+ 10350K .......... .......... .......... .......... .......... 19%  214M 1s
+ 10400K .......... .......... .......... .......... .......... 19%  247M 1s
+ 10450K .......... .......... .......... .......... .......... 19% 36.3M 1s
+ 10500K .......... .......... .......... .......... .......... 19%  234M 1s
+ 10550K .......... .......... .......... .......... .......... 19% 50.5M 1s
+ 10600K .......... .......... .......... .......... .......... 19% 68.5M 1s
+ 10650K .......... .......... .......... .......... .......... 20% 81.2M 1s
+ 10700K .......... .......... .......... .......... .......... 20%  228M 1s
+ 10750K .......... .......... .......... .......... .......... 20%  197M 1s
+ 10800K .......... .......... .......... .......... .......... 20%  259M 1s
+ 10850K .......... .......... .......... .......... .......... 20%  257M 1s
+ 10900K .......... .......... .......... .......... .......... 20%  150M 1s
+ 10950K .......... .......... .......... .......... .......... 20% 19.0M 1s
+ 11000K .......... .......... .......... .......... .......... 20% 65.6M 1s
+ 11050K .......... .......... .......... .......... .......... 20% 78.0M 1s
+ 11100K .......... .......... .......... .......... .......... 20%  233M 1s
+ 11150K .......... .......... .......... .......... .......... 20%  201M 1s
+ 11200K .......... .......... .......... .......... .......... 21% 93.3M 1s
+ 11250K .......... .......... .......... .......... .......... 21% 59.0M 1s
+ 11300K .......... .......... .......... .......... .......... 21% 90.4M 1s
+ 11350K .......... .......... .......... .......... .......... 21%  225M 1s
+ 11400K .......... .......... .......... .......... .......... 21%  254M 1s
+ 11450K .......... .......... .......... .......... .......... 21%  257M 1s
+ 11500K .......... .......... .......... .......... .......... 21% 23.7M 1s
+ 11550K .......... .......... .......... .......... .......... 21% 59.0M 1s
+ 11600K .......... .......... .......... .......... .......... 21% 76.7M 1s
+ 11650K .......... .......... .......... .......... .......... 21% 56.0M 1s
+ 11700K .......... .......... .......... .......... .......... 22% 76.0M 1s
+ 11750K .......... .......... .......... .......... .......... 22%  115M 1s
+ 11800K .......... .......... .......... .......... .......... 22%  246M 1s
+ 11850K .......... .......... .......... .......... .......... 22% 84.7M 1s
+ 11900K .......... .......... .......... .......... .......... 22%  157M 1s
+ 11950K .......... .......... .......... .......... .......... 22%  215M 1s
+ 12000K .......... .......... .......... .......... .......... 22%  214M 1s
+ 12050K .......... .......... .......... .......... .......... 22% 36.1M 1s
+ 12100K .......... .......... .......... .......... .......... 22% 83.4M 1s
+ 12150K .......... .......... .......... .......... .......... 22% 51.6M 1s
+ 12200K .......... .......... .......... .......... .......... 22% 70.0M 1s
+ 12250K .......... .......... .......... .......... .......... 23%  125M 1s
+ 12300K .......... .......... .......... .......... .......... 23%  207M 1s
+ 12350K .......... .......... .......... .......... .......... 23%  147M 1s
+ 12400K .......... .......... .......... .......... .......... 23%  175M 1s
+ 12450K .......... .......... .......... .......... .......... 23%  256M 1s
+ 12500K .......... .......... .......... .......... .......... 23% 59.2M 1s
+ 12550K .......... .......... .......... .......... .......... 23%  173M 1s
+ 12600K .......... .......... .......... .......... .......... 23% 29.0M 1s
+ 12650K .......... .......... .......... .......... .......... 23% 71.9M 1s
+ 12700K .......... .......... .......... .......... .......... 23% 55.8M 1s
+ 12750K .......... .......... .......... .......... .......... 23%  113M 1s
+ 12800K .......... .......... .......... .......... .......... 24% 70.2M 1s
+ 12850K .......... .......... .......... .......... .......... 24%  183M 1s
+ 12900K .......... .......... .......... .......... .......... 24%  258M 1s
+ 12950K .......... .......... .......... .......... .......... 24%  133M 1s
+ 13000K .......... .......... .......... .......... .......... 24%  253M 1s
+ 13050K .......... .......... .......... .......... .......... 24%  255M 1s
+ 13100K .......... .......... .......... .......... .......... 24%  219M 1s
+ 13150K .......... .......... .......... .......... .......... 24% 46.9M 1s
+ 13200K .......... .......... .......... .......... .......... 24% 44.6M 1s
+ 13250K .......... .......... .......... .......... .......... 24%  232M 1s
+ 13300K .......... .......... .......... .......... .......... 24% 37.9M 1s
+ 13350K .......... .......... .......... .......... .......... 25% 62.3M 1s
+ 13400K .......... .......... .......... .......... .......... 25% 80.0M 1s
+ 13450K .......... .......... .......... .......... .......... 25%  103M 1s
+ 13500K .......... .......... .......... .......... .......... 25% 86.2M 1s
+ 13550K .......... .......... .......... .......... .......... 25% 96.2M 1s
+ 13600K .......... .......... .......... .......... .......... 25%  215M 1s
+ 13650K .......... .......... .......... .......... .......... 25%  207M 1s
+ 13700K .......... .......... .......... .......... .......... 25%  199M 1s
+ 13750K .......... .......... .......... .......... .......... 25%  200M 1s
+ 13800K .......... .......... .......... .......... .......... 25%  208M 1s
+ 13850K .......... .......... .......... .......... .......... 26%  211M 1s
+ 13900K .......... .......... .......... .......... .......... 26%  196M 1s
+ 13950K .......... .......... .......... .......... .......... 26%  175M 1s
+ 14000K .......... .......... .......... .......... .......... 26%  211M 1s
+ 14050K .......... .......... .......... .......... .......... 26%  204M 1s
+ 14100K .......... .......... .......... .......... .......... 26%  179M 1s
+ 14150K .......... .......... .......... .......... .......... 26%  184M 1s
+ 14200K .......... .......... .......... .......... .......... 26%  224M 1s
+ 14250K .......... .......... .......... .......... .......... 26%  189M 1s
+ 14300K .......... .......... .......... .......... .......... 26%  230M 1s
+ 14350K .......... .......... .......... .......... .......... 26%  169M 1s
+ 14400K .......... .......... .......... .......... .......... 27%  202M 1s
+ 14450K .......... .......... .......... .......... .......... 27%  208M 1s
+ 14500K .......... .......... .......... .......... .......... 27%  247M 1s
+ 14550K .......... .......... .......... .......... .......... 27%  196M 1s
+ 14600K .......... .......... .......... .......... .......... 27%  252M 1s
+ 14650K .......... .......... .......... .......... .......... 27%  256M 1s
+ 14700K .......... .......... .......... .......... .......... 27%  245M 1s
+ 14750K .......... .......... .......... .......... .......... 27%  202M 1s
+ 14800K .......... .......... .......... .......... .......... 27%  230M 1s
+ 14850K .......... .......... .......... .......... .......... 27%  248M 1s
+ 14900K .......... .......... .......... .......... .......... 27%  223M 1s
+ 14950K .......... .......... .......... .......... .......... 28%  162M 1s
+ 15000K .......... .......... .......... .......... .......... 28%  172M 1s
+ 15050K .......... .......... .......... .......... .......... 28%  194M 1s
+ 15100K .......... .......... .......... .......... .......... 28%  182M 1s
+ 15150K .......... .......... .......... .......... .......... 28%  149M 1s
+ 15200K .......... .......... .......... .......... .......... 28%  210M 1s
+ 15250K .......... .......... .......... .......... .......... 28%  209M 1s
+ 15300K .......... .......... .......... .......... .......... 28%  203M 1s
+ 15350K .......... .......... .......... .......... .......... 28%  175M 1s
+ 15400K .......... .......... .......... .......... .......... 28%  210M 1s
+ 15450K .......... .......... .......... .......... .......... 29%  219M 1s
+ 15500K .......... .......... .......... .......... .......... 29%  208M 1s
+ 15550K .......... .......... .......... .......... .......... 29%  169M 1s
+ 15600K .......... .......... .......... .......... .......... 29%  204M 0s
+ 15650K .......... .......... .......... .......... .......... 29%  207M 0s
+ 15700K .......... .......... .......... .......... .......... 29%  186M 0s
+ 15750K .......... .......... .......... .......... .......... 29%  177M 0s
+ 15800K .......... .......... .......... .......... .......... 29%  189M 0s
+ 15850K .......... .......... .......... .......... .......... 29%  224M 0s
+ 15900K .......... .......... .......... .......... .......... 29%  196M 0s
+ 15950K .......... .......... .......... .......... .......... 29%  156M 0s
+ 16000K .......... .......... .......... .......... .......... 30%  211M 0s
+ 16050K .......... .......... .......... .......... .......... 30%  232M 0s
+ 16100K .......... .......... .......... .......... .......... 30%  197M 0s
+ 16150K .......... .......... .......... .......... .......... 30%  184M 0s
+ 16200K .......... .......... .......... .......... .......... 30%  207M 0s
+ 16250K .......... .......... .......... .......... .......... 30%  208M 0s
+ 16300K .......... .......... .......... .......... .......... 30%  195M 0s
+ 16350K .......... .......... .......... .......... .......... 30%  158M 0s
+ 16400K .......... .......... .......... .......... .......... 30%  217M 0s
+ 16450K .......... .......... .......... .......... .......... 30%  188M 0s
+ 16500K .......... .......... .......... .......... .......... 30%  204M 0s
+ 16550K .......... .......... .......... .......... .......... 31%  178M 0s
+ 16600K .......... .......... .......... .......... .......... 31%  199M 0s
+ 16650K .......... .......... .......... .......... .......... 31%  197M 0s
+ 16700K .......... .......... .......... .......... .......... 31%  221M 0s
+ 16750K .......... .......... .......... .......... .......... 31%  195M 0s
+ 16800K .......... .......... .......... .......... .......... 31%  209M 0s
+ 16850K .......... .......... .......... .......... .......... 31%  203M 0s
+ 16900K .......... .......... .......... .......... .......... 31%  198M 0s
+ 16950K .......... .......... .......... .......... .......... 31%  184M 0s
+ 17000K .......... .......... .......... .......... .......... 31%  186M 0s
+ 17050K .......... .......... .......... .......... .......... 32%  183M 0s
+ 17100K .......... .......... .......... .......... .......... 32%  198M 0s
+ 17150K .......... .......... .......... .......... .......... 32%  190M 0s
+ 17200K .......... .......... .......... .......... .......... 32%  206M 0s
+ 17250K .......... .......... .......... .......... .......... 32%  222M 0s
+ 17300K .......... .......... .......... .......... .......... 32%  234M 0s
+ 17350K .......... .......... .......... .......... .......... 32%  229M 0s
+ 17400K .......... .......... .......... .......... .......... 32%  218M 0s
+ 17450K .......... .......... .......... .......... .......... 32%  169M 0s
+ 17500K .......... .......... .......... .......... .......... 32%  212M 0s
+ 17550K .......... .......... .......... .......... .......... 32%  203M 0s
+ 17600K .......... .......... .......... .......... .......... 33%  196M 0s
+ 17650K .......... .......... .......... .......... .......... 33%  181M 0s
+ 17700K .......... .......... .......... .......... .......... 33%  214M 0s
+ 17750K .......... .......... .......... .......... .......... 33%  195M 0s
+ 17800K .......... .......... .......... .......... .......... 33%  174M 0s
+ 17850K .......... .......... .......... .......... .......... 33%  238M 0s
+ 17900K .......... .......... .......... .......... .......... 33%  203M 0s
+ 17950K .......... .......... .......... .......... .......... 33%  216M 0s
+ 18000K .......... .......... .......... .......... .......... 33%  201M 0s
+ 18050K .......... .......... .......... .......... .......... 33%  204M 0s
+ 18100K .......... .......... .......... .......... .......... 33%  154M 0s
+ 18150K .......... .......... .......... .......... .......... 34%  157M 0s
+ 18200K .......... .......... .......... .......... .......... 34%  171M 0s
+ 18250K .......... .......... .......... .......... .......... 34%  187M 0s
+ 18300K .......... .......... .......... .......... .......... 34%  185M 0s
+ 18350K .......... .......... .......... .......... .......... 34%  159M 0s
+ 18400K .......... .......... .......... .......... .......... 34%  222M 0s
+ 18450K .......... .......... .......... .......... .......... 34%  211M 0s
+ 18500K .......... .......... .......... .......... .......... 34%  199M 0s
+ 18550K .......... .......... .......... .......... .......... 34%  170M 0s
+ 18600K .......... .......... .......... .......... .......... 34%  180M 0s
+ 18650K .......... .......... .......... .......... .......... 35%  203M 0s
+ 18700K .......... .......... .......... .......... .......... 35%  223M 0s
+ 18750K .......... .......... .......... .......... .......... 35%  175M 0s
+ 18800K .......... .......... .......... .......... .......... 35%  209M 0s
+ 18850K .......... .......... .......... .......... .......... 35%  213M 0s
+ 18900K .......... .......... .......... .......... .......... 35%  194M 0s
+ 18950K .......... .......... .......... .......... .......... 35%  153M 0s
+ 19000K .......... .......... .......... .......... .......... 35%  204M 0s
+ 19050K .......... .......... .......... .......... .......... 35%  176M 0s
+ 19100K .......... .......... .......... .......... .......... 35%  230M 0s
+ 19150K .......... .......... .......... .......... .......... 35%  184M 0s
+ 19200K .......... .......... .......... .......... .......... 36%  225M 0s
+ 19250K .......... .......... .......... .......... .......... 36%  212M 0s
+ 19300K .......... .......... .......... .......... .......... 36%  215M 0s
+ 19350K .......... .......... .......... .......... .......... 36%  194M 0s
+ 19400K .......... .......... .......... .......... .......... 36%  249M 0s
+ 19450K .......... .......... .......... .......... .......... 36%  232M 0s
+ 19500K .......... .......... .......... .......... .......... 36%  219M 0s
+ 19550K .......... .......... .......... .......... .......... 36%  226M 0s
+ 19600K .......... .......... .......... .......... .......... 36%  229M 0s
+ 19650K .......... .......... .......... .......... .......... 36%  205M 0s
+ 19700K .......... .......... .......... .......... .......... 36%  217M 0s
+ 19750K .......... .......... .......... .......... .......... 37%  164M 0s
+ 19800K .......... .......... .......... .......... .......... 37%  179M 0s
+ 19850K .......... .......... .......... .......... .......... 37%  183M 0s
+ 19900K .......... .......... .......... .......... .......... 37%  182M 0s
+ 19950K .......... .......... .......... .......... .......... 37%  144M 0s
+ 20000K .......... .......... .......... .......... .......... 37%  177M 0s
+ 20050K .......... .......... .......... .......... .......... 37%  187M 0s
+ 20100K .......... .......... .......... .......... .......... 37%  208M 0s
+ 20150K .......... .......... .......... .......... .......... 37%  181M 0s
+ 20200K .......... .......... .......... .......... .......... 37%  199M 0s
+ 20250K .......... .......... .......... .......... .......... 38%  223M 0s
+ 20300K .......... .......... .......... .......... .......... 38%  196M 0s
+ 20350K .......... .......... .......... .......... .......... 38%  168M 0s
+ 20400K .......... .......... .......... .......... .......... 38%  206M 0s
+ 20450K .......... .......... .......... .......... .......... 38%  224M 0s
+ 20500K .......... .......... .......... .......... .......... 38%  192M 0s
+ 20550K .......... .......... .......... .......... .......... 38%  177M 0s
+ 20600K .......... .......... .......... .......... .......... 38%  223M 0s
+ 20650K .......... .......... .......... .......... .......... 38%  196M 0s
+ 20700K .......... .......... .......... .......... .......... 38%  198M 0s
+ 20750K .......... .......... .......... .......... .......... 38%  154M 0s
+ 20800K .......... .......... .......... .......... .......... 39%  199M 0s
+ 20850K .......... .......... .......... .......... .......... 39%  218M 0s
+ 20900K .......... .......... .......... .......... .......... 39%  240M 0s
+ 20950K .......... .......... .......... .......... .......... 39%  221M 0s
+ 21000K .......... .......... .......... .......... .......... 39%  203M 0s
+ 21050K .......... .......... .......... .......... .......... 39%  187M 0s
+ 21100K .......... .......... .......... .......... .......... 39%  178M 0s
+ 21150K .......... .......... .......... .......... .......... 39%  142M 0s
+ 21200K .......... .......... .......... .......... .......... 39%  209M 0s
+ 21250K .......... .......... .......... .......... .......... 39%  194M 0s
+ 21300K .......... .......... .......... .......... .......... 39%  195M 0s
+ 21350K .......... .......... .......... .......... .......... 40%  170M 0s
+ 21400K .......... .......... .......... .......... .......... 40%  200M 0s
+ 21450K .......... .......... .......... .......... .......... 40%  211M 0s
+ 21500K .......... .......... .......... .......... .......... 40%  216M 0s
+ 21550K .......... .......... .......... .......... .......... 40%  153M 0s
+ 21600K .......... .......... .......... .......... .......... 40%  207M 0s
+ 21650K .......... .......... .......... .......... .......... 40%  213M 0s
+ 21700K .......... .......... .......... .......... .......... 40%  177M 0s
+ 21750K .......... .......... .......... .......... .......... 40%  201M 0s
+ 21800K .......... .......... .......... .......... .......... 40%  227M 0s
+ 21850K .......... .......... .......... .......... .......... 41%  206M 0s
+ 21900K .......... .......... .......... .......... .......... 41%  172M 0s
+ 21950K .......... .......... .......... .......... .......... 41%  188M 0s
+ 22000K .......... .......... .......... .......... .......... 41%  205M 0s
+ 22050K .......... .......... .......... .......... .......... 41%  223M 0s
+ 22100K .......... .......... .......... .......... .......... 41%  181M 0s
+ 22150K .......... .......... .......... .......... .......... 41%  196M 0s
+ 22200K .......... .......... .......... .......... .......... 41%  207M 0s
+ 22250K .......... .......... .......... .......... .......... 41%  201M 0s
+ 22300K .......... .......... .......... .......... .......... 41%  191M 0s
+ 22350K .......... .......... .......... .......... .......... 41%  208M 0s
+ 22400K .......... .......... .......... .......... .......... 42%  195M 0s
+ 22450K .......... .......... .......... .......... .......... 42%  211M 0s
+ 22500K .......... .......... .......... .......... .......... 42%  180M 0s
+ 22550K .......... .......... .......... .......... .......... 42%  190M 0s
+ 22600K .......... .......... .......... .......... .......... 42%  216M 0s
+ 22650K .......... .......... .......... .......... .......... 42%  212M 0s
+ 22700K .......... .......... .......... .......... .......... 42%  171M 0s
+ 22750K .......... .......... .......... .......... .......... 42%  190M 0s
+ 22800K .......... .......... .......... .......... .......... 42%  198M 0s
+ 22850K .......... .......... .......... .......... .......... 42%  220M 0s
+ 22900K .......... .......... .......... .......... .......... 42%  187M 0s
+ 22950K .......... .......... .......... .......... .......... 43%  184M 0s
+ 23000K .......... .......... .......... .......... .......... 43%  192M 0s
+ 23050K .......... .......... .......... .......... .......... 43%  194M 0s
+ 23100K .......... .......... .......... .......... .......... 43%  172M 0s
+ 23150K .......... .......... .......... .......... .......... 43%  192M 0s
+ 23200K .......... .......... .......... .......... .......... 43%  224M 0s
+ 23250K .......... .......... .......... .......... .......... 43%  238M 0s
+ 23300K .......... .......... .......... .......... .......... 43%  184M 0s
+ 23350K .......... .......... .......... .......... .......... 43%  221M 0s
+ 23400K .......... .......... .......... .......... .......... 43%  242M 0s
+ 23450K .......... .......... .......... .......... .......... 44%  254M 0s
+ 23500K .......... .......... .......... .......... .......... 44%  206M 0s
+ 23550K .......... .......... .......... .......... .......... 44%  248M 0s
+ 23600K .......... .......... .......... .......... .......... 44%  227M 0s
+ 23650K .......... .......... .......... .......... .......... 44%  233M 0s
+ 23700K .......... .......... .......... .......... .......... 44%  222M 0s
+ 23750K .......... .......... .......... .......... .......... 44%  234M 0s
+ 23800K .......... .......... .......... .......... .......... 44%  180M 0s
+ 23850K .......... .......... .......... .......... .......... 44%  180M 0s
+ 23900K .......... .......... .......... .......... .......... 44%  167M 0s
+ 23950K .......... .......... .......... .......... .......... 44%  178M 0s
+ 24000K .......... .......... .......... .......... .......... 45%  168M 0s
+ 24050K .......... .......... .......... .......... .......... 45%  187M 0s
+ 24100K .......... .......... .......... .......... .......... 45%  157M 0s
+ 24150K .......... .......... .......... .......... .......... 45%  179M 0s
+ 24200K .......... .......... .......... .......... .......... 45%  192M 0s
+ 24250K .......... .......... .......... .......... .......... 45%  188M 0s
+ 24300K .......... .......... .......... .......... .......... 45%  160M 0s
+ 24350K .......... .......... .......... .......... .......... 45%  172M 0s
+ 24400K .......... .......... .......... .......... .......... 45%  180M 0s
+ 24450K .......... .......... .......... .......... .......... 45%  241M 0s
+ 24500K .......... .......... .......... .......... .......... 45%  181M 0s
+ 24550K .......... .......... .......... .......... .......... 46%  192M 0s
+ 24600K .......... .......... .......... .......... .......... 46%  205M 0s
+ 24650K .......... .......... .......... .......... .......... 46%  191M 0s
+ 24700K .......... .......... .......... .......... .......... 46%  175M 0s
+ 24750K .......... .......... .......... .......... .......... 46%  196M 0s
+ 24800K .......... .......... .......... .......... .......... 46%  206M 0s
+ 24850K .......... .......... .......... .......... .......... 46%  220M 0s
+ 24900K .......... .......... .......... .......... .......... 46%  183M 0s
+ 24950K .......... .......... .......... .......... .......... 46%  189M 0s
+ 25000K .......... .......... .......... .......... .......... 46%  210M 0s
+ 25050K .......... .......... .......... .......... .......... 47%  201M 0s
+ 25100K .......... .......... .......... .......... .......... 47%  165M 0s
+ 25150K .......... .......... .......... .......... .......... 47%  196M 0s
+ 25200K .......... .......... .......... .......... .......... 47%  211M 0s
+ 25250K .......... .......... .......... .......... .......... 47%  212M 0s
+ 25300K .......... .......... .......... .......... .......... 47%  177M 0s
+ 25350K .......... .......... .......... .......... .......... 47%  207M 0s
+ 25400K .......... .......... .......... .......... .......... 47%  218M 0s
+ 25450K .......... .......... .......... .......... .......... 47%  198M 0s
+ 25500K .......... .......... .......... .......... .......... 47%  169M 0s
+ 25550K .......... .......... .......... .......... .......... 47%  202M 0s
+ 25600K .......... .......... .......... .......... .......... 48%  197M 0s
+ 25650K .......... .......... .......... .......... .......... 48%  209M 0s
+ 25700K .......... .......... .......... .......... .......... 48%  192M 0s
+ 25750K .......... .......... .......... .......... .......... 48%  192M 0s
+ 25800K .......... .......... .......... .......... .......... 48%  209M 0s
+ 25850K .......... .......... .......... .......... .......... 48%  218M 0s
+ 25900K .......... .......... .......... .......... .......... 48%  147M 0s
+ 25950K .......... .......... .......... .......... .......... 48%  190M 0s
+ 26000K .......... .......... .......... .......... .......... 48%  203M 0s
+ 26050K .......... .......... .......... .......... .......... 48%  159M 0s
+ 26100K .......... .......... .......... .......... .......... 48%  170M 0s
+ 26150K .......... .......... .......... .......... .......... 49%  184M 0s
+ 26200K .......... .......... .......... .......... .......... 49%  194M 0s
+ 26250K .......... .......... .......... .......... .......... 49%  198M 0s
+ 26300K .......... .......... .......... .......... .......... 49%  181M 0s
+ 26350K .......... .......... .......... .......... .......... 49%  200M 0s
+ 26400K .......... .......... .......... .......... .......... 49%  189M 0s
+ 26450K .......... .......... .......... .......... .......... 49%  182M 0s
+ 26500K .......... .......... .......... .......... .......... 49%  168M 0s
+ 26550K .......... .......... .......... .......... .......... 49%  207M 0s
+ 26600K .......... .......... .......... .......... .......... 49%  220M 0s
+ 26650K .......... .......... .......... .......... .......... 49%  197M 0s
+ 26700K .......... .......... .......... .......... .......... 50%  168M 0s
+ 26750K .......... .......... .......... .......... .......... 50%  185M 0s
+ 26800K .......... .......... .......... .......... .......... 50%  208M 0s
+ 26850K .......... .......... .......... .......... .......... 50%  193M 0s
+ 26900K .......... .......... .......... .......... .......... 50%  187M 0s
+ 26950K .......... .......... .......... .......... .......... 50%  215M 0s
+ 27000K .......... .......... .......... .......... .......... 50%  245M 0s
+ 27050K .......... .......... .......... .......... .......... 50%  234M 0s
+ 27100K .......... .......... .......... .......... .......... 50%  181M 0s
+ 27150K .......... .......... .......... .......... .......... 50%  190M 0s
+ 27200K .......... .......... .......... .......... .......... 51%  220M 0s
+ 27250K .......... .......... .......... .......... .......... 51%  190M 0s
+ 27300K .......... .......... .......... .......... .......... 51%  181M 0s
+ 27350K .......... .......... .......... .......... .......... 51%  201M 0s
+ 27400K .......... .......... .......... .......... .......... 51%  205M 0s
+ 27450K .......... .......... .......... .......... .......... 51%  174M 0s
+ 27500K .......... .......... .......... .......... .......... 51%  155M 0s
+ 27550K .......... .......... .......... .......... .......... 51%  209M 0s
+ 27600K .......... .......... .......... .......... .......... 51%  213M 0s
+ 27650K .......... .......... .......... .......... .......... 51%  200M 0s
+ 27700K .......... .......... .......... .......... .......... 51%  223M 0s
+ 27750K .......... .......... .......... .......... .......... 52%  222M 0s
+ 27800K .......... .......... .......... .......... .......... 52%  212M 0s
+ 27850K .......... .......... .......... .......... .......... 52%  197M 0s
+ 27900K .......... .......... .......... .......... .......... 52%  173M 0s
+ 27950K .......... .......... .......... .......... .......... 52%  190M 0s
+ 28000K .......... .......... .......... .......... .......... 52%  220M 0s
+ 28050K .......... .......... .......... .......... .......... 52%  188M 0s
+ 28100K .......... .......... .......... .......... .......... 52%  169M 0s
+ 28150K .......... .......... .......... .......... .......... 52%  211M 0s
+ 28200K .......... .......... .......... .......... .......... 52%  238M 0s
+ 28250K .......... .......... .......... .......... .......... 52%  173M 0s
+ 28300K .......... .......... .......... .......... .......... 53%  168M 0s
+ 28350K .......... .......... .......... .......... .......... 53%  188M 0s
+ 28400K .......... .......... .......... .......... .......... 53%  212M 0s
+ 28450K .......... .......... .......... .......... .......... 53%  215M 0s
+ 28500K .......... .......... .......... .......... .......... 53%  188M 0s
+ 28550K .......... .......... .......... .......... .......... 53%  162M 0s
+ 28600K .......... .......... .......... .......... .......... 53%  183M 0s
+ 28650K .......... .......... .......... .......... .......... 53%  204M 0s
+ 28700K .......... .......... .......... .......... .......... 53%  151M 0s
+ 28750K .......... .......... .......... .......... .......... 53%  221M 0s
+ 28800K .......... .......... .......... .......... .......... 54%  209M 0s
+ 28850K .......... .......... .......... .......... .......... 54%  209M 0s
+ 28900K .......... .......... .......... .......... .......... 54%  178M 0s
+ 28950K .......... .......... .......... .......... .......... 54%  203M 0s
+ 29000K .......... .......... .......... .......... .......... 54%  202M 0s
+ 29050K .......... .......... .......... .......... .......... 54%  201M 0s
+ 29100K .......... .......... .......... .......... .......... 54%  180M 0s
+ 29150K .......... .......... .......... .......... .......... 54%  199M 0s
+ 29200K .......... .......... .......... .......... .......... 54%  209M 0s
+ 29250K .......... .......... .......... .......... .......... 54%  220M 0s
+ 29300K .......... .......... .......... .......... .......... 54%  198M 0s
+ 29350K .......... .......... .......... .......... .......... 55%  218M 0s
+ 29400K .......... .......... .......... .......... .......... 55%  238M 0s
+ 29450K .......... .......... .......... .......... .......... 55%  203M 0s
+ 29500K .......... .......... .......... .......... .......... 55%  181M 0s
+ 29550K .......... .......... .......... .......... .......... 55%  218M 0s
+ 29600K .......... .......... .......... .......... .......... 55%  213M 0s
+ 29650K .......... .......... .......... .......... .......... 55%  190M 0s
+ 29700K .......... .......... .......... .......... .......... 55%  188M 0s
+ 29750K .......... .......... .......... .......... .......... 55%  199M 0s
+ 29800K .......... .......... .......... .......... .......... 55%  209M 0s
+ 29850K .......... .......... .......... .......... .......... 55%  217M 0s
+ 29900K .......... .......... .......... .......... .......... 56%  148M 0s
+ 29950K .......... .......... .......... .......... .......... 56%  175M 0s
+ 30000K .......... .......... .......... .......... .......... 56%  190M 0s
+ 30050K .......... .......... .......... .......... .......... 56%  226M 0s
+ 30100K .......... .......... .......... .......... .......... 56%  223M 0s
+ 30150K .......... .......... .......... .......... .......... 56%  226M 0s
+ 30200K .......... .......... .......... .......... .......... 56%  208M 0s
+ 30250K .......... .......... .......... .......... .......... 56%  202M 0s
+ 30300K .......... .......... .......... .......... .......... 56%  168M 0s
+ 30350K .......... .......... .......... .......... .......... 56%  191M 0s
+ 30400K .......... .......... .......... .......... .......... 57%  217M 0s
+ 30450K .......... .......... .......... .......... .......... 57%  207M 0s
+ 30500K .......... .......... .......... .......... .......... 57%  168M 0s
+ 30550K .......... .......... .......... .......... .......... 57%  181M 0s
+ 30600K .......... .......... .......... .......... .......... 57%  192M 0s
+ 30650K .......... .......... .......... .......... .......... 57%  179M 0s
+ 30700K .......... .......... .......... .......... .......... 57%  157M 0s
+ 30750K .......... .......... .......... .......... .......... 57%  170M 0s
+ 30800K .......... .......... .......... .......... .......... 57%  221M 0s
+ 30850K .......... .......... .......... .......... .......... 57%  202M 0s
+ 30900K .......... .......... .......... .......... .......... 57%  181M 0s
+ 30950K .......... .......... .......... .......... .......... 58%  206M 0s
+ 31000K .......... .......... .......... .......... .......... 58%  223M 0s
+ 31050K .......... .......... .......... .......... .......... 58%  190M 0s
+ 31100K .......... .......... .......... .......... .......... 58%  142M 0s
+ 31150K .......... .......... .......... .......... .......... 58%  199M 0s
+ 31200K .......... .......... .......... .......... .......... 58%  225M 0s
+ 31250K .......... .......... .......... .......... .......... 58%  198M 0s
+ 31300K .......... .......... .......... .......... .......... 58%  236M 0s
+ 31350K .......... .......... .......... .......... .......... 58%  163M 0s
+ 31400K .......... .......... .......... .......... .......... 58%  224M 0s
+ 31450K .......... .......... .......... .......... .......... 58%  203M 0s
+ 31500K .......... .......... .......... .......... .......... 59%  212M 0s
+ 31550K .......... .......... .......... .......... .......... 59%  169M 0s
+ 31600K .......... .......... .......... .......... .......... 59%  187M 0s
+ 31650K .......... .......... .......... .......... .......... 59%  193M 0s
+ 31700K .......... .......... .......... .......... .......... 59%  242M 0s
+ 31750K .......... .......... .......... .......... .......... 59%  165M 0s
+ 31800K .......... .......... .......... .......... .......... 59%  197M 0s
+ 31850K .......... .......... .......... .......... .......... 59%  184M 0s
+ 31900K .......... .......... .......... .......... .......... 59%  207M 0s
+ 31950K .......... .......... .......... .......... .......... 59%  155M 0s
+ 32000K .......... .......... .......... .......... .......... 60%  213M 0s
+ 32050K .......... .......... .......... .......... .......... 60%  141M 0s
+ 32100K .......... .......... .......... .......... .......... 60%  175M 0s
+ 32150K .......... .......... .......... .......... .......... 60%  174M 0s
+ 32200K .......... .......... .......... .......... .......... 60%  193M 0s
+ 32250K .......... .......... .......... .......... .......... 60%  184M 0s
+ 32300K .......... .......... .......... .......... .......... 60%  162M 0s
+ 32350K .......... .......... .......... .......... .......... 60%  150M 0s
+ 32400K .......... .......... .......... .......... .......... 60%  193M 0s
+ 32450K .......... .......... .......... .......... .......... 60%  189M 0s
+ 32500K .......... .......... .......... .......... .......... 60%  206M 0s
+ 32550K .......... .......... .......... .......... .......... 61%  155M 0s
+ 32600K .......... .......... .......... .......... .......... 61%  206M 0s
+ 32650K .......... .......... .......... .......... .......... 61%  170M 0s
+ 32700K .......... .......... .......... .......... .......... 61%  205M 0s
+ 32750K .......... .......... .......... .......... .......... 61%  158M 0s
+ 32800K .......... .......... .......... .......... .......... 61%  237M 0s
+ 32850K .......... .......... .......... .......... .......... 61%  227M 0s
+ 32900K .......... .......... .......... .......... .......... 61%  247M 0s
+ 32950K .......... .......... .......... .......... .......... 61%  204M 0s
+ 33000K .......... .......... .......... .......... .......... 61%  254M 0s
+ 33050K .......... .......... .......... .......... .......... 61%  232M 0s
+ 33100K .......... .......... .......... .......... .......... 62%  223M 0s
+ 33150K .......... .......... .......... .......... .......... 62%  197M 0s
+ 33200K .......... .......... .......... .......... .......... 62%  201M 0s
+ 33250K .......... .......... .......... .......... .......... 62%  193M 0s
+ 33300K .......... .......... .......... .......... .......... 62%  196M 0s
+ 33350K .......... .......... .......... .......... .......... 62%  196M 0s
+ 33400K .......... .......... .......... .......... .......... 62%  187M 0s
+ 33450K .......... .......... .......... .......... .......... 62%  183M 0s
+ 33500K .......... .......... .......... .......... .......... 62%  182M 0s
+ 33550K .......... .......... .......... .......... .......... 62%  161M 0s
+ 33600K .......... .......... .......... .......... .......... 63%  210M 0s
+ 33650K .......... .......... .......... .......... .......... 63%  158M 0s
+ 33700K .......... .......... .......... .......... .......... 63%  183M 0s
+ 33750K .......... .......... .......... .......... .......... 63%  192M 0s
+ 33800K .......... .......... .......... .......... .......... 63%  192M 0s
+ 33850K .......... .......... .......... .......... .......... 63%  200M 0s
+ 33900K .......... .......... .......... .......... .......... 63%  205M 0s
+ 33950K .......... .......... .......... .......... .......... 63%  169M 0s
+ 34000K .......... .......... .......... .......... .......... 63%  195M 0s
+ 34050K .......... .......... .......... .......... .......... 63%  177M 0s
+ 34100K .......... .......... .......... .......... .......... 63%  187M 0s
+ 34150K .......... .......... .......... .......... .......... 64%  163M 0s
+ 34200K .......... .......... .......... .......... .......... 64%  211M 0s
+ 34250K .......... .......... .......... .......... .......... 64%  191M 0s
  34300K .......... .......... .......... .......... .......... 64%  219M 0s
- 34350K .......... .......... .......... .......... .......... 64%  192M 0s
- 34400K .......... .......... .......... .......... .......... 64%  201M 0s
- 34450K .......... .......... .......... .......... .......... 64%  110M 0s
- 34500K .......... .......... .......... .......... .......... 64%  123M 0s
- 34550K .......... .......... .......... .......... .......... 64%  137M 0s
- 34600K .......... .......... .......... .......... .......... 64%  154M 0s
- 34650K .......... .......... .......... .......... .......... 64%  138M 0s
- 34700K .......... .......... .......... .......... .......... 65%  131M 0s
- 34750K .......... .......... .......... .......... .......... 65%  122M 0s
- 34800K .......... .......... .......... .......... .......... 65%  161M 0s
- 34850K .......... .......... .......... .......... .......... 65%  157M 0s
- 34900K .......... .......... .......... .......... .......... 65%  170M 0s
- 34950K .......... .......... .......... .......... .......... 65%  139M 0s
- 35000K .......... .......... .......... .......... .......... 65%  200M 0s
- 35050K .......... .......... .......... .......... .......... 65%  137M 0s
- 35100K .......... .......... .......... .......... .......... 65%  120M 0s
- 35150K .......... .......... .......... .......... .......... 65%  130M 0s
- 35200K .......... .......... .......... .......... .......... 66%  149M 0s
- 35250K .......... .......... .......... .......... .......... 66%  137M 0s
- 35300K .......... .......... .......... .......... .......... 66%  121M 0s
- 35350K .......... .......... .......... .......... .......... 66%  111M 0s
- 35400K .......... .......... .......... .......... .......... 66%  147M 0s
- 35450K .......... .......... .......... .......... .......... 66%  152M 0s
- 35500K .......... .......... .......... .......... .......... 66%  156M 0s
- 35550K .......... .......... .......... .......... .......... 66%  172M 0s
- 35600K .......... .......... .......... .......... .......... 66%  227M 0s
- 35650K .......... .......... .......... .......... .......... 66%  240M 0s
- 35700K .......... .......... .......... .......... .......... 66%  243M 0s
- 35750K .......... .......... .......... .......... .......... 67%  164M 0s
- 35800K .......... .......... .......... .......... .......... 67%  211M 0s
- 35850K .......... .......... .......... .......... .......... 67%  164M 0s
- 35900K .......... .......... .......... .......... .......... 67%  119M 0s
- 35950K .......... .......... .......... .......... .......... 67%  117M 0s
- 36000K .......... .......... .......... .......... .......... 67%  136M 0s
- 36050K .......... .......... .......... .......... .......... 67%  131M 0s
- 36100K .......... .......... .......... .......... .......... 67%  128M 0s
- 36150K .......... .......... .......... .......... .......... 67%  119M 0s
- 36200K .......... .......... .......... .......... .......... 67%  115M 0s
- 36250K .......... .......... .......... .......... .......... 67%  107M 0s
- 36300K .......... .......... .......... .......... .......... 68%  141M 0s
- 36350K .......... .......... .......... .......... .......... 68%  194M 0s
- 36400K .......... .......... .......... .......... .......... 68%  242M 0s
- 36450K .......... .......... .......... .......... .......... 68%  160M 0s
- 36500K .......... .......... .......... .......... .......... 68%  176M 0s
- 36550K .......... .......... .......... .......... .......... 68%  118M 0s
- 36600K .......... .......... .......... .......... .......... 68%  136M 0s
- 36650K .......... .......... .......... .......... .......... 68%  172M 0s
- 36700K .......... .......... .......... .......... .......... 68%  166M 0s
- 36750K .......... .......... .......... .......... .......... 68%  111M 0s
- 36800K .......... .......... .......... .......... .......... 69%  131M 0s
- 36850K .......... .......... .......... .......... .......... 69%  153M 0s
- 36900K .......... .......... .......... .......... .......... 69%  144M 0s
- 36950K .......... .......... .......... .......... .......... 69%  148M 0s
- 37000K .......... .......... .......... .......... .......... 69%  153M 0s
- 37050K .......... .......... .......... .......... .......... 69%  123M 0s
- 37100K .......... .......... .......... .......... .......... 69%  146M 0s
- 37150K .......... .......... .......... .......... .......... 69%  188M 0s
- 37200K .......... .......... .......... .......... .......... 69%  177M 0s
- 37250K .......... .......... .......... .......... .......... 69%  146M 0s
- 37300K .......... .......... .......... .......... .......... 69%  157M 0s
- 37350K .......... .......... .......... .......... .......... 70%  156M 0s
- 37400K .......... .......... .......... .......... .......... 70%  172M 0s
- 37450K .......... .......... .......... .......... .......... 70%  129M 0s
- 37500K .......... .......... .......... .......... .......... 70%  119M 0s
- 37550K .......... .......... .......... .......... .......... 70%  134M 0s
- 37600K .......... .......... .......... .......... .......... 70%  128M 0s
- 37650K .......... .......... .......... .......... .......... 70%  122M 0s
- 37700K .......... .......... .......... .......... .......... 70%  124M 0s
- 37750K .......... .......... .......... .......... .......... 70%  114M 0s
- 37800K .......... .......... .......... .......... .......... 70%  134M 0s
- 37850K .......... .......... .......... .......... .......... 70%  132M 0s
- 37900K .......... .......... .......... .......... .......... 71%  163M 0s
- 37950K .......... .......... .......... .......... .......... 71%  144M 0s
- 38000K .......... .......... .......... .......... .......... 71%  169M 0s
- 38050K .......... .......... .......... .......... .......... 71%  172M 0s
- 38100K .......... .......... .......... .......... .......... 71%  168M 0s
- 38150K .......... .......... .......... .......... .......... 71%  187M 0s
- 38200K .......... .......... .......... .......... .......... 71%  249M 0s
- 38250K .......... .......... .......... .......... .......... 71%  247M 0s
- 38300K .......... .......... .......... .......... .......... 71%  262M 0s
- 38350K .......... .......... .......... .......... .......... 71%  203M 0s
- 38400K .......... .......... .......... .......... .......... 71%  143M 0s
- 38450K .......... .......... .......... .......... .......... 72%  122M 0s
- 38500K .......... .......... .......... .......... .......... 72%  117M 0s
- 38550K .......... .......... .......... .......... .......... 72%  102M 0s
- 38600K .......... .......... .......... .......... .......... 72%  143M 0s
- 38650K .......... .......... .......... .......... .......... 72%  121M 0s
- 38700K .......... .......... .......... .......... .......... 72%  160M 0s
- 38750K .......... .......... .......... .......... .......... 72%  122M 0s
- 38800K .......... .......... .......... .......... .......... 72%  152M 0s
- 38850K .......... .......... .......... .......... .......... 72%  175M 0s
- 38900K .......... .......... .......... .......... .......... 72%  166M 0s
- 38950K .......... .......... .......... .......... .......... 73%  139M 0s
- 39000K .......... .......... .......... .......... .......... 73%  142M 0s
- 39050K .......... .......... .......... .......... .......... 73%  153M 0s
- 39100K .......... .......... .......... .......... .......... 73%  133M 0s
- 39150K .......... .......... .......... .......... .......... 73%  136M 0s
- 39200K .......... .......... .......... .......... .......... 73%  201M 0s
- 39250K .......... .......... .......... .......... .......... 73%  118M 0s
- 39300K .......... .......... .......... .......... .......... 73%  163M 0s
- 39350K .......... .......... .......... .......... .......... 73%  141M 0s
- 39400K .......... .......... .......... .......... .......... 73%  146M 0s
- 39450K .......... .......... .......... .......... .......... 73%  133M 0s
- 39500K .......... .......... .......... .......... .......... 74%  143M 0s
- 39550K .......... .......... .......... .......... .......... 74%  131M 0s
- 39600K .......... .......... .......... .......... .......... 74%  142M 0s
- 39650K .......... .......... .......... .......... .......... 74%  159M 0s
- 39700K .......... .......... .......... .......... .......... 74%  158M 0s
- 39750K .......... .......... .......... .......... .......... 74%  148M 0s
- 39800K .......... .......... .......... .......... .......... 74%  161M 0s
- 39850K .......... .......... .......... .......... .......... 74%  147M 0s
- 39900K .......... .......... .......... .......... .......... 74%  121M 0s
- 39950K .......... .......... .......... .......... .......... 74%  124M 0s
- 40000K .......... .......... .......... .......... .......... 74%  142M 0s
- 40050K .......... .......... .......... .......... .......... 75%  102M 0s
- 40100K .......... .......... .......... .......... .......... 75%  123M 0s
- 40150K .......... .......... .......... .......... .......... 75%  110M 0s
- 40200K .......... .......... .......... .......... .......... 75%  173M 0s
- 40250K .......... .......... .......... .......... .......... 75%  259M 0s
- 40300K .......... .......... .......... .......... .......... 75%  262M 0s
- 40350K .......... .......... .......... .......... .......... 75%  157M 0s
- 40400K .......... .......... .......... .......... .......... 75%  244M 0s
- 40450K .......... .......... .......... .......... .......... 75%  232M 0s
- 40500K .......... .......... .......... .......... .......... 75%  263M 0s
- 40550K .......... .......... .......... .......... .......... 76%  221M 0s
- 40600K .......... .......... .......... .......... .......... 76%  246M 0s
- 40650K .......... .......... .......... .......... .......... 76%  254M 0s
- 40700K .......... .......... .......... .......... .......... 76%  150M 0s
- 40750K .......... .......... .......... .......... .......... 76%  112M 0s
- 40800K .......... .......... .......... .......... .......... 76%  178M 0s
- 40850K .......... .......... .......... .......... .......... 76%  192M 0s
- 40900K .......... .......... .......... .......... .......... 76%  154M 0s
- 40950K .......... .......... .......... .......... .......... 76%  228M 0s
- 41000K .......... .......... .......... .......... .......... 76%  155M 0s
- 41050K .......... .......... .......... .......... .......... 76%  156M 0s
- 41100K .......... .......... .......... .......... .......... 77%  132M 0s
- 41150K .......... .......... .......... .......... .......... 77%  115M 0s
- 41200K .......... .......... .......... .......... .......... 77%  142M 0s
- 41250K .......... .......... .......... .......... .......... 77%  144M 0s
- 41300K .......... .......... .......... .......... .......... 77%  133M 0s
- 41350K .......... .......... .......... .......... .......... 77%  103M 0s
- 41400K .......... .......... .......... .......... .......... 77%  161M 0s
- 41450K .......... .......... .......... .......... .......... 77%  133M 0s
- 41500K .......... .......... .......... .......... .......... 77%  122M 0s
- 41550K .......... .......... .......... .......... .......... 77%  130M 0s
- 41600K .......... .......... .......... .......... .......... 77%  161M 0s
- 41650K .......... .......... .......... .......... .......... 78%  179M 0s
- 41700K .......... .......... .......... .......... .......... 78%  189M 0s
- 41750K .......... .......... .......... .......... .......... 78%  127M 0s
- 41800K .......... .......... .......... .......... .......... 78%  126M 0s
- 41850K .......... .......... .......... .......... .......... 78%  139M 0s
- 41900K .......... .......... .......... .......... .......... 78%  135M 0s
- 41950K .......... .......... .......... .......... .......... 78%  102M 0s
- 42000K .......... .......... .......... .......... .......... 78%  120M 0s
- 42050K .......... .......... .......... .......... .......... 78%  139M 0s
- 42100K .......... .......... .......... .......... .......... 78%  157M 0s
- 42150K .......... .......... .......... .......... .......... 79%  124M 0s
- 42200K .......... .......... .......... .......... .......... 79%  125M 0s
- 42250K .......... .......... .......... .......... .......... 79%  233M 0s
- 42300K .......... .......... .......... .......... .......... 79%  258M 0s
- 42350K .......... .......... .......... .......... .......... 79%  168M 0s
- 42400K .......... .......... .......... .......... .......... 79%  167M 0s
+ 34350K .......... .......... .......... .......... .......... 64%  160M 0s
+ 34400K .......... .......... .......... .......... .......... 64%  146M 0s
+ 34450K .......... .......... .......... .......... .......... 64%  220M 0s
+ 34500K .......... .......... .......... .......... .......... 64%  245M 0s
+ 34550K .......... .......... .......... .......... .......... 64%  182M 0s
+ 34600K .......... .......... .......... .......... .......... 64%  191M 0s
+ 34650K .......... .......... .......... .......... .......... 64%  215M 0s
+ 34700K .......... .......... .......... .......... .......... 65%  208M 0s
+ 34750K .......... .......... .......... .......... .......... 65%  174M 0s
+ 34800K .......... .......... .......... .......... .......... 65%  209M 0s
+ 34850K .......... .......... .......... .......... .......... 65%  203M 0s
+ 34900K .......... .......... .......... .......... .......... 65%  188M 0s
+ 34950K .......... .......... .......... .......... .......... 65%  190M 0s
+ 35000K .......... .......... .......... .......... .......... 65%  196M 0s
+ 35050K .......... .......... .......... .......... .......... 65%  203M 0s
+ 35100K .......... .......... .......... .......... .......... 65%  226M 0s
+ 35150K .......... .......... .......... .......... .......... 65%  167M 0s
+ 35200K .......... .......... .......... .......... .......... 66%  198M 0s
+ 35250K .......... .......... .......... .......... .......... 66%  205M 0s
+ 35300K .......... .......... .......... .......... .......... 66%  226M 0s
+ 35350K .......... .......... .......... .......... .......... 66%  175M 0s
+ 35400K .......... .......... .......... .......... .......... 66%  214M 0s
+ 35450K .......... .......... .......... .......... .......... 66%  193M 0s
+ 35500K .......... .......... .......... .......... .......... 66%  224M 0s
+ 35550K .......... .......... .......... .......... .......... 66%  173M 0s
+ 35600K .......... .......... .......... .......... .......... 66%  212M 0s
+ 35650K .......... .......... .......... .......... .......... 66%  174M 0s
+ 35700K .......... .......... .......... .......... .......... 66%  210M 0s
+ 35750K .......... .......... .......... .......... .......... 67%  153M 0s
+ 35800K .......... .......... .......... .......... .......... 67%  199M 0s
+ 35850K .......... .......... .......... .......... .......... 67%  198M 0s
+ 35900K .......... .......... .......... .......... .......... 67%  215M 0s
+ 35950K .......... .......... .......... .......... .......... 67%  155M 0s
+ 36000K .......... .......... .......... .......... .......... 67%  186M 0s
+ 36050K .......... .......... .......... .......... .......... 67%  210M 0s
+ 36100K .......... .......... .......... .......... .......... 67%  190M 0s
+ 36150K .......... .......... .......... .......... .......... 67%  190M 0s
+ 36200K .......... .......... .......... .......... .......... 67%  232M 0s
+ 36250K .......... .......... .......... .......... .......... 67%  255M 0s
+ 36300K .......... .......... .......... .......... .......... 68%  262M 0s
+ 36350K .......... .......... .......... .......... .......... 68%  203M 0s
+ 36400K .......... .......... .......... .......... .......... 68%  250M 0s
+ 36450K .......... .......... .......... .......... .......... 68%  185M 0s
+ 36500K .......... .......... .......... .......... .......... 68%  213M 0s
+ 36550K .......... .......... .......... .......... .......... 68%  151M 0s
+ 36600K .......... .......... .......... .......... .......... 68%  198M 0s
+ 36650K .......... .......... .......... .......... .......... 68%  176M 0s
+ 36700K .......... .......... .......... .......... .......... 68%  193M 0s
+ 36750K .......... .......... .......... .......... .......... 68%  146M 0s
+ 36800K .......... .......... .......... .......... .......... 69%  177M 0s
+ 36850K .......... .......... .......... .......... .......... 69%  188M 0s
+ 36900K .......... .......... .......... .......... .......... 69%  205M 0s
+ 36950K .......... .......... .......... .......... .......... 69%  195M 0s
+ 37000K .......... .......... .......... .......... .......... 69%  178M 0s
+ 37050K .......... .......... .......... .......... .......... 69%  202M 0s
+ 37100K .......... .......... .......... .......... .......... 69%  247M 0s
+ 37150K .......... .......... .......... .......... .......... 69%  168M 0s
+ 37200K .......... .......... .......... .......... .......... 69%  190M 0s
+ 37250K .......... .......... .......... .......... .......... 69%  208M 0s
+ 37300K .......... .......... .......... .......... .......... 69%  212M 0s
+ 37350K .......... .......... .......... .......... .......... 70%  178M 0s
+ 37400K .......... .......... .......... .......... .......... 70%  198M 0s
+ 37450K .......... .......... .......... .......... .......... 70%  227M 0s
+ 37500K .......... .......... .......... .......... .......... 70%  217M 0s
+ 37550K .......... .......... .......... .......... .......... 70%  178M 0s
+ 37600K .......... .......... .......... .......... .......... 70%  198M 0s
+ 37650K .......... .......... .......... .......... .......... 70%  226M 0s
+ 37700K .......... .......... .......... .......... .......... 70%  204M 0s
+ 37750K .......... .......... .......... .......... .......... 70%  149M 0s
+ 37800K .......... .......... .......... .......... .......... 70%  187M 0s
+ 37850K .......... .......... .......... .......... .......... 70%  215M 0s
+ 37900K .......... .......... .......... .......... .......... 71%  200M 0s
+ 37950K .......... .......... .......... .......... .......... 71%  165M 0s
+ 38000K .......... .......... .......... .......... .......... 71%  201M 0s
+ 38050K .......... .......... .......... .......... .......... 71%  199M 0s
+ 38100K .......... .......... .......... .......... .......... 71%  156M 0s
+ 38150K .......... .......... .......... .......... .......... 71%  175M 0s
+ 38200K .......... .......... .......... .......... .......... 71%  174M 0s
+ 38250K .......... .......... .......... .......... .......... 71%  223M 0s
+ 38300K .......... .......... .......... .......... .......... 71%  236M 0s
+ 38350K .......... .......... .......... .......... .......... 71%  181M 0s
+ 38400K .......... .......... .......... .......... .......... 71%  180M 0s
+ 38450K .......... .......... .......... .......... .......... 72%  213M 0s
+ 38500K .......... .......... .......... .......... .......... 72%  197M 0s
+ 38550K .......... .......... .......... .......... .......... 72%  168M 0s
+ 38600K .......... .......... .......... .......... .......... 72%  183M 0s
+ 38650K .......... .......... .......... .......... .......... 72%  207M 0s
+ 38700K .......... .......... .......... .......... .......... 72%  209M 0s
+ 38750K .......... .......... .......... .......... .......... 72%  175M 0s
+ 38800K .......... .......... .......... .......... .......... 72%  198M 0s
+ 38850K .......... .......... .......... .......... .......... 72%  222M 0s
+ 38900K .......... .......... .......... .......... .......... 72%  198M 0s
+ 38950K .......... .......... .......... .......... .......... 73%  201M 0s
+ 39000K .......... .......... .......... .......... .......... 73%  201M 0s
+ 39050K .......... .......... .......... .......... .......... 73%  250M 0s
+ 39100K .......... .......... .......... .......... .......... 73%  226M 0s
+ 39150K .......... .......... .......... .......... .......... 73%  190M 0s
+ 39200K .......... .......... .......... .......... .......... 73%  218M 0s
+ 39250K .......... .......... .......... .......... .......... 73%  222M 0s
+ 39300K .......... .......... .......... .......... .......... 73%  214M 0s
+ 39350K .......... .......... .......... .......... .......... 73%  188M 0s
+ 39400K .......... .......... .......... .......... .......... 73%  246M 0s
+ 39450K .......... .......... .......... .......... .......... 73%  224M 0s
+ 39500K .......... .......... .......... .......... .......... 74%  211M 0s
+ 39550K .......... .......... .......... .......... .......... 74%  146M 0s
+ 39600K .......... .......... .......... .......... .......... 74%  180M 0s
+ 39650K .......... .......... .......... .......... .......... 74%  161M 0s
+ 39700K .......... .......... .......... .......... .......... 74%  183M 0s
+ 39750K .......... .......... .......... .......... .......... 74%  164M 0s
+ 39800K .......... .......... .......... .......... .......... 74%  207M 0s
+ 39850K .......... .......... .......... .......... .......... 74%  228M 0s
+ 39900K .......... .......... .......... .......... .......... 74%  205M 0s
+ 39950K .......... .......... .......... .......... .......... 74%  182M 0s
+ 40000K .......... .......... .......... .......... .......... 74%  194M 0s
+ 40050K .......... .......... .......... .......... .......... 75%  215M 0s
+ 40100K .......... .......... .......... .......... .......... 75%  204M 0s
+ 40150K .......... .......... .......... .......... .......... 75%  185M 0s
+ 40200K .......... .......... .......... .......... .......... 75%  211M 0s
+ 40250K .......... .......... .......... .......... .......... 75%  209M 0s
+ 40300K .......... .......... .......... .......... .......... 75%  214M 0s
+ 40350K .......... .......... .......... .......... .......... 75%  182M 0s
+ 40400K .......... .......... .......... .......... .......... 75%  164M 0s
+ 40450K .......... .......... .......... .......... .......... 75%  211M 0s
+ 40500K .......... .......... .......... .......... .......... 75%  165M 0s
+ 40550K .......... .......... .......... .......... .......... 76%  177M 0s
+ 40600K .......... .......... .......... .......... .......... 76%  190M 0s
+ 40650K .......... .......... .......... .......... .......... 76%  207M 0s
+ 40700K .......... .......... .......... .......... .......... 76%  220M 0s
+ 40750K .......... .......... .......... .......... .......... 76%  177M 0s
+ 40800K .......... .......... .......... .......... .......... 76%  198M 0s
+ 40850K .......... .......... .......... .......... .......... 76%  244M 0s
+ 40900K .......... .......... .......... .......... .......... 76%  244M 0s
+ 40950K .......... .......... .......... .......... .......... 76%  171M 0s
+ 41000K .......... .......... .......... .......... .......... 76%  118M 0s
+ 41050K .......... .......... .......... .......... .......... 76%  196M 0s
+ 41100K .......... .......... .......... .......... .......... 77%  145M 0s
+ 41150K .......... .......... .......... .......... .......... 77%  182M 0s
+ 41200K .......... .......... .......... .......... .......... 77%  171M 0s
+ 41250K .......... .......... .......... .......... .......... 77%  159M 0s
+ 41300K .......... .......... .......... .......... .......... 77%  160M 0s
+ 41350K .......... .......... .......... .......... .......... 77%  183M 0s
+ 41400K .......... .......... .......... .......... .......... 77%  185M 0s
+ 41450K .......... .......... .......... .......... .......... 77%  172M 0s
+ 41500K .......... .......... .......... .......... .......... 77%  136M 0s
+ 41550K .......... .......... .......... .......... .......... 77%  206M 0s
+ 41600K .......... .......... .......... .......... .......... 77%  211M 0s
+ 41650K .......... .......... .......... .......... .......... 78%  217M 0s
+ 41700K .......... .......... .......... .......... .......... 78%  176M 0s
+ 41750K .......... .......... .......... .......... .......... 78%  213M 0s
+ 41800K .......... .......... .......... .......... .......... 78%  191M 0s
+ 41850K .......... .......... .......... .......... .......... 78%  184M 0s
+ 41900K .......... .......... .......... .......... .......... 78%  157M 0s
+ 41950K .......... .......... .......... .......... .......... 78%  197M 0s
+ 42000K .......... .......... .......... .......... .......... 78%  170M 0s
+ 42050K .......... .......... .......... .......... .......... 78%  174M 0s
+ 42100K .......... .......... .......... .......... .......... 78%  146M 0s
+ 42150K .......... .......... .......... .......... .......... 79%  180M 0s
+ 42200K .......... .......... .......... .......... .......... 79%  195M 0s
+ 42250K .......... .......... .......... .......... .......... 79%  184M 0s
+ 42300K .......... .......... .......... .......... .......... 79%  195M 0s
+ 42350K .......... .......... .......... .......... .......... 79%  164M 0s
+ 42400K .......... .......... .......... .......... .......... 79%  183M 0s
  42450K .......... .......... .......... .......... .......... 79%  175M 0s
- 42500K .......... .......... .......... .......... .......... 79%  140M 0s
- 42550K .......... .......... .......... .......... .......... 79%  125M 0s
- 42600K .......... .......... .......... .......... .......... 79%  128M 0s
- 42650K .......... .......... .......... .......... .......... 79%  130M 0s
- 42700K .......... .......... .......... .......... .......... 80%  167M 0s
- 42750K .......... .......... .......... .......... .......... 80%  120M 0s
- 42800K .......... .......... .......... .......... .......... 80%  128M 0s
- 42850K .......... .......... .......... .......... .......... 80%  165M 0s
+ 42500K .......... .......... .......... .......... .......... 79%  191M 0s
+ 42550K .......... .......... .......... .......... .......... 79%  183M 0s
+ 42600K .......... .......... .......... .......... .......... 79%  187M 0s
+ 42650K .......... .......... .......... .......... .......... 79%  165M 0s
+ 42700K .......... .......... .......... .......... .......... 80%  170M 0s
+ 42750K .......... .......... .......... .......... .......... 80%  180M 0s
+ 42800K .......... .......... .......... .......... .......... 80%  162M 0s
+ 42850K .......... .......... .......... .......... .......... 80%  199M 0s
  42900K .......... .......... .......... .......... .......... 80%  184M 0s
- 42950K .......... .......... .......... .......... .......... 80%  112M 0s
- 43000K .......... .......... .......... .......... .......... 80%  144M 0s
- 43050K .......... .......... .......... .......... .......... 80%  157M 0s
- 43100K .......... .......... .......... .......... .......... 80%  189M 0s
- 43150K .......... .......... .......... .......... .......... 80%  155M 0s
- 43200K .......... .......... .......... .......... .......... 80%  167M 0s
- 43250K .......... .......... .......... .......... .......... 81%  186M 0s
- 43300K .......... .......... .......... .......... .......... 81%  164M 0s
- 43350K .......... .......... .......... .......... .......... 81%  149M 0s
- 43400K .......... .......... .......... .......... .......... 81%  141M 0s
- 43450K .......... .......... .......... .......... .......... 81%  123M 0s
- 43500K .......... .......... .......... .......... .......... 81%  147M 0s
- 43550K .......... .......... .......... .......... .......... 81%  110M 0s
- 43600K .......... .......... .......... .......... .......... 81%  130M 0s
- 43650K .......... .......... .......... .......... .......... 81%  159M 0s
- 43700K .......... .......... .......... .......... .......... 81%  148M 0s
- 43750K .......... .......... .......... .......... .......... 82%  113M 0s
- 43800K .......... .......... .......... .......... .......... 82%  235M 0s
- 43850K .......... .......... .......... .......... .......... 82%  254M 0s
- 43900K .......... .......... .......... .......... .......... 82%  243M 0s
- 43950K .......... .......... .......... .......... .......... 82%  219M 0s
- 44000K .......... .......... .......... .......... .......... 82%  238M 0s
- 44050K .......... .......... .......... .......... .......... 82%  224M 0s
- 44100K .......... .......... .......... .......... .......... 82%  241M 0s
- 44150K .......... .......... .......... .......... .......... 82%  233M 0s
- 44200K .......... .......... .......... .......... .......... 82%  237M 0s
- 44250K .......... .......... .......... .......... .......... 82%  213M 0s
- 44300K .......... .......... .......... .......... .......... 83%  231M 0s
- 44350K .......... .......... .......... .......... .......... 83%  133M 0s
- 44400K .......... .......... .......... .......... .......... 83%  150M 0s
- 44450K .......... .......... .......... .......... .......... 83%  136M 0s
- 44500K .......... .......... .......... .......... .......... 83%  143M 0s
- 44550K .......... .......... .......... .......... .......... 83%  131M 0s
- 44600K .......... .......... .......... .......... .......... 83%  128M 0s
- 44650K .......... .......... .......... .......... .......... 83%  152M 0s
- 44700K .......... .......... .......... .......... .......... 83%  163M 0s
- 44750K .......... .......... .......... .......... .......... 83%  148M 0s
- 44800K .......... .......... .......... .......... .......... 83%  152M 0s
- 44850K .......... .......... .......... .......... .......... 84%  172M 0s
- 44900K .......... .......... .......... .......... .......... 84%  133M 0s
- 44950K .......... .......... .......... .......... .......... 84%  175M 0s
- 45000K .......... .......... .......... .......... .......... 84%  174M 0s
- 45050K .......... .......... .......... .......... .......... 84%  158M 0s
- 45100K .......... .......... .......... .......... .......... 84%  158M 0s
- 45150K .......... .......... .......... .......... .......... 84%  113M 0s
- 45200K .......... .......... .......... .......... .......... 84%  117M 0s
- 45250K .......... .......... .......... .......... .......... 84%  146M 0s
- 45300K .......... .......... .......... .......... .......... 84%  144M 0s
- 45350K .......... .......... .......... .......... .......... 85%  139M 0s
- 45400K .......... .......... .......... .......... .......... 85%  152M 0s
- 45450K .......... .......... .......... .......... .......... 85%  167M 0s
- 45500K .......... .......... .......... .......... .......... 85%  157M 0s
- 45550K .......... .......... .......... .......... .......... 85%  134M 0s
- 45600K .......... .......... .......... .......... .......... 85%  137M 0s
- 45650K .......... .......... .......... .......... .......... 85%  154M 0s
- 45700K .......... .......... .......... .......... .......... 85%  144M 0s
- 45750K .......... .......... .......... .......... .......... 85%  134M 0s
- 45800K .......... .......... .......... .......... .......... 85%  168M 0s
- 45850K .......... .......... .......... .......... .......... 85%  175M 0s
- 45900K .......... .......... .......... .......... .......... 86%  168M 0s
- 45950K .......... .......... .......... .......... .......... 86%  116M 0s
- 46000K .......... .......... .......... .......... .......... 86%  114M 0s
- 46050K .......... .......... .......... .......... .......... 86%  118M 0s
- 46100K .......... .......... .......... .......... .......... 86%  132M 0s
- 46150K .......... .......... .......... .......... .......... 86%  116M 0s
- 46200K .......... .......... .......... .......... .......... 86%  154M 0s
- 46250K .......... .......... .......... .......... .......... 86%  183M 0s
- 46300K .......... .......... .......... .......... .......... 86%  199M 0s
- 46350K .......... .......... .......... .......... .......... 86%  175M 0s
- 46400K .......... .......... .......... .......... .......... 86%  212M 0s
- 46450K .......... .......... .......... .......... .......... 87%  214M 0s
- 46500K .......... .......... .......... .......... .......... 87%  136M 0s
- 46550K .......... .......... .......... .......... .......... 87% 99.7M 0s
- 46600K .......... .......... .......... .......... .......... 87%  119M 0s
- 46650K .......... .......... .......... .......... .......... 87%  136M 0s
- 46700K .......... .......... .......... .......... .......... 87%  163M 0s
- 46750K .......... .......... .......... .......... .......... 87%  158M 0s
- 46800K .......... .......... .......... .......... .......... 87%  169M 0s
- 46850K .......... .......... .......... .......... .......... 87%  141M 0s
- 46900K .......... .......... .......... .......... .......... 87%  141M 0s
- 46950K .......... .......... .......... .......... .......... 88%  119M 0s
- 47000K .......... .......... .......... .......... .......... 88%  157M 0s
- 47050K .......... .......... .......... .......... .......... 88%  167M 0s
- 47100K .......... .......... .......... .......... .......... 88%  124M 0s
- 47150K .......... .......... .......... .......... .......... 88%  167M 0s
- 47200K .......... .......... .......... .......... .......... 88%  168M 0s
- 47250K .......... .......... .......... .......... .......... 88%  171M 0s
- 47300K .......... .......... .......... .......... .......... 88%  138M 0s
- 47350K .......... .......... .......... .......... .......... 88%  132M 0s
- 47400K .......... .......... .......... .......... .......... 88%  155M 0s
- 47450K .......... .......... .......... .......... .......... 88%  123M 0s
- 47500K .......... .......... .......... .......... .......... 89%  127M 0s
- 47550K .......... .......... .......... .......... .......... 89%  133M 0s
- 47600K .......... .......... .......... .......... .......... 89%  161M 0s
- 47650K .......... .......... .......... .......... .......... 89%  171M 0s
- 47700K .......... .......... .......... .......... .......... 89%  183M 0s
- 47750K .......... .......... .......... .......... .......... 89%  200M 0s
- 47800K .......... .......... .......... .......... .......... 89%  243M 0s
- 47850K .......... .......... .......... .......... .......... 89%  259M 0s
- 47900K .......... .......... .......... .......... .......... 89%  223M 0s
+ 42950K .......... .......... .......... .......... .......... 80%  193M 0s
+ 43000K .......... .......... .......... .......... .......... 80%  167M 0s
+ 43050K .......... .......... .......... .......... .......... 80%  203M 0s
+ 43100K .......... .......... .......... .......... .......... 80%  162M 0s
+ 43150K .......... .......... .......... .......... .......... 80%  199M 0s
+ 43200K .......... .......... .......... .......... .......... 80%  154M 0s
+ 43250K .......... .......... .......... .......... .......... 81%  217M 0s
+ 43300K .......... .......... .......... .......... .......... 81%  176M 0s
+ 43350K .......... .......... .......... .......... .......... 81%  176M 0s
+ 43400K .......... .......... .......... .......... .......... 81%  198M 0s
+ 43450K .......... .......... .......... .......... .......... 81%  189M 0s
+ 43500K .......... .......... .......... .......... .......... 81%  159M 0s
+ 43550K .......... .......... .......... .......... .......... 81%  171M 0s
+ 43600K .......... .......... .......... .......... .......... 81%  178M 0s
+ 43650K .......... .......... .......... .......... .......... 81%  194M 0s
+ 43700K .......... .......... .......... .......... .......... 81%  161M 0s
+ 43750K .......... .......... .......... .......... .......... 82%  185M 0s
+ 43800K .......... .......... .......... .......... .......... 82%  197M 0s
+ 43850K .......... .......... .......... .......... .......... 82%  204M 0s
+ 43900K .......... .......... .......... .......... .......... 82%  159M 0s
+ 43950K .......... .......... .......... .......... .......... 82%  207M 0s
+ 44000K .......... .......... .......... .......... .......... 82%  185M 0s
+ 44050K .......... .......... .......... .......... .......... 82%  188M 0s
+ 44100K .......... .......... .......... .......... .......... 82%  145M 0s
+ 44150K .......... .......... .......... .......... .......... 82%  195M 0s
+ 44200K .......... .......... .......... .......... .......... 82%  170M 0s
+ 44250K .......... .......... .......... .......... .......... 82%  172M 0s
+ 44300K .......... .......... .......... .......... .......... 83%  136M 0s
+ 44350K .......... .......... .......... .......... .......... 83%  192M 0s
+ 44400K .......... .......... .......... .......... .......... 83%  188M 0s
+ 44450K .......... .......... .......... .......... .......... 83%  180M 0s
+ 44500K .......... .......... .......... .......... .......... 83%  156M 0s
+ 44550K .......... .......... .......... .......... .......... 83%  173M 0s
+ 44600K .......... .......... .......... .......... .......... 83%  136M 0s
+ 44650K .......... .......... .......... .......... .......... 83%  198M 0s
+ 44700K .......... .......... .......... .......... .......... 83%  155M 0s
+ 44750K .......... .......... .......... .......... .......... 83%  184M 0s
+ 44800K .......... .......... .......... .......... .......... 83%  169M 0s
+ 44850K .......... .......... .......... .......... .......... 84%  187M 0s
+ 44900K .......... .......... .......... .......... .......... 84%  157M 0s
+ 44950K .......... .......... .......... .......... .......... 84%  177M 0s
+ 45000K .......... .......... .......... .......... .......... 84%  189M 0s
+ 45050K .......... .......... .......... .......... .......... 84%  177M 0s
+ 45100K .......... .......... .......... .......... .......... 84%  167M 0s
+ 45150K .......... .......... .......... .......... .......... 84%  159M 0s
+ 45200K .......... .......... .......... .......... .......... 84%  187M 0s
+ 45250K .......... .......... .......... .......... .......... 84%  158M 0s
+ 45300K .......... .......... .......... .......... .......... 84%  154M 0s
+ 45350K .......... .......... .......... .......... .......... 85%  163M 0s
+ 45400K .......... .......... .......... .......... .......... 85%  165M 0s
+ 45450K .......... .......... .......... .......... .......... 85%  182M 0s
+ 45500K .......... .......... .......... .......... .......... 85%  147M 0s
+ 45550K .......... .......... .......... .......... .......... 85%  185M 0s
+ 45600K .......... .......... .......... .......... .......... 85%  201M 0s
+ 45650K .......... .......... .......... .......... .......... 85%  181M 0s
+ 45700K .......... .......... .......... .......... .......... 85%  154M 0s
+ 45750K .......... .......... .......... .......... .......... 85%  181M 0s
+ 45800K .......... .......... .......... .......... .......... 85%  197M 0s
+ 45850K .......... .......... .......... .......... .......... 85%  162M 0s
+ 45900K .......... .......... .......... .......... .......... 86%  139M 0s
+ 45950K .......... .......... .......... .......... .......... 86%  170M 0s
+ 46000K .......... .......... .......... .......... .......... 86%  179M 0s
+ 46050K .......... .......... .......... .......... .......... 86%  173M 0s
+ 46100K .......... .......... .......... .......... .......... 86%  156M 0s
+ 46150K .......... .......... .......... .......... .......... 86%  195M 0s
+ 46200K .......... .......... .......... .......... .......... 86%  174M 0s
+ 46250K .......... .......... .......... .......... .......... 86%  178M 0s
+ 46300K .......... .......... .......... .......... .......... 86%  153M 0s
+ 46350K .......... .......... .......... .......... .......... 86%  166M 0s
+ 46400K .......... .......... .......... .......... .......... 86%  183M 0s
+ 46450K .......... .......... .......... .......... .......... 87%  164M 0s
+ 46500K .......... .......... .......... .......... .......... 87%  153M 0s
+ 46550K .......... .......... .......... .......... .......... 87%  168M 0s
+ 46600K .......... .......... .......... .......... .......... 87%  220M 0s
+ 46650K .......... .......... .......... .......... .......... 87%  175M 0s
+ 46700K .......... .......... .......... .......... .......... 87%  153M 0s
+ 46750K .......... .......... .......... .......... .......... 87%  188M 0s
+ 46800K .......... .......... .......... .......... .......... 87%  177M 0s
+ 46850K .......... .......... .......... .......... .......... 87%  177M 0s
+ 46900K .......... .......... .......... .......... .......... 87%  153M 0s
+ 46950K .......... .......... .......... .......... .......... 88%  184M 0s
+ 47000K .......... .......... .......... .......... .......... 88%  156M 0s
+ 47050K .......... .......... .......... .......... .......... 88%  162M 0s
+ 47100K .......... .......... .......... .......... .......... 88%  165M 0s
+ 47150K .......... .......... .......... .......... .......... 88%  176M 0s
+ 47200K .......... .......... .......... .......... .......... 88%  185M 0s
+ 47250K .......... .......... .......... .......... .......... 88%  155M 0s
+ 47300K .......... .......... .......... .......... .......... 88%  164M 0s
+ 47350K .......... .......... .......... .......... .......... 88%  185M 0s
+ 47400K .......... .......... .......... .......... .......... 88%  166M 0s
+ 47450K .......... .......... .......... .......... .......... 88%  186M 0s
+ 47500K .......... .......... .......... .......... .......... 89%  148M 0s
+ 47550K .......... .......... .......... .......... .......... 89%  183M 0s
+ 47600K .......... .......... .......... .......... .......... 89%  166M 0s
+ 47650K .......... .......... .......... .......... .......... 89%  169M 0s
+ 47700K .......... .......... .......... .......... .......... 89%  158M 0s
+ 47750K .......... .......... .......... .......... .......... 89%  158M 0s
+ 47800K .......... .......... .......... .......... .......... 89%  179M 0s
+ 47850K .......... .......... .......... .......... .......... 89%  178M 0s
+ 47900K .......... .......... .......... .......... .......... 89%  182M 0s
  47950K .......... .......... .......... .......... .......... 89%  178M 0s
- 48000K .......... .......... .......... .......... .......... 89%  223M 0s
- 48050K .......... .......... .......... .......... .......... 90%  247M 0s
- 48100K .......... .......... .......... .......... .......... 90%  259M 0s
- 48150K .......... .......... .......... .......... .......... 90%  203M 0s
- 48200K .......... .......... .......... .......... .......... 90%  232M 0s
- 48250K .......... .......... .......... .......... .......... 90%  195M 0s
- 48300K .......... .......... .......... .......... .......... 90%  142M 0s
- 48350K .......... .......... .......... .......... .......... 90% 97.9M 0s
- 48400K .......... .......... .......... .......... .......... 90%  153M 0s
- 48450K .......... .......... .......... .......... .......... 90%  152M 0s
- 48500K .......... .......... .......... .......... .......... 90%  131M 0s
- 48550K .......... .......... .......... .......... .......... 91%  105M 0s
- 48600K .......... .......... .......... .......... .......... 91%  145M 0s
- 48650K .......... .......... .......... .......... .......... 91%  162M 0s
- 48700K .......... .......... .......... .......... .......... 91%  177M 0s
- 48750K .......... .......... .......... .......... .......... 91%  140M 0s
- 48800K .......... .......... .......... .......... .......... 91%  176M 0s
- 48850K .......... .......... .......... .......... .......... 91%  195M 0s
- 48900K .......... .......... .......... .......... .......... 91%  192M 0s
- 48950K .......... .......... .......... .......... .......... 91%  104M 0s
- 49000K .......... .......... .......... .......... .......... 91%  115M 0s
- 49050K .......... .......... .......... .......... .......... 91%  133M 0s
- 49100K .......... .......... .......... .......... .......... 92%  124M 0s
- 49150K .......... .......... .......... .......... .......... 92%  140M 0s
- 49200K .......... .......... .......... .......... .......... 92%  146M 0s
- 49250K .......... .......... .......... .......... .......... 92%  112M 0s
- 49300K .......... .......... .......... .......... .......... 92%  141M 0s
- 49350K .......... .......... .......... .......... .......... 92%  125M 0s
- 49400K .......... .......... .......... .......... .......... 92%  160M 0s
- 49450K .......... .......... .......... .......... .......... 92%  161M 0s
- 49500K .......... .......... .......... .......... .......... 92%  174M 0s
- 49550K .......... .......... .......... .......... .......... 92%  155M 0s
- 49600K .......... .......... .......... .......... .......... 92%  179M 0s
- 49650K .......... .......... .......... .......... .......... 93%  150M 0s
- 49700K .......... .......... .......... .......... .......... 93%  124M 0s
- 49750K .......... .......... .......... .......... .......... 93%  121M 0s
- 49800K .......... .......... .......... .......... .......... 93%  148M 0s
- 49850K .......... .......... .......... .......... .......... 93%  130M 0s
- 49900K .......... .......... .......... .......... .......... 93%  125M 0s
- 49950K .......... .......... .......... .......... .......... 93%  129M 0s
- 50000K .......... .......... .......... .......... .......... 93%  159M 0s
- 50050K .......... .......... .......... .......... .......... 93%  180M 0s
- 50100K .......... .......... .......... .......... .......... 93%  146M 0s
- 50150K .......... .......... .......... .......... .......... 94%  140M 0s
- 50200K .......... .......... .......... .......... .......... 94%  226M 0s
- 50250K .......... .......... .......... .......... .......... 94%  209M 0s
- 50300K .......... .......... .......... .......... .......... 94%  200M 0s
- 50350K .......... .......... .......... .......... .......... 94%  121M 0s
- 50400K .......... .......... .......... .......... .......... 94%  137M 0s
- 50450K .......... .......... .......... .......... .......... 94%  173M 0s
- 50500K .......... .......... .......... .......... .......... 94%  176M 0s
- 50550K .......... .......... .......... .......... .......... 94%  173M 0s
- 50600K .......... .......... .......... .......... .......... 94%  136M 0s
- 50650K .......... .......... .......... .......... .......... 94%  108M 0s
- 50700K .......... .......... .......... .......... .......... 95%  130M 0s
- 50750K .......... .......... .......... .......... .......... 95%  149M 0s
- 50800K .......... .......... .......... .......... .......... 95%  137M 0s
- 50850K .......... .......... .......... .......... .......... 95%  139M 0s
- 50900K .......... .......... .......... .......... .......... 95%  165M 0s
- 50950K .......... .......... .......... .......... .......... 95%  188M 0s
- 51000K .......... .......... .......... .......... .......... 95%  162M 0s
- 51050K .......... .......... .......... .......... .......... 95%  125M 0s
- 51100K .......... .......... .......... .......... .......... 95%  127M 0s
- 51150K .......... .......... .......... .......... .......... 95%  103M 0s
- 51200K .......... .......... .......... .......... .......... 95%  156M 0s
- 51250K .......... .......... .......... .......... .......... 96%  172M 0s
- 51300K .......... .......... .......... .......... .......... 96%  144M 0s
- 51350K .......... .......... .......... .......... .......... 96%  124M 0s
- 51400K .......... .......... .......... .......... .......... 96%  141M 0s
- 51450K .......... .......... .......... .......... .......... 96%  144M 0s
- 51500K .......... .......... .......... .......... .......... 96%  138M 0s
- 51550K .......... .......... .......... .......... .......... 96%  130M 0s
- 51600K .......... .......... .......... .......... .......... 96%  171M 0s
- 51650K .......... .......... .......... .......... .......... 96%  167M 0s
- 51700K .......... .......... .......... .......... .......... 96%  170M 0s
- 51750K .......... .......... .......... .......... .......... 96%  134M 0s
- 51800K .......... .......... .......... .......... .......... 97%  130M 0s
- 51850K .......... .......... .......... .......... .......... 97%  139M 0s
- 51900K .......... .......... .......... .......... .......... 97%  109M 0s
- 51950K .......... .......... .......... .......... .......... 97%  132M 0s
- 52000K .......... .......... .......... .......... .......... 97%  221M 0s
- 52050K .......... .......... .......... .......... .......... 97%  254M 0s
- 52100K .......... .......... .......... .......... .......... 97%  240M 0s
- 52150K .......... .......... .......... .......... .......... 97%  226M 0s
- 52200K .......... .......... .......... .......... .......... 97%  249M 0s
- 52250K .......... .......... .......... .......... .......... 97%  148M 0s
- 52300K .......... .......... .......... .......... .......... 98%  136M 0s
- 52350K .......... .......... .......... .......... .......... 98%  113M 0s
- 52400K .......... .......... .......... .......... .......... 98%  168M 0s
- 52450K .......... .......... .......... .......... .......... 98%  158M 0s
- 52500K .......... .......... .......... .......... .......... 98%  187M 0s
- 52550K .......... .......... .......... .......... .......... 98%  146M 0s
- 52600K .......... .......... .......... .......... .......... 98%  134M 0s
- 52650K .......... .......... .......... .......... .......... 98%  129M 0s
- 52700K .......... .......... .......... .......... .......... 98%  181M 0s
- 52750K .......... .......... .......... .......... .......... 98%  112M 0s
- 52800K .......... .......... .......... .......... .......... 98%  117M 0s
- 52850K .......... .......... .......... .......... .......... 99%  125M 0s
- 52900K .......... .......... .......... .......... .......... 99%  165M 0s
- 52950K .......... .......... .......... .......... .......... 99%  148M 0s
- 53000K .......... .......... .......... .......... .......... 99%  140M 0s
- 53050K .......... .......... .......... .......... .......... 99%  142M 0s
- 53100K .......... .......... .......... .......... .......... 99%  140M 0s
- 53150K .......... .......... .......... .......... .......... 99%  127M 0s
- 53200K .......... .......... .......... .......... .......... 99%  165M 0s
- 53250K .......... .......... .......... .......... .......... 99%  160M 0s
- 53300K .......... .......... .......... .......... .......... 99%  171M 0s
- 53350K .......... .......... .......... .......... .......... 99%  145M 0s
- 53400K ...                                                   100% 6.31T=0.5s
+ 48000K .......... .......... .......... .......... .......... 89%  156M 0s
+ 48050K .......... .......... .......... .......... .......... 90%  180M 0s
+ 48100K .......... .......... .......... .......... .......... 90%  146M 0s
+ 48150K .......... .......... .......... .......... .......... 90%  160M 0s
+ 48200K .......... .......... .......... .......... .......... 90%  158M 0s
+ 48250K .......... .......... .......... .......... .......... 90%  171M 0s
+ 48300K .......... .......... .......... .......... .......... 90%  154M 0s
+ 48350K .......... .......... .......... .......... .......... 90%  166M 0s
+ 48400K .......... .......... .......... .......... .......... 90%  178M 0s
+ 48450K .......... .......... .......... .......... .......... 90%  165M 0s
+ 48500K .......... .......... .......... .......... .......... 90%  160M 0s
+ 48550K .......... .......... .......... .......... .......... 91%  188M 0s
+ 48600K .......... .......... .......... .......... .......... 91%  163M 0s
+ 48650K .......... .......... .......... .......... .......... 91%  173M 0s
+ 48700K .......... .......... .......... .......... .......... 91%  168M 0s
+ 48750K .......... .......... .......... .......... .......... 91%  220M 0s
+ 48800K .......... .......... .......... .......... .......... 91%  171M 0s
+ 48850K .......... .......... .......... .......... .......... 91%  187M 0s
+ 48900K .......... .......... .......... .......... .......... 91%  145M 0s
+ 48950K .......... .......... .......... .......... .......... 91%  169M 0s
+ 49000K .......... .......... .......... .......... .......... 91%  187M 0s
+ 49050K .......... .......... .......... .......... .......... 91%  173M 0s
+ 49100K .......... .......... .......... .......... .......... 92%  152M 0s
+ 49150K .......... .......... .......... .......... .......... 92%  174M 0s
+ 49200K .......... .......... .......... .......... .......... 92%  213M 0s
+ 49250K .......... .......... .......... .......... .......... 92%  212M 0s
+ 49300K .......... .......... .......... .......... .......... 92%  196M 0s
+ 49350K .......... .......... .......... .......... .......... 92%  203M 0s
+ 49400K .......... .......... .......... .......... .......... 92%  182M 0s
+ 49450K .......... .......... .......... .......... .......... 92%  180M 0s
+ 49500K .......... .......... .......... .......... .......... 92%  154M 0s
+ 49550K .......... .......... .......... .......... .......... 92%  174M 0s
+ 49600K .......... .......... .......... .......... .......... 92%  172M 0s
+ 49650K .......... .......... .......... .......... .......... 93%  175M 0s
+ 49700K .......... .......... .......... .......... .......... 93%  143M 0s
+ 49750K .......... .......... .......... .......... .......... 93%  186M 0s
+ 49800K .......... .......... .......... .......... .......... 93%  164M 0s
+ 49850K .......... .......... .......... .......... .......... 93%  158M 0s
+ 49900K .......... .......... .......... .......... .......... 93%  161M 0s
+ 49950K .......... .......... .......... .......... .......... 93%  180M 0s
+ 50000K .......... .......... .......... .......... .......... 93%  164M 0s
+ 50050K .......... .......... .......... .......... .......... 93%  172M 0s
+ 50100K .......... .......... .......... .......... .......... 93%  162M 0s
+ 50150K .......... .......... .......... .......... .......... 94%  182M 0s
+ 50200K .......... .......... .......... .......... .......... 94%  170M 0s
+ 50250K .......... .......... .......... .......... .......... 94%  187M 0s
+ 50300K .......... .......... .......... .......... .......... 94%  142M 0s
+ 50350K .......... .......... .......... .......... .......... 94%  180M 0s
+ 50400K .......... .......... .......... .......... .......... 94%  174M 0s
+ 50450K .......... .......... .......... .......... .......... 94%  190M 0s
+ 50500K .......... .......... .......... .......... .......... 94%  160M 0s
+ 50550K .......... .......... .......... .......... .......... 94%  171M 0s
+ 50600K .......... .......... .......... .......... .......... 94%  190M 0s
+ 50650K .......... .......... .......... .......... .......... 94%  149M 0s
+ 50700K .......... .......... .......... .......... .......... 95%  151M 0s
+ 50750K .......... .......... .......... .......... .......... 95%  183M 0s
+ 50800K .......... .......... .......... .......... .......... 95%  176M 0s
+ 50850K .......... .......... .......... .......... .......... 95%  186M 0s
+ 50900K .......... .......... .......... .......... .......... 95%  145M 0s
+ 50950K .......... .......... .......... .......... .......... 95%  180M 0s
+ 51000K .......... .......... .......... .......... .......... 95%  186M 0s
+ 51050K .......... .......... .......... .......... .......... 95%  184M 0s
+ 51100K .......... .......... .......... .......... .......... 95%  140M 0s
+ 51150K .......... .......... .......... .......... .......... 95%  171M 0s
+ 51200K .......... .......... .......... .......... .......... 95%  147M 0s
+ 51250K .......... .......... .......... .......... .......... 96%  176M 0s
+ 51300K .......... .......... .......... .......... .......... 96%  218M 0s
+ 51350K .......... .......... .......... .......... .......... 96%  212M 0s
+ 51400K .......... .......... .......... .......... .......... 96%  212M 0s
+ 51450K .......... .......... .......... .......... .......... 96%  134M 0s
+ 51500K .......... .......... .......... .......... .......... 96%  190M 0s
+ 51550K .......... .......... .......... .......... .......... 96%  193M 0s
+ 51600K .......... .......... .......... .......... .......... 96%  117M 0s
+ 51650K .......... .......... .......... .......... .......... 96%  155M 0s
+ 51700K .......... .......... .......... .......... .......... 96%  177M 0s
+ 51750K .......... .......... .......... .......... .......... 96%  160M 0s
+ 51800K .......... .......... .......... .......... .......... 97%  181M 0s
+ 51850K .......... .......... .......... .......... .......... 97%  158M 0s
+ 51900K .......... .......... .......... .......... .......... 97%  182M 0s
+ 51950K .......... .......... .......... .......... .......... 97%  172M 0s
+ 52000K .......... .......... .......... .......... .......... 97%  189M 0s
+ 52050K .......... .......... .......... .......... .......... 97%  164M 0s
+ 52100K .......... .......... .......... .......... .......... 97%  177M 0s
+ 52150K .......... .......... .......... .......... .......... 97%  178M 0s
+ 52200K .......... .......... .......... .......... .......... 97%  173M 0s
+ 52250K .......... .......... .......... .......... .......... 97%  161M 0s
+ 52300K .......... .......... .......... .......... .......... 98%  174M 0s
+ 52350K .......... .......... .......... .......... .......... 98%  202M 0s
+ 52400K .......... .......... .......... .......... .......... 98%  178M 0s
+ 52450K .......... .......... .......... .......... .......... 98%  174M 0s
+ 52500K .......... .......... .......... .......... .......... 98%  175M 0s
+ 52550K .......... .......... .......... .......... .......... 98%  148M 0s
+ 52600K .......... .......... .......... .......... .......... 98%  197M 0s
+ 52650K .......... .......... .......... .......... .......... 98%  162M 0s
+ 52700K .......... .......... .......... .......... .......... 98%  188M 0s
+ 52750K .......... .......... .......... .......... .......... 98%  158M 0s
+ 52800K .......... .......... .......... .......... .......... 98%  189M 0s
+ 52850K .......... .......... .......... .......... .......... 99%  180M 0s
+ 52900K .......... .......... .......... .......... .......... 99%  187M 0s
+ 52950K .......... .......... .......... .......... .......... 99%  156M 0s
+ 53000K .......... .......... .......... .......... .......... 99%  170M 0s
+ 53050K .......... .......... .......... .......... .......... 99%  193M 0s
+ 53100K .......... .......... .......... .......... .......... 99%  173M 0s
+ 53150K .......... .......... .......... .......... .......... 99%  159M 0s
+ 53200K .......... .......... .......... .......... .......... 99%  178M 0s
+ 53250K .......... .......... .......... .......... .......... 99%  170M 0s
+ 53300K .......... .......... .......... .......... .......... 99%  178M 0s
+ 53350K .......... .......... .......... .......... .......... 99%  136M 0s
+ 53400K ...                                                   100% 6.31T=0.4s
 
-2024-11-06 09:55:43 (106 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.7’ saved [54685068/54685068]
+2024-11-11 10:06:03 (129 MB/s) - ‘trivy_0.44.1_Linux-64bit.deb.7’ saved [54685068/54685068]
 
 +sudo dpkg -i trivy_0.44.1_Linux-64bit.deb
 (Reading database ... 132595 files and directories currently installed.)
@@ -24590,206 +24749,206 @@ https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 Login Succeeded
 +docker push quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+289c21f58abf: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-2da78aeecadc: Waiting
-c6ce05a09977: Mounted from noiro/aci-containers-certmanager
-a9d0958592a7: Mounted from noirolabs/aci-containers-host
-61c957cf6e41: Mounted from noirolabs/aci-containers-host
-f290238eb703: Mounted from noirolabs/aci-containers-host
-2da78aeecadc: Mounted from noirolabs/aci-containers-host
-3d6d0b739952: Mounted from noirolabs/aci-containers-host
-3a304f8979ba: Mounted from noirolabs/aci-containers-host
-d17c027642cf: Mounted from noirolabs/aci-containers-host
-0476db1990d3: Mounted from noirolabs/aci-containers-host
-d702866f0fc1: Mounted from noirolabs/aci-containers-host
-522295eb93f1: Mounted from noirolabs/aci-containers-host
-dcc6f4ee0047: Pushed
-fa3cb8602155: Mounted from noirolabs/aci-containers-host
-2d13373cb491: Pushed
+1a6b532927e3: Mounted from noiro/aci-containers-certmanager
+59b2cab698bb: Mounted from noirolabs/aci-containers-host
+4b4f6b00eb0e: Mounted from noirolabs/aci-containers-host
+289c21f58abf: Mounted from noirolabs/aci-containers-host
+5893fb0bb516: Pushed
+d6162b934532: Mounted from noirolabs/aci-containers-host
+9dd8f0f32b87: Mounted from noirolabs/aci-containers-host
+b0ced1c33e7b: Mounted from noirolabs/aci-containers-host
+c3602053dd39: Mounted from noirolabs/aci-containers-host
+3232e4fd59c7: Mounted from noirolabs/aci-containers-host
+68d2a88bffbc: Pushed
+f194fe716c17: Mounted from noirolabs/aci-containers-host
 c0c2749c4e74: Layer already exists
-b2d97c107ae0: Mounted from noirolabs/aci-containers-host
-5b0ef3e8fab7: Mounted from noirolabs/aci-containers-host
-6.0.4.4.81c2369: digest: sha256:a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf size: 3884
+05ef093b07db: Mounted from noirolabs/aci-containers-host
+4cc6ad87c468: Mounted from noirolabs/aci-containers-host
+311869c18c4f: Mounted from noirolabs/aci-containers-host
+ff4052768446: Mounted from noirolabs/aci-containers-host
+6.0.4.4.81c2369: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369
 +docker push quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369
 The push refers to repository [quay.io/noirolabs/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+289c21f58abf: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+311869c18c4f: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-2da78aeecadc: Waiting
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-61c957cf6e41: Layer already exists
-c6ce05a09977: Layer already exists
-dcc6f4ee0047: Layer already exists
-2da78aeecadc: Layer already exists
-2d13373cb491: Layer already exists
-3a304f8979ba: Layer already exists
-f290238eb703: Layer already exists
-3d6d0b739952: Layer already exists
-522295eb93f1: Layer already exists
-d17c027642cf: Layer already exists
-0476db1990d3: Layer already exists
-5b0ef3e8fab7: Layer already exists
-fa3cb8602155: Layer already exists
-d702866f0fc1: Layer already exists
+59b2cab698bb: Layer already exists
+1a6b532927e3: Layer already exists
+5893fb0bb516: Layer already exists
+68d2a88bffbc: Layer already exists
+b0ced1c33e7b: Layer already exists
+d6162b934532: Layer already exists
+c3602053dd39: Layer already exists
+f194fe716c17: Layer already exists
+289c21f58abf: Layer already exists
+9dd8f0f32b87: Layer already exists
+ff4052768446: Layer already exists
+311869c18c4f: Layer already exists
+4cc6ad87c468: Layer already exists
 c0c2749c4e74: Layer already exists
-b2d97c107ae0: Layer already exists
-a9d0958592a7: Layer already exists
-6.0.4.4.81c2369: digest: sha256:a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf size: 3884
+05ef093b07db: Layer already exists
+3232e4fd59c7: Layer already exists
+4b4f6b00eb0e: Layer already exists
+6.0.4.4.81c2369: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
-+docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noirolabs/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-2da78aeecadc: Waiting
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-0476db1990d3: Waiting
-d702866f0fc1: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-5b0ef3e8fab7: Waiting
-fa3cb8602155: Waiting
+289c21f58abf: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+311869c18c4f: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-b2d97c107ae0: Waiting
-c6ce05a09977: Layer already exists
-2d13373cb491: Layer already exists
-dcc6f4ee0047: Layer already exists
-a9d0958592a7: Layer already exists
-61c957cf6e41: Layer already exists
-2da78aeecadc: Layer already exists
-f290238eb703: Layer already exists
-3a304f8979ba: Layer already exists
-3d6d0b739952: Layer already exists
-d17c027642cf: Layer already exists
-522295eb93f1: Layer already exists
-d702866f0fc1: Layer already exists
-0476db1990d3: Layer already exists
-5b0ef3e8fab7: Layer already exists
+5893fb0bb516: Layer already exists
+4b4f6b00eb0e: Layer already exists
+1a6b532927e3: Layer already exists
+d6162b934532: Layer already exists
+68d2a88bffbc: Layer already exists
+b0ced1c33e7b: Layer already exists
+c3602053dd39: Layer already exists
+f194fe716c17: Layer already exists
+59b2cab698bb: Layer already exists
+9dd8f0f32b87: Layer already exists
+05ef093b07db: Layer already exists
+311869c18c4f: Layer already exists
+289c21f58abf: Layer already exists
+4cc6ad87c468: Layer already exists
 c0c2749c4e74: Layer already exists
-fa3cb8602155: Layer already exists
-b2d97c107ae0: Layer already exists
-6.0.4.4.81c2369.110624.10022: digest: sha256:a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf size: 3884
+3232e4fd59c7: Layer already exists
+ff4052768446: Layer already exists
+6.0.4.4.81c2369.111124.10031: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
 +for OTHER_TAG in ${OTHER_IMAGE_TAGS}
 +docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369.z
 +docker push quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noirolabs/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+289c21f58abf: Waiting
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-2da78aeecadc: Waiting
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-b2d97c107ae0: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-dcc6f4ee0047: Layer already exists
-61c957cf6e41: Layer already exists
-c6ce05a09977: Layer already exists
-2d13373cb491: Layer already exists
-3d6d0b739952: Layer already exists
-f290238eb703: Layer already exists
-3a304f8979ba: Layer already exists
-2da78aeecadc: Layer already exists
-a9d0958592a7: Layer already exists
-d17c027642cf: Layer already exists
-d702866f0fc1: Layer already exists
-b2d97c107ae0: Layer already exists
-fa3cb8602155: Layer already exists
-0476db1990d3: Layer already exists
-522295eb93f1: Layer already exists
+5893fb0bb516: Layer already exists
+4b4f6b00eb0e: Layer already exists
+68d2a88bffbc: Layer already exists
+1a6b532927e3: Layer already exists
+59b2cab698bb: Layer already exists
+b0ced1c33e7b: Layer already exists
+9dd8f0f32b87: Layer already exists
+3232e4fd59c7: Layer already exists
+ff4052768446: Layer already exists
+f194fe716c17: Layer already exists
+289c21f58abf: Layer already exists
+05ef093b07db: Layer already exists
+d6162b934532: Layer already exists
+c3602053dd39: Layer already exists
+4cc6ad87c468: Layer already exists
+311869c18c4f: Layer already exists
 c0c2749c4e74: Layer already exists
-5b0ef3e8fab7: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf size: 3884
+6.0.4.4.81c2369.z: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
 +docker login -u=[secure] -p=[secure] quay.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -24797,106 +24956,106 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
-+docker push quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
++docker push quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
 The push refers to repository [quay.io/noiro/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-2da78aeecadc: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+289c21f58abf: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
 c0c2749c4e74: Waiting
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-a9d0958592a7: Mounted from noiro/aci-containers-host
-dcc6f4ee0047: Mounted from noirolabs/aci-containers-host-ovscni
-2d13373cb491: Mounted from noirolabs/aci-containers-host-ovscni
-61c957cf6e41: Mounted from noiro/aci-containers-host
-c6ce05a09977: Mounted from noiro/aci-containers-certmanager
-2da78aeecadc: Mounted from noiro/aci-containers-host
-3d6d0b739952: Mounted from noiro/aci-containers-host
-f290238eb703: Mounted from noiro/aci-containers-host
-d702866f0fc1: Mounted from noiro/aci-containers-host
-0476db1990d3: Mounted from noiro/aci-containers-host
-3a304f8979ba: Mounted from noiro/aci-containers-host
-522295eb93f1: Mounted from noiro/aci-containers-host
-d17c027642cf: Mounted from noiro/aci-containers-host
-fa3cb8602155: Mounted from noiro/aci-containers-host
+4cc6ad87c468: Waiting
+4b4f6b00eb0e: Mounted from noiro/aci-containers-host
+5893fb0bb516: Mounted from noirolabs/aci-containers-host-ovscni
+68d2a88bffbc: Mounted from noirolabs/aci-containers-host-ovscni
+1a6b532927e3: Mounted from noiro/aci-containers-certmanager
+d6162b934532: Mounted from noiro/aci-containers-host
+289c21f58abf: Mounted from noiro/aci-containers-host
+9dd8f0f32b87: Mounted from noiro/aci-containers-host
+59b2cab698bb: Mounted from noiro/aci-containers-host
+b0ced1c33e7b: Mounted from noiro/aci-containers-host
+3232e4fd59c7: Mounted from noiro/aci-containers-host
+f194fe716c17: Mounted from noiro/aci-containers-host
+c3602053dd39: Mounted from noiro/aci-containers-host
+05ef093b07db: Mounted from noiro/aci-containers-host
 c0c2749c4e74: Layer already exists
-5b0ef3e8fab7: Mounted from noiro/aci-containers-host
-b2d97c107ae0: Mounted from noiro/aci-containers-host
-6.0.4.4.81c2369.110624.10022: digest: sha256:a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf size: 3884
+ff4052768446: Mounted from noiro/aci-containers-host
+4cc6ad87c468: Mounted from noiro/aci-containers-host
+311869c18c4f: Mounted from noiro/aci-containers-host
+6.0.4.4.81c2369.111124.10031: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
 +docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z
 +docker push quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z
 The push refers to repository [quay.io/noiro/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-2da78aeecadc: Waiting
-3d6d0b739952: Waiting
-d17c027642cf: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+289c21f58abf: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-a9d0958592a7: Layer already exists
-61c957cf6e41: Layer already exists
-dcc6f4ee0047: Layer already exists
-3d6d0b739952: Layer already exists
-2d13373cb491: Layer already exists
-2da78aeecadc: Layer already exists
-f290238eb703: Layer already exists
-c6ce05a09977: Layer already exists
-d702866f0fc1: Layer already exists
-d17c027642cf: Layer already exists
-522295eb93f1: Layer already exists
-fa3cb8602155: Layer already exists
-3a304f8979ba: Layer already exists
-0476db1990d3: Layer already exists
+d6162b934532: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+9dd8f0f32b87: Waiting
+68d2a88bffbc: Layer already exists
+5893fb0bb516: Layer already exists
+1a6b532927e3: Layer already exists
+59b2cab698bb: Layer already exists
+289c21f58abf: Layer already exists
+d6162b934532: Layer already exists
+b0ced1c33e7b: Layer already exists
+3232e4fd59c7: Layer already exists
+f194fe716c17: Layer already exists
+ff4052768446: Layer already exists
+4b4f6b00eb0e: Layer already exists
+4cc6ad87c468: Layer already exists
+c3602053dd39: Layer already exists
+05ef093b07db: Layer already exists
+311869c18c4f: Layer already exists
+9dd8f0f32b87: Layer already exists
 c0c2749c4e74: Layer already exists
-b2d97c107ae0: Layer already exists
-5b0ef3e8fab7: Layer already exists
-6.0.4.4.81c2369.z: digest: sha256:a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf size: 3884
+6.0.4.4.81c2369.z: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
 +docker login -u=[secure] '-p=[secure]' docker.io
 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
 WARNING! Your password will be stored unencrypted in /home/travis/.docker/config.json.
@@ -24904,52 +25063,95 @@ Configure a credential helper to remove this warning. See
 https://docs.docker.com/engine/reference/commandline/login/#credential-stores
 
 Login Succeeded
-+docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 docker.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
-+docker push docker.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
++docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 docker.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
++docker push docker.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
 The push refers to repository [docker.io/noiro/aci-containers-host-ovscni]
-dcc6f4ee0047: Preparing
-2d13373cb491: Preparing
-61c957cf6e41: Preparing
-c6ce05a09977: Preparing
-a9d0958592a7: Preparing
-2da78aeecadc: Preparing
-3d6d0b739952: Preparing
-f290238eb703: Preparing
-3a304f8979ba: Preparing
-d702866f0fc1: Preparing
-0476db1990d3: Preparing
-d17c027642cf: Preparing
-522295eb93f1: Preparing
-fa3cb8602155: Preparing
-5b0ef3e8fab7: Preparing
-b2d97c107ae0: Preparing
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
 c0c2749c4e74: Preparing
-2da78aeecadc: Waiting
-3d6d0b739952: Waiting
-f290238eb703: Waiting
-3a304f8979ba: Waiting
-d702866f0fc1: Waiting
-0476db1990d3: Waiting
-d17c027642cf: Waiting
-522295eb93f1: Waiting
-fa3cb8602155: Waiting
-5b0ef3e8fab7: Waiting
-b2d97c107ae0: Waiting
+c3602053dd39: Waiting
+289c21f58abf: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
 c0c2749c4e74: Waiting
-a9d0958592a7: Mounted from noiro/aci-containers-host
-c6ce05a09977: Mounted from noiro/aci-containers-certmanager
-61c957cf6e41: Mounted from noiro/aci-containers-host
-2da78aeecadc: Mounted from noiro/aci-containers-host
-3d6d0b739952: Mounted from noiro/aci-containers-host
-f290238eb703: Mounted from noiro/aci-containers-host
-3a304f8979ba: Mounted from noiro/aci-containers-host
-d702866f0fc1: Mounted from noiro/aci-containers-host
-0476db1990d3: Mounted from noiro/aci-containers-host
-d17c027642cf: Mounted from noiro/aci-containers-host
-522295eb93f1: Mounted from noiro/aci-containers-host
-fa3cb8602155: Mounted from noiro/aci-containers-host
-dcc6f4ee0047: Pushed
+59b2cab698bb: Mounted from noiro/aci-containers-host
+4b4f6b00eb0e: Mounted from noiro/aci-containers-host
+1a6b532927e3: Mounted from noiro/aci-containers-certmanager
+289c21f58abf: Mounted from noiro/aci-containers-host
+d6162b934532: Mounted from noiro/aci-containers-host
+9dd8f0f32b87: Mounted from noiro/aci-containers-host
+b0ced1c33e7b: Mounted from noiro/aci-containers-host
+3232e4fd59c7: Mounted from noiro/aci-containers-host
+c3602053dd39: Mounted from noiro/aci-containers-host
+f194fe716c17: Mounted from noiro/aci-containers-host
+ff4052768446: Mounted from noiro/aci-containers-host
+05ef093b07db: Mounted from noiro/aci-containers-host
 c0c2749c4e74: Layer already exists
-5b0ef3e8fab7: Mounted from noiro/aci-containers-host
-b2d97c107ae0: Mounted from noiro/aci-containers-host
-2d13373cb491: Pushed
+311869c18c4f: Mounted from noiro/aci-containers-host
+68d2a88bffbc: Pushed
+4cc6ad87c468: Mounted from noiro/aci-containers-host
+5893fb0bb516: Pushed
+6.0.4.4.81c2369.111124.10031: digest: sha256:ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc size: 3884
++docker tag quay.io/noirolabs/aci-containers-host-ovscni:6.0.4.4.81c2369 docker.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z
++docker push docker.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z
+The push refers to repository [docker.io/noiro/aci-containers-host-ovscni]
+5893fb0bb516: Preparing
+68d2a88bffbc: Preparing
+4b4f6b00eb0e: Preparing
+1a6b532927e3: Preparing
+59b2cab698bb: Preparing
+289c21f58abf: Preparing
+d6162b934532: Preparing
+9dd8f0f32b87: Preparing
+b0ced1c33e7b: Preparing
+3232e4fd59c7: Preparing
+c3602053dd39: Preparing
+f194fe716c17: Preparing
+ff4052768446: Preparing
+05ef093b07db: Preparing
+311869c18c4f: Preparing
+4cc6ad87c468: Preparing
+c0c2749c4e74: Preparing
+289c21f58abf: Waiting
+d6162b934532: Waiting
+9dd8f0f32b87: Waiting
+b0ced1c33e7b: Waiting
+3232e4fd59c7: Waiting
+c3602053dd39: Waiting
+f194fe716c17: Waiting
+ff4052768446: Waiting
+05ef093b07db: Waiting
+311869c18c4f: Waiting
+4cc6ad87c468: Waiting
+c0c2749c4e74: Waiting
+68d2a88bffbc: Layer already exists
+1a6b532927e3: Layer already exists
+59b2cab698bb: Layer already exists
+4b4f6b00eb0e: Layer already exists
+5893fb0bb516: Layer already exists
+3232e4fd59c7: Layer already exists
+b0ced1c33e7b: Layer already exists
+9dd8f0f32b87: Layer already exists
+289c21f58abf: Layer already exists
+d6162b934532: Layer already exists
diff --git a/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt b/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt
index f02b77e79f..66bd345320 100644
--- a/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt
+++ b/docs/release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt
@@ -4,7 +4,7 @@ k8s.io/kubernetes  v1.29.0    1.29.4    go-module  GHSA-pxhw-596r-rwq5  Low
 
 quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z (redhat 9.4)
 =======================================================================
-Total: 83 (UNKNOWN: 0, LOW: 49, MEDIUM: 26, HIGH: 8, CRITICAL: 0)
+Total: 84 (UNKNOWN: 0, LOW: 49, MEDIUM: 29, HIGH: 6, CRITICAL: 0)
 
 ┌─────────────────────────────┬────────────────┬──────────┬─────────────────────┬─────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
 │           Library           │ Vulnerability  │ Severity │       Status        │  Installed Version  │ Fixed Version │                            Title                             │
@@ -22,28 +22,28 @@ Total: 83 (UNKNOWN: 0, LOW: 49, MEDIUM: 26, HIGH: 8, CRITICAL: 0)
 │                             │ CVE-2024-1975  │          │                     │                     │               │ bind9: bind: SIG(0) can be used to exhaust CPU resources     │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-1975                    │
 │                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
-│                             │ CVE-2024-3661  │          │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
-│                             │                │          │                     │                     │               │ VPN traffic                                                  │
-│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
-│                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
 │                             │ CVE-2024-4076  │          │                     │                     │               │ bind: bind9: Assertion failure when serving both stale cache │
 │                             │                │          │                     │                     │               │ data and authoritative...                                    │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-4076                    │
-├─────────────────────────────┼────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
-│ dhcp-common                 │ CVE-2024-1737  │          │                     │                     │               │ bind: bind9: BIND's database will be slow if a very large    │
+│                             ├────────────────┼──────────┤                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│                             │ CVE-2024-3661  │ MEDIUM   │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
+│                             │                │          │                     │                     │               │ VPN traffic                                                  │
+│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
+├─────────────────────────────┼────────────────┼──────────┤                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│ dhcp-common                 │ CVE-2024-1737  │ HIGH     │                     │                     │               │ bind: bind9: BIND's database will be slow if a very large    │
 │                             │                │          │                     │                     │               │ number...                                                    │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-1737                    │
 │                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
 │                             │ CVE-2024-1975  │          │                     │                     │               │ bind9: bind: SIG(0) can be used to exhaust CPU resources     │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-1975                    │
 │                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
-│                             │ CVE-2024-3661  │          │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
-│                             │                │          │                     │                     │               │ VPN traffic                                                  │
-│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
-│                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
 │                             │ CVE-2024-4076  │          │                     │                     │               │ bind: bind9: Assertion failure when serving both stale cache │
 │                             │                │          │                     │                     │               │ data and authoritative...                                    │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-4076                    │
+│                             ├────────────────┼──────────┤                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│                             │ CVE-2024-3661  │ MEDIUM   │                     │                     │               │ DHCP: DHCP routing options can manipulate interface-based    │
+│                             │                │          │                     │                     │               │ VPN traffic                                                  │
+│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-3661                    │
 ├─────────────────────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ elfutils-default-yama-scope │ CVE-2024-25260 │ LOW      │ will_not_fix        │ 0.191-4.el9         │               │ elfutils: global-buffer-overflow exists in the function      │
 │                             │                │          │                     │                     │               │ ebl_machine_flag_name in eblmachineflagname.c                │
@@ -203,6 +203,10 @@ Total: 83 (UNKNOWN: 0, LOW: 49, MEDIUM: 26, HIGH: 8, CRITICAL: 0)
 ├─────────────────────────────┼────────────────┼──────────┤                     ├─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ pam                         │ CVE-2024-10041 │ MEDIUM   │                     │ 1.5.1-20.el9        │               │ pam: libpam: Libpam vulnerable to read hashed password       │
 │                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-10041                   │
+│                             ├────────────────┤          │                     │                     ├───────────────┼──────────────────────────────────────────────────────────────┤
+│                             │ CVE-2024-10963 │          │                     │                     │               │ pam: Improper Hostname Interpretation in pam_access Leads to │
+│                             │                │          │                     │                     │               │ Access Control Bypass                                        │
+│                             │                │          │                     │                     │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │
 ├─────────────────────────────┼────────────────┼──────────┼─────────────────────┼─────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ pcre2                       │ CVE-2022-41409 │ LOW      │ will_not_fix        │ 10.40-6.el9         │               │ pcre2: negative repeat value in a pcre2test subject line     │
 │                             │                │          │                     │                     │               │ leads to inifinite...                                        │
diff --git a/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-cve-base.txt
index 30d6730503..52ea628406 100644
--- a/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:62655797fa492f0c975d3dea7e5d0e9ee0fb8590806d3b909859738eb543252a", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2023c-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.17.4-0.20230223191600-0131a6301e42", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.16-6.el8_7", "BaseScores": [6.5, 5.9, 7.5], "CVEIds": ["CVE-2021-4209", "CVE-2023-5981", "CVE-2024-0553", "CVE-2024-28834"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1784", "FixedBy": "0:3.6.16-8.el8_9.3", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0155", "FixedBy": "0:3.6.16-8.el8_9", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Name": "CVE-2023-5981", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0627", "FixedBy": "0:3.6.16-8.el8_9.1", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Name": "CVE-2024-0553", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.7-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.19.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.48-4.el8", "BaseScores": [3.3, 7.8], "CVEIds": ["CVE-2023-2602", "CVE-2023-2603"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "Name": "CVE-2023-2602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Name": "CVE-2023-2603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2022.2.54-80.2.el8_6", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.33-24.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.26.16", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml https://github.com/urllib3/urllib3 https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ", "FixedBy": "1.26.17", "Description": "`Cookie` HTTP header isn't stripped on cross-origin redirects", "Name": "GHSA-v845-jxx5-vc9f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml https://github.com/urllib3/urllib3 https://github.com/urllib3/urllib3/releases/tag/1.26.18 https://github.com/urllib3/urllib3/releases/tag/2.0.7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX https://www.rfc-editor.org/rfc/rfc9110.html#name-get", "FixedBy": "1.26.18", "Description": "urllib3's request body not stripped after redirect from 303 status changes request method to GET", "Name": "GHSA-g4mx-q9vg-27p4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.14.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "41.0.2", "BaseScores": [7.5, 5.5, 7.5], "CVEIds": ["CVE-2023-49083", "CVE-2023-50782", "CVE-2024-0727", "CVE-2024-26130"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782 https://github.com/pyca/cryptography/issues/9785 https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 https://github.com/pyca/cryptography", "FixedBy": "42.0.0", "Description": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack", "Name": "GHSA-3ww4-gg4f-jr7f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8 https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2 https://github.com/pyca/cryptography https://www.openssl.org/news/secadv/20230714.txt https://www.openssl.org/news/secadv/20230719.txt https://www.openssl.org/news/secadv/20230731.txt", "FixedBy": "41.0.3", "Description": "pyca/cryptography's wheels include vulnerable OpenSSL", "Name": "GHSA-jm77-qphf-c4w8", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9 https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512 https://github.com/pyca/cryptography", "FixedBy": "41.0.4", "Description": "Vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-v8gr-m533-ghj9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/github/advisory-database/pull/3472 https://github.com/openssl/openssl/pull/23362 https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 https://security.netapp.com/advisory/ntap-20240208-0006 https://www.openssl.org/news/secadv/20240125.txt http://www.openwall.com/lists/oss-security/2024/03/11/1", "FixedBy": "42.0.2", "Description": "Null pointer dereference in PKCS12 parsing", "Name": "GHSA-9v9h-cgj8-h64p", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/", "FixedBy": "41.0.6", "Description": "", "Name": "PYSEC-2023-254", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 https://nvd.nist.gov/vuln/detail/CVE-2024-26130 https://github.com/pyca/cryptography/pull/10423 https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 https://github.com/pyca/cryptography", "FixedBy": "42.0.4", "Description": "cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override", "Name": "GHSA-6vqw-3v5j-54x4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://nvd.nist.gov/vuln/detail/CVE-2023-49083 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://github.com/pyca/cryptography https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV http://www.openwall.com/lists/oss-security/2023/11/29/2", "FixedBy": "41.0.6", "Description": "cryptography vulnerable to NULL-dereference when loading PKCS7 certificates", "Name": "GHSA-jfhm-5ghh-2f97", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:6.1.2-10.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2021-43618"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2024:3214", "FixedBy": "1:6.1.2-11.el8", "Description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-43618", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [6.1, 7.8], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.28.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230711102312-30195339c3c7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20221012153701-172d655c2280", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18.2-25.el8_8", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-26458", "CVE-2024-26461", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "20.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "(devel) (git, commit e67da35ef4fff3e471a208904b2a142b27ae32b1, built at 2023-07-27T14:42:20Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5-5.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:4260", "FixedBy": "0:2.5-7.el8_10", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.46-18.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json https://access.redhat.com/errata/RHSA-2024:4264", "FixedBy": "0:2.4.46-19.el8_10", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.26.0-18.el8_8", "BaseScores": [7.5, 7.5, 5.5, 7.5, 7.3], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2023-7104", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0253", "FixedBy": "0:3.26.0-19.el8_9", "Description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "Name": "CVE-2023-7104", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.0.21-19.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.12.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "68.0.0", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "25-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:3.3-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-30630"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5252", "FixedBy": "1:3.3-4.el8_8.1", "Description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "Name": "CVE-2023-30630", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "2.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.6.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.20.0-2.1.el8_1", "BaseScores": [6.1], "CVEIds": ["CVE-2023-32681"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4520", "FixedBy": "0:2.20.0-3.el8_8", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "0.7.20-4.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.1-25.el8", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:3163", "FixedBy": "0:1.3.1-33.el8", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.4.10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230320184635-7606e756e683", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [7.8, 6.5], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.56.4-161.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "26.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.33.0-3.el8_2.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-44487", "CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:4252", "FixedBy": "0:1.33.0-6.el8_10.1", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5837", "FixedBy": "0:1.33.0-5.el8_8", "Description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "Name": "CVE-2023-44487", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1.2", "BaseScores": [3.3], "CVEIds": ["CVE-2023-5752"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "FixedBy": "23.3", "Description": "", "Name": "PYSEC-2023-228", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "FixedBy": "23.3", "Description": "Command Injection in pip when used with Mercurial", "Name": "GHSA-mq26-g339-26xf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "Score": 3.3}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.29.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.24.2-5.el8", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "Name": "CVE-2023-45803", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.21", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:4.6-17.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-4641"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:7112", "FixedBy": "2:4.6-19.el8", "Description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "Name": "CVE-2023-4641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.37.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1-modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:4.6.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.16.2", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-0.8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.53.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.4.20-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.21-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.11-21.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.20.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.12.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20220713155537-f223a00ba0e2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "go1.19.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "9.0.3-22.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.5, 4.3, 5.9], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.4-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.1.1k-9.el8_7", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.15.2", "BaseScores": [6.3, 7.8, 5.5, 7.8], "CVEIds": ["CVE-2023-4237", "CVE-2023-5764", "CVE-2024-0690", "CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-4237 https://access.redhat.com/errata/RHBA-2023:5653 https://access.redhat.com/errata/RHBA-2023:5666 https://access.redhat.com/security/cve/CVE-2023-4237 https://bugzilla.redhat.com/show_bug.cgi?id=2229979 https://github.com/ansible/ansible", "FixedBy": "introduced=2.8.0&lastAffected=2.15.2", "Description": "Ansible may expose private key", "Name": "GHSA-ww3m-ffrm-qvqv", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690 https://github.com/ansible/ansible/pull/82565 https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032 https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1 https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532 https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1 https://access.redhat.com/errata/RHSA-2024:0733 https://access.redhat.com/errata/RHSA-2024:2246 https://access.redhat.com/errata/RHSA-2024:3043 https://access.redhat.com/security/cve/CVE-2024-0690 https://bugzilla.redhat.com/show_bug.cgi?id=2259013 https://github.com/ansible/ansible https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml", "FixedBy": "2.15.9", "Description": "Ansible-core information disclosure flaw", "Name": "GHSA-h24r-m9qc-pvpg", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764 https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1 https://access.redhat.com/errata/RHSA-2023:7773 https://access.redhat.com/security/cve/CVE-2023-5764 https://bugzilla.redhat.com/show_bug.cgi?id=2247629 https://github.com/ansible/ansible https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU", "FixedBy": "2.15.8", "Description": "Ansible template injection vulnerability", "Name": "GHSA-7j69-qfc3-2fq9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.11.1-0.20230306195046-28cadc6b6055", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.4", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d https://github.com/kjd/idna https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", "FixedBy": "3.7", "Description": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode", "Name": "GHSA-jjg7-2v4v-x38h", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d", "FixedBy": "3.7", "Description": "", "Name": "PYSEC-2024-60", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.8.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.25-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.5-11.el8", "BaseScores": [7.5, 7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2023-52425", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1615", "FixedBy": "0:2.2.5-11.el8_9.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.2-19.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.1.2", "BaseScores": [6.1], "CVEIds": ["CVE-2024-22195", "CVE-2024-34064"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj https://nvd.nist.gov/vuln/detail/CVE-2024-34064 https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb https://github.com/pallets/jinja https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS", "FixedBy": "3.1.4", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h75v-3vvj-5mfj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 https://nvd.nist.gov/vuln/detail/CVE-2024-22195 https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7 https://github.com/pallets/jinja https://github.com/pallets/jinja/releases/tag/3.1.3 https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3", "FixedBy": "3.1.3", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h5c8-rqwp-cp95", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.19.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.5.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.7.22", "BaseScores": [], "CVEIds": ["CVE-2024-39689"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc https://nvd.nist.gov/vuln/detail/CVE-2024-39689 https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 https://github.com/certifi/python-certifi https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "FixedBy": "2024.07.04", "Description": "Certifi removes GLOBALTRUST root certificate", "Name": "GHSA-248v-346w-9cwc", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv-clone", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.2-4.el8", "BaseScores": [6.4], "CVEIds": ["CVE-2023-22745"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:7166", "FixedBy": "0:2.3.2-5.el8", "Description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "Name": "CVE-2023-22745", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.4}}}}]}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "1.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:95acab66b626f8b40f577d02d51b4d5e11c5fd7c801a538fd65ced08cc8ee02f", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.6.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "0.7.20-4.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.12.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230711102312-30195339c3c7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1.2", "BaseScores": [3.3], "CVEIds": ["CVE-2023-5752"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "FixedBy": "23.3", "Description": "", "Name": "PYSEC-2023-228", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "FixedBy": "23.3", "Description": "Command Injection in pip when used with Mercurial", "Name": "GHSA-mq26-g339-26xf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "Score": 3.3}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.0.21-19.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.24.2-5.el8", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "Name": "CVE-2023-45803", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:4.6-17.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-4641"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:7112", "FixedBy": "2:4.6-19.el8", "Description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "Name": "CVE-2023-4641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.53.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "20.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5-5.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:4260", "FixedBy": "0:2.5-7.el8_10", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.5-11.el8", "BaseScores": [7.5, 7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2023-52425", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1615", "FixedBy": "0:2.2.5-11.el8_9.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.8.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.11-21.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.1.2", "BaseScores": [6.1], "CVEIds": ["CVE-2024-22195", "CVE-2024-34064"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj https://nvd.nist.gov/vuln/detail/CVE-2024-34064 https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb https://github.com/pallets/jinja https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS", "FixedBy": "3.1.4", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h75v-3vvj-5mfj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 https://nvd.nist.gov/vuln/detail/CVE-2024-22195 https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7 https://github.com/pallets/jinja https://github.com/pallets/jinja/releases/tag/3.1.3 https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3", "FixedBy": "3.1.3", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h5c8-rqwp-cp95", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2023c-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.48-4.el8", "BaseScores": [3.3, 7.8], "CVEIds": ["CVE-2023-2602", "CVE-2023-2603"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "Name": "CVE-2023-2602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Name": "CVE-2023-2603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [7.8, 6.5], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-0.8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "9.0.3-22.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.1.1k-9.el8_7", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.33.0-3.el8_2.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-44487", "CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:4252", "FixedBy": "0:1.33.0-6.el8_10.1", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5837", "FixedBy": "0:1.33.0-5.el8_8", "Description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "Name": "CVE-2023-44487", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230320184635-7606e756e683", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.4", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d https://github.com/kjd/idna https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", "FixedBy": "3.7", "Description": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode", "Name": "GHSA-jjg7-2v4v-x38h", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d", "FixedBy": "3.7", "Description": "", "Name": "PYSEC-2024-60", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.11.1-0.20230306195046-28cadc6b6055", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.29.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.16-6.el8_7", "BaseScores": [6.5, 5.9, 7.5], "CVEIds": ["CVE-2021-4209", "CVE-2023-5981", "CVE-2024-0553", "CVE-2024-28834"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1784", "FixedBy": "0:3.6.16-8.el8_9.3", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0155", "FixedBy": "0:3.6.16-8.el8_9", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Name": "CVE-2023-5981", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0627", "FixedBy": "0:3.6.16-8.el8_9.1", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Name": "CVE-2024-0553", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv-clone", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "ubi8", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.12.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20220713155537-f223a00ba0e2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2022.2.54-80.2.el8_6", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18.2-25.el8_8", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-26458", "CVE-2024-26461", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "1.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.46-18.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json https://access.redhat.com/errata/RHSA-2024:4264", "FixedBy": "0:2.4.46-19.el8_10", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.25-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.33-24.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "41.0.2", "BaseScores": [7.5, 5.5, 7.5], "CVEIds": ["CVE-2023-49083", "CVE-2023-50782", "CVE-2024-0727", "CVE-2024-26130"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782 https://github.com/pyca/cryptography/issues/9785 https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 https://github.com/pyca/cryptography", "FixedBy": "42.0.0", "Description": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack", "Name": "GHSA-3ww4-gg4f-jr7f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8 https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2 https://github.com/pyca/cryptography https://www.openssl.org/news/secadv/20230714.txt https://www.openssl.org/news/secadv/20230719.txt https://www.openssl.org/news/secadv/20230731.txt", "FixedBy": "41.0.3", "Description": "pyca/cryptography's wheels include vulnerable OpenSSL", "Name": "GHSA-jm77-qphf-c4w8", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9 https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512 https://github.com/pyca/cryptography", "FixedBy": "41.0.4", "Description": "Vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-v8gr-m533-ghj9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/github/advisory-database/pull/3472 https://github.com/openssl/openssl/pull/23362 https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 https://security.netapp.com/advisory/ntap-20240208-0006 https://www.openssl.org/news/secadv/20240125.txt http://www.openwall.com/lists/oss-security/2024/03/11/1", "FixedBy": "42.0.2", "Description": "Null pointer dereference in PKCS12 parsing", "Name": "GHSA-9v9h-cgj8-h64p", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/", "FixedBy": "41.0.6", "Description": "", "Name": "PYSEC-2023-254", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 https://nvd.nist.gov/vuln/detail/CVE-2024-26130 https://github.com/pyca/cryptography/pull/10423 https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 https://github.com/pyca/cryptography", "FixedBy": "42.0.4", "Description": "cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override", "Name": "GHSA-6vqw-3v5j-54x4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://nvd.nist.gov/vuln/detail/CVE-2023-49083 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://github.com/pyca/cryptography https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV http://www.openwall.com/lists/oss-security/2023/11/29/2", "FixedBy": "41.0.6", "Description": "cryptography vulnerable to NULL-dereference when loading PKCS7 certificates", "Name": "GHSA-jfhm-5ghh-2f97", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.4.20-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:6.1.2-10.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2021-43618"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2024:3214", "FixedBy": "1:6.1.2-11.el8", "Description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-43618", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.26.16", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml https://github.com/urllib3/urllib3 https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ", "FixedBy": "1.26.17", "Description": "`Cookie` HTTP header isn't stripped on cross-origin redirects", "Name": "GHSA-v845-jxx5-vc9f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml https://github.com/urllib3/urllib3 https://github.com/urllib3/urllib3/releases/tag/1.26.18 https://github.com/urllib3/urllib3/releases/tag/2.0.7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX https://www.rfc-editor.org/rfc/rfc9110.html#name-get", "FixedBy": "1.26.18", "Description": "urllib3's request body not stripped after redirect from 303 status changes request method to GET", "Name": "GHSA-g4mx-q9vg-27p4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "go1.19.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.15.2", "BaseScores": [6.3, 7.8, 5.5, 7.8], "CVEIds": ["CVE-2023-4237", "CVE-2023-5764", "CVE-2024-0690", "CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-4237 https://access.redhat.com/errata/RHBA-2023:5653 https://access.redhat.com/errata/RHBA-2023:5666 https://access.redhat.com/security/cve/CVE-2023-4237 https://bugzilla.redhat.com/show_bug.cgi?id=2229979 https://github.com/ansible/ansible", "FixedBy": "introduced=2.8.0&lastAffected=2.15.2", "Description": "Ansible may expose private key", "Name": "GHSA-ww3m-ffrm-qvqv", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690 https://github.com/ansible/ansible/pull/82565 https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032 https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1 https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532 https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1 https://access.redhat.com/errata/RHSA-2024:0733 https://access.redhat.com/errata/RHSA-2024:2246 https://access.redhat.com/errata/RHSA-2024:3043 https://access.redhat.com/security/cve/CVE-2024-0690 https://bugzilla.redhat.com/show_bug.cgi?id=2259013 https://github.com/ansible/ansible https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml", "FixedBy": "2.15.9", "Description": "Ansible-core information disclosure flaw", "Name": "GHSA-h24r-m9qc-pvpg", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764 https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1 https://access.redhat.com/errata/RHSA-2023:7773 https://access.redhat.com/security/cve/CVE-2023-5764 https://bugzilla.redhat.com/show_bug.cgi?id=2247629 https://github.com/ansible/ansible https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU", "FixedBy": "2.15.8", "Description": "Ansible template injection vulnerability", "Name": "GHSA-7j69-qfc3-2fq9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.19.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.4-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.21-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.4.10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20221012153701-172d655c2280", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.28.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:4.6.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.26.0-18.el8_8", "BaseScores": [7.5, 7.5, 5.5, 7.5, 7.3], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2023-7104", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0253", "FixedBy": "0:3.26.0-19.el8_9", "Description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "Name": "CVE-2023-7104", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.21", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.14.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:3.3-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-30630"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5252", "FixedBy": "1:3.3-4.el8_8.1", "Description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "Name": "CVE-2023-30630", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.56.4-161.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.20.0-2.1.el8_1", "BaseScores": [6.1], "CVEIds": ["CVE-2023-32681"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4520", "FixedBy": "0:2.20.0-3.el8_8", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.2-4.el8", "BaseScores": [6.4], "CVEIds": ["CVE-2023-22745"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:7166", "FixedBy": "0:2.3.2-5.el8", "Description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "Name": "CVE-2023-22745", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.4}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "68.0.0", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [6.1, 7.8], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "25-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.1-25.el8", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:3163", "FixedBy": "0:1.3.1-33.el8", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.2-19.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.5, 4.3, 5.9], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.7.22", "BaseScores": [], "CVEIds": ["CVE-2024-39689"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc https://nvd.nist.gov/vuln/detail/CVE-2024-39689 https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 https://github.com/certifi/python-certifi https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "FixedBy": "2024.07.04", "Description": "Certifi removes GLOBALTRUST root certificate", "Name": "GHSA-248v-346w-9cwc", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.7-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "26.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.16.2", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "2.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.19.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pyasn1-modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.17.4-0.20230223191600-0131a6301e42", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.5.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.37.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.20.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-quay-cve.txt
index fb1f15b4d0..4559ba5abb 100644
--- a/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:294f2c6d884994aa58af31fea379e9b036bb95fb8babaa1321f6691bb351439e", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v5.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221221325-2ac9dc51f3f1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2:4.6-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf-pkg-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:2.027-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.28-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213143201-ec583247a57a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:4.6.0-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "42.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.26.20", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20220623-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.1.4-12.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.13.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.5-7.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acc_provision", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:49fc87ec34bc91cf3d389b9cc3168ba930523801c99d4faa3cb7240b0dc3b914", "Version": "6.1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.39.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-pkcs11", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.4.10-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "70.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.39-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ruamel.yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:49fc87ec34bc91cf3d389b9cc3168ba930523801c99d4faa3cb7240b0dc3b914", "Version": "0.18.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-gconv-extra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.20-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.21-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:0.237-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kernel-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.18.0-553.22.1.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "go1.21.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.06-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "25-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "20160104-7.module+el8.3.0+6498+9eecfe51", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "5.72-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.4.20-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3:1.49-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.28-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "ruamel.yaml.clib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:49fc87ec34bc91cf3d389b9cc3168ba930523801c99d4faa3cb7240b0dc3b914", "Version": "0.2.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Unicode-Normalize", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.25-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.10-0.3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cpp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "20.26.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-unbound", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2013.0523-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221002015-b0ce06bbee7c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.30-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.61.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxkbcommon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.19.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.074-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:3.35-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "unbound-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyopenssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "24.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.2-20.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.26.0-19.el8_9", "BaseScores": [7.5, 7.5, 5.5, 7.5], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.1.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "3.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.3.1-34.el8_10", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:6.1.2-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.5-13.el8_10", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.56.4-162.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.22", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2023.2.60_v7.0.306-80.0.el8_8", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads-shared", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.58-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.21.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.73-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.066-4.module+el8.3.0+6446+594cad75", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:0.17025-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools-rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.10.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.3.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.18.1", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.33.0-6.el8_10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2024.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf-m4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.0.21-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.24.2-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2023.11.15", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.16-8.el8_9.3", "BaseScores": [6.5], "CVEIds": ["CVE-2021-4209"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.4.46-19.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.280-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "2.1.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:26.1-12.el8_10", "BaseScores": [7.3], "CVEIds": ["CVE-2022-48338", "CVE-2024-30204"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48338.json", "FixedBy": "", "Description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "Name": "CVE-2022-48338", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 7.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024a-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.15-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.74-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.167-399.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.1-23.20170329cvs.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9.7-18.el8_10.1", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.3.7-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/ansible-operator-plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "(devel) (git, commit 42b5d80c75f1ddda8f2dbe1629b9454d366a8d6a, built at 2024-07-15T16:58:27Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.1.0-9.1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.07-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:3.5-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:2.97-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:2.21-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.1.8-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "69.5.1", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.25-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rust-std-static", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shared-mime-info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.9-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.18.2-28.el8_10", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.1.1k-14.el8_6", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "6.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.48-6.el8_9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.15.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.55-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.38-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.20.0-3.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "530-3.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024.7.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1_modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "29.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "binutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.30-123.el8", "BaseScores": [9.8, 7.5, 6.5, 5.5, 5.5, 5.5, 7.5, 5.5, 7.5, 5.5, 6.5, 5.5, 5.5, 7.5, 5.5, 5.5, 5.5, 6.5, 5.5, 6.1, 5.5, 5.5, 5.5, 5.5, 5.5, 7.8, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 7.1, 5.5, 5.5, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 5.5, 7.8, 5.5], "CVEIds": ["CVE-2018-1000876", "CVE-2018-12641", "CVE-2018-12697", "CVE-2018-12698", "CVE-2018-12699", "CVE-2018-12700", "CVE-2018-12934", "CVE-2018-17360", "CVE-2018-17794", "CVE-2018-17985", "CVE-2018-18309", "CVE-2018-18483", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607", "CVE-2018-18700", "CVE-2018-18701", "CVE-2018-19932", "CVE-2018-20002", "CVE-2018-20623", "CVE-2018-20651", "CVE-2018-20657", "CVE-2018-20671", "CVE-2018-20673", "CVE-2018-6872", "CVE-2019-12972", "CVE-2019-14250", "CVE-2019-9071", "CVE-2019-9075", "CVE-2019-9077", "CVE-2020-16598", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3826", "CVE-2021-45078", "CVE-2022-38533", "CVE-2022-44840", "CVE-2022-47007", "CVE-2022-47008", "CVE-2022-47010", "CVE-2022-47011", "CVE-2023-1972", "CVE-2023-25584", "CVE-2023-25585", "CVE-2023-25588"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12699 https://bugzilla.redhat.com/show_bug.cgi?id=1595427 https://www.cve.org/CVERecord?id=CVE-2018-12699 https://nvd.nist.gov/vuln/detail/CVE-2018-12699 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-12699.json", "FixedBy": "", "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", "Name": "CVE-2018-12699", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17794 https://bugzilla.redhat.com/show_bug.cgi?id=1635082 https://www.cve.org/CVERecord?id=CVE-2018-17794 https://nvd.nist.gov/vuln/detail/CVE-2018-17794 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17794.json", "FixedBy": "", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", "Name": "CVE-2018-17794", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12700 https://bugzilla.redhat.com/show_bug.cgi?id=1595437 https://www.cve.org/CVERecord?id=CVE-2018-12700 https://nvd.nist.gov/vuln/detail/CVE-2018-12700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12700.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2018-12700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12972 https://bugzilla.redhat.com/show_bug.cgi?id=1831873 https://www.cve.org/CVERecord?id=CVE-2019-12972 https://nvd.nist.gov/vuln/detail/CVE-2019-12972 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12972.json", "FixedBy": "", "Description": "An out-of-bounds read was discovered in Binutils while it processes a malformed ELF relocatable file (.o file). A victim user who uses Binutils tools (size, gdb, readelf) to analyze untrusted binaries, may be vulnerable to a denial of service attack.", "Name": "CVE-2019-12972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-38533.json", "FixedBy": "", "Description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "Name": "CVE-2022-38533", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18309 https://bugzilla.redhat.com/show_bug.cgi?id=1639911 https://www.cve.org/CVERecord?id=CVE-2018-18309 https://nvd.nist.gov/vuln/detail/CVE-2018-18309 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18309.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.", "Name": "CVE-2018-18309", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12697 https://bugzilla.redhat.com/show_bug.cgi?id=1595417 https://www.cve.org/CVERecord?id=CVE-2018-12697 https://nvd.nist.gov/vuln/detail/CVE-2018-12697 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12697.json", "FixedBy": "", "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", "Name": "CVE-2018-12697", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18700 https://bugzilla.redhat.com/show_bug.cgi?id=1646535 https://www.cve.org/CVERecord?id=CVE-2018-18700 https://nvd.nist.gov/vuln/detail/CVE-2018-18700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18700.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12934 https://bugzilla.redhat.com/show_bug.cgi?id=1597853 https://www.cve.org/CVERecord?id=CVE-2018-12934 https://nvd.nist.gov/vuln/detail/CVE-2018-12934 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12934.json", "FixedBy": "", "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", "Name": "CVE-2018-12934", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35496 https://bugzilla.redhat.com/show_bug.cgi?id=1911444 https://www.cve.org/CVERecord?id=CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35496.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35496", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "FixedBy": "", "Description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "Name": "CVE-2023-1972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18484 https://bugzilla.redhat.com/show_bug.cgi?id=1645958 https://www.cve.org/CVERecord?id=CVE-2018-18484 https://nvd.nist.gov/vuln/detail/CVE-2018-18484 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18484.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", "Name": "CVE-2018-18484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12698 https://bugzilla.redhat.com/show_bug.cgi?id=1595419 https://www.cve.org/CVERecord?id=CVE-2018-12698 https://nvd.nist.gov/vuln/detail/CVE-2018-12698 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12698.json", "FixedBy": "", "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", "Name": "CVE-2018-12698", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20002 https://bugzilla.redhat.com/show_bug.cgi?id=1661534 https://www.cve.org/CVERecord?id=CVE-2018-20002 https://nvd.nist.gov/vuln/detail/CVE-2018-20002 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20002.json", "FixedBy": "", "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", "Name": "CVE-2018-20002", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20671 https://bugzilla.redhat.com/show_bug.cgi?id=1664712 https://www.cve.org/CVERecord?id=CVE-2018-20671 https://nvd.nist.gov/vuln/detail/CVE-2018-20671 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20671.json", "FixedBy": "", "Description": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.", "Name": "CVE-2018-20671", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35495 https://bugzilla.redhat.com/show_bug.cgi?id=1911441 https://www.cve.org/CVERecord?id=CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35495.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability.", "Name": "CVE-2020-35495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3826.json", "FixedBy": "", "Description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "Name": "CVE-2021-3826", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9071 https://bugzilla.redhat.com/show_bug.cgi?id=1680657 https://www.cve.org/CVERecord?id=CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9071.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.", "Name": "CVE-2019-9071", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35494 https://bugzilla.redhat.com/show_bug.cgi?id=1911439 https://www.cve.org/CVERecord?id=CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35494.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality.", "Name": "CVE-2020-35494", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "Score": 6.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35493 https://bugzilla.redhat.com/show_bug.cgi?id=1911437 https://www.cve.org/CVERecord?id=CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35493.json", "FixedBy": "", "Description": "A flaw was found in Binutils in bfd/pef.c. This flaw allows an attacker who can submit a crafted PEF file to be parsed by objdump to cause a heap buffer overflow, leading to an out-of-bounds read. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2020-35493", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18607 https://bugzilla.redhat.com/show_bug.cgi?id=1647421 https://www.cve.org/CVERecord?id=CVE-2018-18607 https://nvd.nist.gov/vuln/detail/CVE-2018-18607 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18607.json", "FixedBy": "", "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18607", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35507 https://bugzilla.redhat.com/show_bug.cgi?id=1911691 https://www.cve.org/CVERecord?id=CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35507.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35507", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18605 https://bugzilla.redhat.com/show_bug.cgi?id=1647403 https://www.cve.org/CVERecord?id=CVE-2018-18605 https://nvd.nist.gov/vuln/detail/CVE-2018-18605 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18605.json", "FixedBy": "", "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18605", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20673 https://bugzilla.redhat.com/show_bug.cgi?id=1664709 https://www.cve.org/CVERecord?id=CVE-2018-20673 https://nvd.nist.gov/vuln/detail/CVE-2018-20673 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20673.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Name": "CVE-2018-20673", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18483 https://bugzilla.redhat.com/show_bug.cgi?id=1645957 https://www.cve.org/CVERecord?id=CVE-2018-18483 https://nvd.nist.gov/vuln/detail/CVE-2018-18483 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18483.json", "FixedBy": "", "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", "Name": "CVE-2018-18483", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-16598 https://bugzilla.redhat.com/show_bug.cgi?id=1906756 https://www.cve.org/CVERecord?id=CVE-2020-16598 https://nvd.nist.gov/vuln/detail/CVE-2020-16598 https://sourceware.org/bugzilla/show_bug.cgi?id=25840 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-16598.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2020-16598", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12641 https://bugzilla.redhat.com/show_bug.cgi?id=1594410 https://www.cve.org/CVERecord?id=CVE-2018-12641 https://nvd.nist.gov/vuln/detail/CVE-2018-12641 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12641.json", "FixedBy": "", "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", "Name": "CVE-2018-12641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17360 https://bugzilla.redhat.com/show_bug.cgi?id=1632921 https://www.cve.org/CVERecord?id=CVE-2018-17360 https://nvd.nist.gov/vuln/detail/CVE-2018-17360 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17360.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.", "Name": "CVE-2018-17360", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25588 https://bugzilla.redhat.com/show_bug.cgi?id=2167505 https://www.cve.org/CVERecord?id=CVE-2023-25588 https://nvd.nist.gov/vuln/detail/CVE-2023-25588 https://sourceware.org/bugzilla/show_bug.cgi?id=29677 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25588.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.", "Name": "CVE-2023-25588", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19932 https://bugzilla.redhat.com/show_bug.cgi?id=1658949 https://www.cve.org/CVERecord?id=CVE-2018-19932 https://nvd.nist.gov/vuln/detail/CVE-2018-19932 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19932.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", "Name": "CVE-2018-19932", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20623 https://bugzilla.redhat.com/show_bug.cgi?id=1664700 https://www.cve.org/CVERecord?id=CVE-2018-20623 https://nvd.nist.gov/vuln/detail/CVE-2018-20623 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20623.json", "FixedBy": "", "Description": "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.", "Name": "CVE-2018-20623", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20651 https://bugzilla.redhat.com/show_bug.cgi?id=1664703 https://www.cve.org/CVERecord?id=CVE-2018-20651 https://nvd.nist.gov/vuln/detail/CVE-2018-20651 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20651.json", "FixedBy": "", "Description": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-20651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25585 https://bugzilla.redhat.com/show_bug.cgi?id=2167498 https://www.cve.org/CVERecord?id=CVE-2023-25585 https://nvd.nist.gov/vuln/detail/CVE-2023-25585 https://sourceware.org/bugzilla/show_bug.cgi?id=29892 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25585.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.", "Name": "CVE-2023-25585", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25584 https://bugzilla.redhat.com/show_bug.cgi?id=2167467 https://www.cve.org/CVERecord?id=CVE-2023-25584 https://nvd.nist.gov/vuln/detail/CVE-2023-25584 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25584.json", "FixedBy": "", "Description": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "Name": "CVE-2023-25584", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17985 https://bugzilla.redhat.com/show_bug.cgi?id=1652723 https://www.cve.org/CVERecord?id=CVE-2018-17985 https://nvd.nist.gov/vuln/detail/CVE-2018-17985 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17985.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", "Name": "CVE-2018-17985", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18606 https://bugzilla.redhat.com/show_bug.cgi?id=1647415 https://www.cve.org/CVERecord?id=CVE-2018-18606 https://nvd.nist.gov/vuln/detail/CVE-2018-18606 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18606.json", "FixedBy": "", "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18701 https://bugzilla.redhat.com/show_bug.cgi?id=1646529 https://www.cve.org/CVERecord?id=CVE-2018-18701 https://nvd.nist.gov/vuln/detail/CVE-2018-18701 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18701.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18701", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-6872 https://bugzilla.redhat.com/show_bug.cgi?id=1543969 https://www.cve.org/CVERecord?id=CVE-2018-6872 https://nvd.nist.gov/vuln/detail/CVE-2018-6872 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-6872.json", "FixedBy": "", "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", "Name": "CVE-2018-6872", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla.redhat.com/show_bug.cgi?id=1664699 https://www.cve.org/CVERecord?id=CVE-2018-1000876 https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000876.json", "FixedBy": "", "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", "Name": "CVE-2018-1000876", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9075 https://bugzilla.redhat.com/show_bug.cgi?id=1680669 https://www.cve.org/CVERecord?id=CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9075.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", "Name": "CVE-2019-9075", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "FixedBy": "", "Description": "An out-of-bounds flaw was found in binutils\u2019 stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "Name": "CVE-2021-45078", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9077 https://bugzilla.redhat.com/show_bug.cgi?id=1680675 https://www.cve.org/CVERecord?id=CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9077.json", "FixedBy": "", "Description": "A vulnerability was found in the readelf utility in GNU Binutils. This issue involves a heap-based buffer overflow in the process_mips_specific function, which can be triggered by a malformed MIPS option section in binary files.", "Name": "CVE-2019-9077", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "FixedBy": "", "Description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "Name": "CVE-2022-44840", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.1.1k-14.el8_6", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:1.69-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "llvm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "17.0.6-3.module+el8.10.0+22125+1509a634", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "5.33-26.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "semantic-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.88-2.module+el8.6.0+13392+f0897f98", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.33-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xkeyboard-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.28-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.15.11", "BaseScores": [6.3], "CVEIds": ["CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.48.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "isl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.16.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:2.50-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.42-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.11-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.22.3-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.37-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.230.600-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213162025-012b6fc9bca9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "23.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.26.18", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:294f2c6d884994aa58af31fea379e9b036bb95fb8babaa1321f6691bb351439e", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shared-mime-info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.9-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.3.1-34.el8_10", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.39.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.18.1", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-pkcs11", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.4.10-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.1.1k-14.el8_6", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.26.18", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.16-8.el8_9.3", "BaseScores": [6.5], "CVEIds": ["CVE-2021-4209"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.26.20", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads-shared", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.58-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2023.2.60_v7.0.306-80.0.el8_8", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.55-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Unicode-Normalize", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.25-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.15.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024a-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.88-2.module+el8.6.0+13392+f0897f98", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.33.0-6.el8_10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "5.72-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.20.0-3.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "2.1.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "23.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.3.7-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.20-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.1.0-9.1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/ansible-operator-plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "(devel) (git, commit 42b5d80c75f1ddda8f2dbe1629b9454d366a8d6a, built at 2024-07-15T16:58:27Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2:4.6-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221002015-b0ce06bbee7c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.5-13.el8_10", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "go1.21.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.33-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "20160104-7.module+el8.3.0+6498+9eecfe51", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf-m4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.07-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rust-std-static", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:0.17025-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "setuptools-rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.10.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:3.35-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "unbound-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "69.5.1", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2023.11.15", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.167-399.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "kernel-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.18.0-553.22.1.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:26.1-12.el8_10", "BaseScores": [7.3], "CVEIds": ["CVE-2022-48338", "CVE-2024-30204"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48338.json", "FixedBy": "", "Description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "Name": "CVE-2022-48338", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 7.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.21-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "70.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.22.3-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.42-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.5-7.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.48-6.el8_9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.30-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf-pkg-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:2.97-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.48.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "libxcrypt-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.61.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.24.2-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.0.21-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.28-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.4.20-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20220623-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.73-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9.7-18.el8_10.1", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.1.4-12.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.56.4-162.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.11-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "530-3.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:2.027-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxkbcommon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "25-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.26.0-19.el8_9", "BaseScores": [7.5, 7.5, 5.5, 7.5], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.1.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.74-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-unbound", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.39-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.19.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "cpp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:3.5-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.280-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:1.69-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.066-4.module+el8.3.0+6446+594cad75", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "5.33-26.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.3.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "42.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "semantic-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.230.600-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v5.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.15.11", "BaseScores": [6.3], "CVEIds": ["CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}]}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.10-0.3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyopenssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "24.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "platform-python-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ruamel.yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:49fc87ec34bc91cf3d389b9cc3168ba930523801c99d4faa3cb7240b0dc3b914", "Version": "0.18.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:2.21-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.13.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.18.2-28.el8_10", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221221325-2ac9dc51f3f1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.06-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "ruamel.yaml.clib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:49fc87ec34bc91cf3d389b9cc3168ba930523801c99d4faa3cb7240b0dc3b914", "Version": "0.2.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.2-20.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.25-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "20.26.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3:1.49-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.1-23.20170329cvs.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:2.50-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2024.2.2", "BaseScores": [], "CVEIds": ["CVE-2024-39689"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc https://nvd.nist.gov/vuln/detail/CVE-2024-39689 https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 https://github.com/certifi/python-certifi https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "FixedBy": "2024.07.04", "Description": "Certifi removes GLOBALTRUST root certificate", "Name": "GHSA-248v-346w-9cwc", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:0.237-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.074-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "binutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.30-123.el8", "BaseScores": [9.8, 7.5, 6.5, 5.5, 5.5, 5.5, 7.5, 5.5, 7.5, 5.5, 6.5, 5.5, 5.5, 7.5, 5.5, 5.5, 5.5, 6.5, 5.5, 6.1, 5.5, 5.5, 5.5, 5.5, 5.5, 7.8, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 7.1, 5.5, 5.5, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 5.5, 7.8, 5.5], "CVEIds": ["CVE-2018-1000876", "CVE-2018-12641", "CVE-2018-12697", "CVE-2018-12698", "CVE-2018-12699", "CVE-2018-12700", "CVE-2018-12934", "CVE-2018-17360", "CVE-2018-17794", "CVE-2018-17985", "CVE-2018-18309", "CVE-2018-18483", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607", "CVE-2018-18700", "CVE-2018-18701", "CVE-2018-19932", "CVE-2018-20002", "CVE-2018-20623", "CVE-2018-20651", "CVE-2018-20657", "CVE-2018-20671", "CVE-2018-20673", "CVE-2018-6872", "CVE-2019-12972", "CVE-2019-14250", "CVE-2019-9071", "CVE-2019-9075", "CVE-2019-9077", "CVE-2020-16598", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3826", "CVE-2021-45078", "CVE-2022-38533", "CVE-2022-44840", "CVE-2022-47007", "CVE-2022-47008", "CVE-2022-47010", "CVE-2022-47011", "CVE-2023-1972", "CVE-2023-25584", "CVE-2023-25585", "CVE-2023-25588"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12699 https://bugzilla.redhat.com/show_bug.cgi?id=1595427 https://www.cve.org/CVERecord?id=CVE-2018-12699 https://nvd.nist.gov/vuln/detail/CVE-2018-12699 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-12699.json", "FixedBy": "", "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", "Name": "CVE-2018-12699", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17794 https://bugzilla.redhat.com/show_bug.cgi?id=1635082 https://www.cve.org/CVERecord?id=CVE-2018-17794 https://nvd.nist.gov/vuln/detail/CVE-2018-17794 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17794.json", "FixedBy": "", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", "Name": "CVE-2018-17794", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12700 https://bugzilla.redhat.com/show_bug.cgi?id=1595437 https://www.cve.org/CVERecord?id=CVE-2018-12700 https://nvd.nist.gov/vuln/detail/CVE-2018-12700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12700.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2018-12700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12972 https://bugzilla.redhat.com/show_bug.cgi?id=1831873 https://www.cve.org/CVERecord?id=CVE-2019-12972 https://nvd.nist.gov/vuln/detail/CVE-2019-12972 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12972.json", "FixedBy": "", "Description": "An out-of-bounds read was discovered in Binutils while it processes a malformed ELF relocatable file (.o file). A victim user who uses Binutils tools (size, gdb, readelf) to analyze untrusted binaries, may be vulnerable to a denial of service attack.", "Name": "CVE-2019-12972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-38533.json", "FixedBy": "", "Description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "Name": "CVE-2022-38533", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18309 https://bugzilla.redhat.com/show_bug.cgi?id=1639911 https://www.cve.org/CVERecord?id=CVE-2018-18309 https://nvd.nist.gov/vuln/detail/CVE-2018-18309 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18309.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.", "Name": "CVE-2018-18309", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12697 https://bugzilla.redhat.com/show_bug.cgi?id=1595417 https://www.cve.org/CVERecord?id=CVE-2018-12697 https://nvd.nist.gov/vuln/detail/CVE-2018-12697 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12697.json", "FixedBy": "", "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", "Name": "CVE-2018-12697", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18700 https://bugzilla.redhat.com/show_bug.cgi?id=1646535 https://www.cve.org/CVERecord?id=CVE-2018-18700 https://nvd.nist.gov/vuln/detail/CVE-2018-18700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18700.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12934 https://bugzilla.redhat.com/show_bug.cgi?id=1597853 https://www.cve.org/CVERecord?id=CVE-2018-12934 https://nvd.nist.gov/vuln/detail/CVE-2018-12934 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12934.json", "FixedBy": "", "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", "Name": "CVE-2018-12934", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35496 https://bugzilla.redhat.com/show_bug.cgi?id=1911444 https://www.cve.org/CVERecord?id=CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35496.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35496", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "FixedBy": "", "Description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "Name": "CVE-2023-1972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18484 https://bugzilla.redhat.com/show_bug.cgi?id=1645958 https://www.cve.org/CVERecord?id=CVE-2018-18484 https://nvd.nist.gov/vuln/detail/CVE-2018-18484 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18484.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", "Name": "CVE-2018-18484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12698 https://bugzilla.redhat.com/show_bug.cgi?id=1595419 https://www.cve.org/CVERecord?id=CVE-2018-12698 https://nvd.nist.gov/vuln/detail/CVE-2018-12698 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12698.json", "FixedBy": "", "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", "Name": "CVE-2018-12698", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20002 https://bugzilla.redhat.com/show_bug.cgi?id=1661534 https://www.cve.org/CVERecord?id=CVE-2018-20002 https://nvd.nist.gov/vuln/detail/CVE-2018-20002 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20002.json", "FixedBy": "", "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", "Name": "CVE-2018-20002", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20671 https://bugzilla.redhat.com/show_bug.cgi?id=1664712 https://www.cve.org/CVERecord?id=CVE-2018-20671 https://nvd.nist.gov/vuln/detail/CVE-2018-20671 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20671.json", "FixedBy": "", "Description": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.", "Name": "CVE-2018-20671", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35495 https://bugzilla.redhat.com/show_bug.cgi?id=1911441 https://www.cve.org/CVERecord?id=CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35495.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability.", "Name": "CVE-2020-35495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3826.json", "FixedBy": "", "Description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "Name": "CVE-2021-3826", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9071 https://bugzilla.redhat.com/show_bug.cgi?id=1680657 https://www.cve.org/CVERecord?id=CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9071.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.", "Name": "CVE-2019-9071", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35494 https://bugzilla.redhat.com/show_bug.cgi?id=1911439 https://www.cve.org/CVERecord?id=CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35494.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality.", "Name": "CVE-2020-35494", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "Score": 6.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35493 https://bugzilla.redhat.com/show_bug.cgi?id=1911437 https://www.cve.org/CVERecord?id=CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35493.json", "FixedBy": "", "Description": "A flaw was found in Binutils in bfd/pef.c. This flaw allows an attacker who can submit a crafted PEF file to be parsed by objdump to cause a heap buffer overflow, leading to an out-of-bounds read. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2020-35493", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18607 https://bugzilla.redhat.com/show_bug.cgi?id=1647421 https://www.cve.org/CVERecord?id=CVE-2018-18607 https://nvd.nist.gov/vuln/detail/CVE-2018-18607 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18607.json", "FixedBy": "", "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18607", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35507 https://bugzilla.redhat.com/show_bug.cgi?id=1911691 https://www.cve.org/CVERecord?id=CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35507.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35507", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18605 https://bugzilla.redhat.com/show_bug.cgi?id=1647403 https://www.cve.org/CVERecord?id=CVE-2018-18605 https://nvd.nist.gov/vuln/detail/CVE-2018-18605 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18605.json", "FixedBy": "", "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18605", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20673 https://bugzilla.redhat.com/show_bug.cgi?id=1664709 https://www.cve.org/CVERecord?id=CVE-2018-20673 https://nvd.nist.gov/vuln/detail/CVE-2018-20673 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20673.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Name": "CVE-2018-20673", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18483 https://bugzilla.redhat.com/show_bug.cgi?id=1645957 https://www.cve.org/CVERecord?id=CVE-2018-18483 https://nvd.nist.gov/vuln/detail/CVE-2018-18483 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18483.json", "FixedBy": "", "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", "Name": "CVE-2018-18483", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-16598 https://bugzilla.redhat.com/show_bug.cgi?id=1906756 https://www.cve.org/CVERecord?id=CVE-2020-16598 https://nvd.nist.gov/vuln/detail/CVE-2020-16598 https://sourceware.org/bugzilla/show_bug.cgi?id=25840 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-16598.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2020-16598", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12641 https://bugzilla.redhat.com/show_bug.cgi?id=1594410 https://www.cve.org/CVERecord?id=CVE-2018-12641 https://nvd.nist.gov/vuln/detail/CVE-2018-12641 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12641.json", "FixedBy": "", "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", "Name": "CVE-2018-12641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17360 https://bugzilla.redhat.com/show_bug.cgi?id=1632921 https://www.cve.org/CVERecord?id=CVE-2018-17360 https://nvd.nist.gov/vuln/detail/CVE-2018-17360 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17360.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.", "Name": "CVE-2018-17360", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25588 https://bugzilla.redhat.com/show_bug.cgi?id=2167505 https://www.cve.org/CVERecord?id=CVE-2023-25588 https://nvd.nist.gov/vuln/detail/CVE-2023-25588 https://sourceware.org/bugzilla/show_bug.cgi?id=29677 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25588.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.", "Name": "CVE-2023-25588", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19932 https://bugzilla.redhat.com/show_bug.cgi?id=1658949 https://www.cve.org/CVERecord?id=CVE-2018-19932 https://nvd.nist.gov/vuln/detail/CVE-2018-19932 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19932.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", "Name": "CVE-2018-19932", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20623 https://bugzilla.redhat.com/show_bug.cgi?id=1664700 https://www.cve.org/CVERecord?id=CVE-2018-20623 https://nvd.nist.gov/vuln/detail/CVE-2018-20623 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20623.json", "FixedBy": "", "Description": "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.", "Name": "CVE-2018-20623", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20651 https://bugzilla.redhat.com/show_bug.cgi?id=1664703 https://www.cve.org/CVERecord?id=CVE-2018-20651 https://nvd.nist.gov/vuln/detail/CVE-2018-20651 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20651.json", "FixedBy": "", "Description": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-20651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25585 https://bugzilla.redhat.com/show_bug.cgi?id=2167498 https://www.cve.org/CVERecord?id=CVE-2023-25585 https://nvd.nist.gov/vuln/detail/CVE-2023-25585 https://sourceware.org/bugzilla/show_bug.cgi?id=29892 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25585.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.", "Name": "CVE-2023-25585", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25584 https://bugzilla.redhat.com/show_bug.cgi?id=2167467 https://www.cve.org/CVERecord?id=CVE-2023-25584 https://nvd.nist.gov/vuln/detail/CVE-2023-25584 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25584.json", "FixedBy": "", "Description": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "Name": "CVE-2023-25584", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17985 https://bugzilla.redhat.com/show_bug.cgi?id=1652723 https://www.cve.org/CVERecord?id=CVE-2018-17985 https://nvd.nist.gov/vuln/detail/CVE-2018-17985 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17985.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", "Name": "CVE-2018-17985", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18606 https://bugzilla.redhat.com/show_bug.cgi?id=1647415 https://www.cve.org/CVERecord?id=CVE-2018-18606 https://nvd.nist.gov/vuln/detail/CVE-2018-18606 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18606.json", "FixedBy": "", "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18701 https://bugzilla.redhat.com/show_bug.cgi?id=1646529 https://www.cve.org/CVERecord?id=CVE-2018-18701 https://nvd.nist.gov/vuln/detail/CVE-2018-18701 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18701.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18701", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-6872 https://bugzilla.redhat.com/show_bug.cgi?id=1543969 https://www.cve.org/CVERecord?id=CVE-2018-6872 https://nvd.nist.gov/vuln/detail/CVE-2018-6872 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-6872.json", "FixedBy": "", "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", "Name": "CVE-2018-6872", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla.redhat.com/show_bug.cgi?id=1664699 https://www.cve.org/CVERecord?id=CVE-2018-1000876 https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000876.json", "FixedBy": "", "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", "Name": "CVE-2018-1000876", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9075 https://bugzilla.redhat.com/show_bug.cgi?id=1680669 https://www.cve.org/CVERecord?id=CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9075.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", "Name": "CVE-2019-9075", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "FixedBy": "", "Description": "An out-of-bounds flaw was found in binutils\u2019 stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "Name": "CVE-2021-45078", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9077 https://bugzilla.redhat.com/show_bug.cgi?id=1680675 https://www.cve.org/CVERecord?id=CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9077.json", "FixedBy": "", "Description": "A vulnerability was found in the readelf utility in GNU Binutils. This issue involves a heap-based buffer overflow in the process_mips_specific function, which can be triggered by a malformed MIPS option section in binary files.", "Name": "CVE-2019-9077", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "FixedBy": "", "Description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "Name": "CVE-2022-44840", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libpkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:6.1.2-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.22", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213143201-ec583247a57a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:4.6.0-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.21.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xkeyboard-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.28-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "3.15-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2013.0523-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.1.8-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "6.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024.7.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.4.46-19.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.28-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "3.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-gconv-extra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "isl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "0.16.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213162025-012b6fc9bca9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "29.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1:1.1.1k-14.el8_6", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "acc_provision", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:49fc87ec34bc91cf3d389b9cc3168ba930523801c99d4faa3cb7240b0dc3b914", "Version": "6.1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "2.37-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1_modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "llvm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "17.0.6-3.module+el8.10.0+22125+1509a634", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d50e79740b23276a0065898f4b838c6ce334f32169435fbe1023444d24138af9", "Version": "1.38-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-quay-cve.txt
index 45e168a158..0ed3126cbe 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:1f13918d3bca1ea2cac4b77bc1af2dfa448cca347bd4012f489a16f3f448e336", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shastrinator/kube-admission-webhook", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240712005226-d905af558e63", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:1f13918d3bca1ea2cac4b77bc1af2dfa448cca347bd4012f489a16f3f448e336", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shastrinator/kube-admission-webhook", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20240712005226-d905af558e63", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1557d542b7ce44babc3db92c1abfd6a82dcc4a672b6c1cb4ac2968edcb71498e", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-quay-cve.txt
index b1b5612988..09b57d9b87 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:1e8bf6b58a71aadd9128d9aa210d0f5dfb69b6116516fea172ef54d897d031b5", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20180305231024-9cad4c3443a7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/option", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/metrics", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/goutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker-credential-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.27.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cyphar/filepath-securejoin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/x448/float16", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "contrib.go.opencensus.io/exporter/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.130.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/square/go-jose.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/mcs-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "go1.20.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/blackmagic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spaolacci/murmur3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/subosito/gotenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rivo/uniseg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ryanuber/go-glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-containerregistry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/jwalterweatherman", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lithammer/dedent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cast", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/klauspost/compress", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/reflectwalk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20200713203337-b2494ecb17dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/cli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/jwx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20190611155906-901d90724c79", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.117.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pelletier/go-toml/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cncf/xds/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230310173818-32f1caf87195", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rogpeppe/go-internal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/MakeNowJust/heredoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/mattn/go-colorable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/istio", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel) (git, commit 0183f2886bc078e8df4d6bbd21fa452a3a23481d, built at 2023-07-21T20:31:00Z, dirty)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/googleapis/enterprise-certificate-proxy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-wordwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/image-spec", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0-rc3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/liggitt/tabwriter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20181228230101-89fcab3d43de", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-isatty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.18", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v4.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20211013185944-b0039bd2cfe3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/logging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/iter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/gateway-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/census-instrumentation/opencensus-proto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/mapstructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gopkg.in/evanphx/json-patch.v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v4.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/googleapis/gax-go/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.34.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logfmt/logfmt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/exponent-io/jsonpath", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20151013193312-d6023ce2651d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.22.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kylelemons/godebug", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pmezard/go-difflib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/httpcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel) (git, commit 9edcffcde5595e8a5b1a35f88c421764e575afce, built at 2024-08-13T07:28:48Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.17.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/monochromegane/go-gitignore", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20200626010858-205db1a8cc00", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shopspring/decimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20240711033017-18e509b52bc8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.42.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230313181309-38a27ef9d749", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/miekg/dns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.53", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gobwas/glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230321023759-10a507213a29", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opencensus.io", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v5.6.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20190905194746-02993c407bfb", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/cheggaaa/pb/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/appengine", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.6.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/errwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-multierror", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/backoff/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.14.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/shlex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20191202100458-e7afc7fbc510", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.30.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/magiconair/properties", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fxamacker/cbor/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/distribution", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.8.2+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230713061407-06047cce866f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.18.1-0.20230713061908-17d95fabac25", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/viper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonschema", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "helm.sh/helm/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/orderedmap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/BurntSushi/toml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fvbommel/sortorder", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/ini.v1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.67.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/russross/blackfriday/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.54.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-errors/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20221205130635-1aeaba878587", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230327201221-f5883ff37f0c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kustomize/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v5.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/pkg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230524020242-1015535057be", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-middleware", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.13.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cpuguy83/go-md2man/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/daviddengcn/go-colortext", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-runewidth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.14", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/grafana/regexp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20221122212121-6b5c0a4cb7fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/color", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230525235612-a134d8f9ddca", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/semver/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/compute/metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/hcl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/sprig/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.19.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/chai2010/gettext-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/peterbourgon/diskv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.1+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/huandu/xstrings", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/golang-lru/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/VividCortex/ewma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stretchr/testify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/camelcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/pretty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20180127040603-bd5ef7bd5415", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/hashicorp/go-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230410155749-daa745c078e1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.13.1-0.20230315234915-a26de2d610c3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.43.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-kit/log", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/longrunning", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.55.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/protoc-gen-validate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/s2a-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d5f9c19da9de4660f8f6ed79f46d13d473535ec6eb3eb699066dc2694747e515", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/statsd_exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/go-control-plane", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.11.1-0.20230416233444-7f2a3030ef40", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/copystructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:1e8bf6b58a71aadd9128d9aa210d0f5dfb69b6116516fea172ef54d897d031b5", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cncf/xds/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230310173818-32f1caf87195", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/lestrrat-go/jwx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/VividCortex/ewma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/backoff/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gobwas/glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.54.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ryanuber/go-glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/magiconair/properties", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/image-spec", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0-rc3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/mapstructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kustomize/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v5.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/semver/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/envoyproxy/protoc-gen-validate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/jwalterweatherman", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/shopspring/decimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/klauspost/compress", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20240711033017-18e509b52bc8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gomodules.xyz/orderedmap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "contrib.go.opencensus.io/exporter/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-runewidth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.14", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/s2a-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/istio", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel) (git, commit 0183f2886bc078e8df4d6bbd21fa452a3a23481d, built at 2023-07-21T20:31:00Z, dirty)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opencensus.io", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/copystructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/cli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v4.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/longrunning", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/goutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/russross/blackfriday/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/compute/metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-containerregistry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20190611155906-901d90724c79", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/viper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-colorable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/daviddengcn/go-colortext", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/evanphx/json-patch.v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v4.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-isatty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.18", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.22.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/subosito/gotenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cpuguy83/go-md2man/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.27.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d5f9c19da9de4660f8f6ed79f46d13d473535ec6eb3eb699066dc2694747e515", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-multierror", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cyphar/filepath-securejoin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pmezard/go-difflib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/x448/float16", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rogpeppe/go-internal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/googleapis/gax-go/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "helm.sh/helm/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/exponent-io/jsonpath", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20151013193312-d6023ce2651d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/gateway-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pelletier/go-toml/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/docker/docker-credential-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kylelemons/godebug", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/option", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "go1.20.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20211013185944-b0039bd2cfe3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/errwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-wordwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-middleware", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/metrics", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grafana/regexp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20221122212121-6b5c0a4cb7fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230321023759-10a507213a29", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-kit/log", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230410155749-daa745c078e1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/iter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20180305231024-9cad4c3443a7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/rivo/uniseg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.34.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/pkg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230524020242-1015535057be", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/shlex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20191202100458-e7afc7fbc510", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/liggitt/tabwriter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20181228230101-89fcab3d43de", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/camelcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/googleapis/enterprise-certificate-proxy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.13.1-0.20230315234915-a26de2d610c3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/go-control-plane", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.11.1-0.20230416233444-7f2a3030ef40", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230313181309-38a27ef9d749", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/peterbourgon/diskv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.1+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/huandu/xstrings", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/hcl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonschema", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "github.com/miekg/dns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.53", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cast", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spaolacci/murmur3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/chai2010/gettext-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.130.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230327201221-f5883ff37f0c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel) (git, commit 9edcffcde5595e8a5b1a35f88c421764e575afce, built at 2024-08-13T07:28:48Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.14.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.13.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v5.6.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/color", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/prometheus/statsd_exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/appengine", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.6.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20190905194746-02993c407bfb", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.117.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cheggaaa/pb/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/square/go-jose.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20180127040603-bd5ef7bd5415", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230525235612-a134d8f9ddca", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.42.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stretchr/testify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.18.1-0.20230713061908-17d95fabac25", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20230713061407-06047cce866f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-errors/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.17.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/monochromegane/go-gitignore", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20200626010858-205db1a8cc00", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logfmt/logfmt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/prometheus/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.43.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/MakeNowJust/heredoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/blackmagic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20200713203337-b2494ecb17dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.55.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/census-instrumentation/opencensus-proto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/golang-lru/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/logging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/mitchellh/reflectwalk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/distribution", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.8.2+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/pretty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/BurntSushi/toml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lithammer/dedent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/httpcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.30.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.19.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.0.0-20221205130635-1aeaba878587", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fxamacker/cbor/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v2.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fvbommel/sortorder", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/sprig/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v3.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/mcs-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/ini.v1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v1.67.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:737acd0e8ede34444a17fee8cb6bcd242b0e4c2faa54d7b20b9fd1d73649c559", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:96a7e590357de2370f2d526fc94a9cef8c22bf3aaee251b163380202d1186c18", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-quay-cve.txt
index 9efad85a66..45ec6af935 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:09a363580ee9a206ad3308f241dfabf196b7bfeed8ab6fef144db942ea9e262b", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gopacket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.19", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:07a1e4cca77c4f20dad38b50e0da9917b5911a1b6b4de84b0861803e728739f8", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f3663fa3aa66958faf958ede7fdf3ed306d98028fbcda093464c650c223e3da9", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.2.36-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:09a363580ee9a206ad3308f241dfabf196b7bfeed8ab6fef144db942ea9e262b", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f3663fa3aa66958faf958ede7fdf3ed306d98028fbcda093464c650c223e3da9", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/google/gopacket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.19", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:07a1e4cca77c4f20dad38b50e0da9917b5911a1b6b4de84b0861803e728739f8", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.2.36-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b78c9f155b6b7cfc0053732456aa141024e2ee49df53f6239413d3f93e37f85d", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-quay-cve.txt
index 5003e2dd97..c8119d6283 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:f06398b01efc177485813889393a9b7015b2f49217e42d851ae9473e0c469230", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.2.36-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f3663fa3aa66958faf958ede7fdf3ed306d98028fbcda093464c650c223e3da9", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:f06398b01efc177485813889393a9b7015b2f49217e42d851ae9473e0c469230", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f3663fa3aa66958faf958ede7fdf3ed306d98028fbcda093464c650c223e3da9", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.2.36-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f321cf5aa25cf381b52e695144da0cd1e13ba7e7f2ffbc7584f62488e7ba927d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:75a49bab575eb7432ece1f3c01d1d2e5fe2379605276bb6fb9191838594873f3", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f87b1d42102aec34c79a6f522b70458db1390261a0b867d7cf6deb59fcb162e0", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-quay-cve.txt
index 911cbf77a2..2131360b2b 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:2cf5c5e73baecdc71668b7075e1d0ae98e36461aabdafdf7ba5a33ce6a2c0ee0", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libfido2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-FileHandle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.74-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:2.031-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:4.14-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.33-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-SelectSaver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Symbol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.08-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:1.56-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.16-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.78-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.43-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.18-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-B", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.80-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:0.17029-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-subs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.65-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-NDBM_File", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.15-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-overload", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.31-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-stat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.09-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "command-line-arguments", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:bb42e6b0c1fba0ae0005622b461071eeefa67124ea24398086a3deae3bf8917a", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.09-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.92-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.27-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.073-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:1.07-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcbor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.7.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-if", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.60.800-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.1-38.20210216cvs.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-mro", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.23-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.174-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-IPC-Open3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.21-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:2.52-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Class-Struct", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.66-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "590-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.50-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2013.0523-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.41-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-File-Basename", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.85-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Fcntl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.13-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:0.231.100-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.076-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-POSIX", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.94-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.30-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "20200520-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:0.238-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Std", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.12-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-vars", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.05-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:3.21-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.30-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.28.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Find", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.37-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.38-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.17-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:bb42e6b0c1fba0ae0005622b461071eeefa67124ea24398086a3deae3bf8917a", "Version": "go1.16.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/cl/333191 https://go.googlesource.com/go/+/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e https://groups.google.com/g/golang-announce/c/uHACNfXAZqk https://go.dev/issue/46866", "FixedBy": "1.16.7", "Description": "Panic in ReverseProxy in net/http/httputil", "Name": "GO-2021-0245", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:3.42-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "perl-overloading", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.22.4-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2:1.300-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:3.08-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.58-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-AutoLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.74-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:2.01-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:27.2-10.el9_4", "BaseScores": [5.5], "CVEIds": ["CVE-2017-1000383", "CVE-2024-30203", "CVE-2024-30204", "CVE-2024-30205"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30205.json", "FixedBy": "", "Description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "Name": "CVE-2024-30205", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30203.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30203", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://access.redhat.com/security/data/csaf/v2/vex/2017/cve-2017-1000383.json", "FixedBy": "", "Description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "Name": "CVE-2017-1000383", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-DynaLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.47-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:2cf5c5e73baecdc71668b7075e1d0ae98e36461aabdafdf7ba5a33ce6a2c0ee0", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:1.07-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.30-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:0.231.100-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "command-line-arguments", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:bb42e6b0c1fba0ae0005622b461071eeefa67124ea24398086a3deae3bf8917a", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:2.01-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.17-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:2.52-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:0.17029-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-Symbol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.08-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-vars", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.05-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-mro", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.23-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-SelectSaver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.076-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:3.08-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.50-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.18-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Std", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.12-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-overloading", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "590-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-DynaLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.47-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.174-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:bb42e6b0c1fba0ae0005622b461071eeefa67124ea24398086a3deae3bf8917a", "Version": "go1.16.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/cl/333191 https://go.googlesource.com/go/+/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e https://groups.google.com/g/golang-announce/c/uHACNfXAZqk https://go.dev/issue/46866", "FixedBy": "1.16.7", "Description": "Panic in ReverseProxy in net/http/httputil", "Name": "GO-2021-0245", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-FileHandle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.92-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "perl-AutoLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.74-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:2.031-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.74-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.16-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-POSIX", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.94-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.78-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.43-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.38-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "20200520-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:27.2-10.el9_4", "BaseScores": [5.5], "CVEIds": ["CVE-2017-1000383", "CVE-2024-30203", "CVE-2024-30204", "CVE-2024-30205"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30205.json", "FixedBy": "", "Description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "Name": "CVE-2024-30205", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30203.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30203", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://access.redhat.com/security/data/csaf/v2/vex/2017/cve-2017-1000383.json", "FixedBy": "", "Description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "Name": "CVE-2017-1000383", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "libcbor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.7.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Basename", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.85-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.22.4-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.073-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.1-38.20210216cvs.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-NDBM_File", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.15-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:3.21-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfido2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.65-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-File-stat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.09-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Fcntl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.13-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "5.09-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:0.238-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2013.0523-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-subs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.33-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.27-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.58-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.41-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:3.42-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-overload", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.31-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.30-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Find", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.37-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Class-Struct", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.66-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1:4.14-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-if", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "0.60.800-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IPC-Open3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.21-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2:1.300-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-B", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "1.80-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "3.28.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4d75b40b79eecdb9801cd623c96cac585085c688b7294b16b14417cb7b8efcf", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:31bc062a716ab7b59b03548214a4fedb7e14fe3b6ba1682d619b268433b9877d", "Version": "4:1.56-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-quay-cve.txt
index 005b4b6bed..04a0ed6ef1 100644
--- a/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:27b9723647c95c30fdc659ff13cdb88c07de2a4a3460be2aef783811b3d4fada", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:27b9723647c95c30fdc659ff13cdb88c07de2a4a3460be2aef783811b3d4fada", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:c3bcf6f8bbe2af28b54df74b5e00a9f120d959673e8eda20bb5ed619554f3c21", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-cve-base.txt
index 67a50c97d6..14a15ae5c9 100644
--- a/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-quay-cve.txt
index 8685d41c9e..6c877b01bc 100644
--- a/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:06ec4c6ab6d3ccb654ab6d70c22aa231f6868638a71f565bcc2eaee34237f185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-shellwords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v1.0.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "0.21.1-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "20210518-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20170904100407-a1d1b6c41b1c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20190326074333-42ed695e3de8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v1.1.1-0.20201029203352-d40f9887b852", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/alexflint/go-filemutex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20171022225611-72bdc8eae2ae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20180511133405-39ca1b05acc7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/j-keck/arping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20160618110441-2cf9dc699c56", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/godbus/dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20180201030542-885f9cc04c9c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20200728191858-db3c7e526aae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "wget", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "1.21.1-8.el9_4", "BaseScores": [6.1], "CVEIds": ["CVE-2021-31879"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-31879.json", "FixedBy": "", "Description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "Name": "CVE-2021-31879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20201117170446-d9b008d0a637", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "go1.15.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:06ec4c6ab6d3ccb654ab6d70c22aa231f6868638a71f565bcc2eaee34237f185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/j-keck/arping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20160618110441-2cf9dc699c56", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "go1.15.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "0.21.1-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20201117170446-d9b008d0a637", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024a-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/mattn/go-shellwords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v1.0.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20180511133405-39ca1b05acc7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.18-3.el9_4.5", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-6232", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/godbus/dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20180201030542-885f9cc04c9c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/alexflint/go-filemutex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20171022225611-72bdc8eae2ae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20200728191858-db3c7e526aae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "wget", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "1.21.1-8.el9_4", "BaseScores": [6.1], "CVEIds": ["CVE-2021-31879"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-31879.json", "FixedBy": "", "Description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "Name": "CVE-2021-31879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v1.1.1-0.20201029203352-d40f9887b852", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20170904100407-a1d1b6c41b1c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "v0.0.0-20190326074333-42ed695e3de8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:69ef84c061fd50fc5637de9cb068247b349d7605c54cba589f73f31920320376", "Version": "20210518-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2a593ab1eede3c7bbb5fee01f0704a589e33f8149bbda9c0ba254a80f48dc7aa", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-cve-base.txt
index 78a434caa2..b98490aa88 100644
--- a/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-quay-cve.txt
index 539b2110a5..dd5cd8bb6d 100644
--- a/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/openvswitch/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:80956b2899afdffb48f1262da1ce53e3e11259e2238fc301984760245d03d618", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "hostname", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.23-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2:8.2.2637-21.el9", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "logrotate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.18.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "strace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "5.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tcpdump", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "14:4.99.0-9.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2397 https://bugzilla.redhat.com/show_bug.cgi?id=2274792 https://www.cve.org/CVERecord?id=CVE-2024-2397 https://nvd.nist.gov/vuln/detail/CVE-2024-2397 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2397.json", "FixedBy": "", "Description": "A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single user's execution of tcpdump.", "Name": "CVE-2024-2397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.9.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "14:1.10.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_queue", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cttimeout", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.0-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cthelper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.0-22.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "1.2.6-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "conntrack-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.4.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ltrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "0.7.91-43.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libibverbs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "51.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:80956b2899afdffb48f1262da1ce53e3e11259e2238fc301984760245d03d618", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "1.2.6-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "hostname", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.23-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnetfilter_queue", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "logrotate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.18.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "strace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "5.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "tcpdump", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "14:4.99.0-9.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2397 https://bugzilla.redhat.com/show_bug.cgi?id=2274792 https://www.cve.org/CVERecord?id=CVE-2024-2397 https://nvd.nist.gov/vuln/detail/CVE-2024-2397 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2397.json", "FixedBy": "", "Description": "A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single user's execution of tcpdump.", "Name": "CVE-2024-2397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libibverbs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "51.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "conntrack-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.4.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cttimeout", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.0-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2:8.2.2637-21.el9", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.14.0-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cthelper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.0-22.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ltrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "0.7.91-43.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:e6d0b47feb5d2e9a7fac2110035f2e331e777a16ee5504a354a4b8cc301f0a6f", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libpcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "14:1.10.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aaf96b7cf69868e8bd4dfcec663525efd48fd63f0dd803bc43b96c84e04320ca", "Version": "(devel) (git, commit c8ae40e323c3e895c8b9eb5700938824e1bc59c8, built at 2024-10-12T06:24:35Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "252-47.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:00b47b9119f67cb41b473b9725c374f7179c861929dc6043382aa6fe31b7a683", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:445c74072f809cb386f015ee9c5fa6cc85ef6f81654d3244ec8c0b7899553404", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f521d1813551601eb5e67dd4cf0175862c6ed8e6d29df2bcd0d937fa2cdbea16", "Version": "3.9.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-cve-base.txt b/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-cve-base.txt
index 78a434caa2..b98490aa88 100644
--- a/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-cve-base.txt
+++ b/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-quay-cve.txt b/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-quay-cve.txt
index 2fb057e5d8..13e720c91b 100644
--- a/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-quay-cve.txt
+++ b/docs/release_artifacts/6.1.1.2/z/opflex/6.1.1.2-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:f82973ee406fc7bc42f148de7386af4612d9cdcd613814c0bf32b55ee1214d4c", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "boost-iostreams", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "2.5.0-2.el9_4", "BaseScores": [9.8, 9.8, 7.5], "CVEIds": ["CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.42.0-2.el9", "BaseScores": [7.3], "CVEIds": ["CVE-2024-24806"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json https://access.redhat.com/errata/RHSA-2024:4756", "FixedBy": "1:1.42.0-2.el9_4", "Description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "Name": "CVE-2024-24806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "compat-openssl11", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.1.1k-4.el9_0", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.4, 7.5, 5.3, 7.5, 5.9, 9.8, 9.8, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0286 https://bugzilla.redhat.com/show_bug.cgi?id=2164440 https://www.cve.org/CVERecord?id=CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0286.json", "FixedBy": "", "Description": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", "Name": "CVE-2023-0286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4450 https://bugzilla.redhat.com/show_bug.cgi?id=2164494 https://www.cve.org/CVERecord?id=CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4450.json", "FixedBy": "", "Description": "A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", "Name": "CVE-2022-4450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2097 https://bugzilla.redhat.com/show_bug.cgi?id=2104905 https://www.cve.org/CVERecord?id=CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 https://www.openssl.org/news/secadv/20220705.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2097.json", "FixedBy": "", "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed.", "Name": "CVE-2022-2097", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0215 https://bugzilla.redhat.com/show_bug.cgi?id=2164492 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0215.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", "Name": "CVE-2023-0215", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4304 https://bugzilla.redhat.com/show_bug.cgi?id=2164487 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4304.json", "FixedBy": "", "Description": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", "Name": "CVE-2022-4304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1292 https://bugzilla.redhat.com/show_bug.cgi?id=2081494 https://www.cve.org/CVERecord?id=CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 https://www.openssl.org/news/secadv/20220503.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1292.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.", "Name": "CVE-2022-1292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2068 https://bugzilla.redhat.com/show_bug.cgi?id=2097310 https://www.cve.org/CVERecord?id=CVE-2022-2068 https://nvd.nist.gov/vuln/detail/CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2068.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.", "Name": "CVE-2022-2068", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "selinux-policy-targeted", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.9.13-6.el9", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "boost-date-time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-selinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-program-options", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "20240822-1.gitbaf3e06.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "5.3.28-54.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-system", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.8.3-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "selinux-policy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.1.12-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2024.2.69_v8.0.303-91.4.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:f82973ee406fc7bc42f148de7386af4612d9cdcd613814c0bf32b55ee1214d4c", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "selinux-policy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "5.3.28-54.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.8.3-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2024.2.69_v8.0.303-91.4.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-program-options", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "2.5.0-2.el9_4", "BaseScores": [9.8, 9.8, 7.5], "CVEIds": ["CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "compat-openssl11", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.1.1k-4.el9_0", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.4, 7.5, 5.3, 7.5, 5.9, 9.8, 9.8, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0286 https://bugzilla.redhat.com/show_bug.cgi?id=2164440 https://www.cve.org/CVERecord?id=CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0286.json", "FixedBy": "", "Description": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", "Name": "CVE-2023-0286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4450 https://bugzilla.redhat.com/show_bug.cgi?id=2164494 https://www.cve.org/CVERecord?id=CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4450.json", "FixedBy": "", "Description": "A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", "Name": "CVE-2022-4450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2097 https://bugzilla.redhat.com/show_bug.cgi?id=2104905 https://www.cve.org/CVERecord?id=CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 https://www.openssl.org/news/secadv/20220705.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2097.json", "FixedBy": "", "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed.", "Name": "CVE-2022-2097", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0215 https://bugzilla.redhat.com/show_bug.cgi?id=2164492 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0215.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", "Name": "CVE-2023-0215", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4304 https://bugzilla.redhat.com/show_bug.cgi?id=2164487 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4304.json", "FixedBy": "", "Description": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", "Name": "CVE-2022-4304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1292 https://bugzilla.redhat.com/show_bug.cgi?id=2081494 https://www.cve.org/CVERecord?id=CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 https://www.openssl.org/news/secadv/20220503.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1292.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.", "Name": "CVE-2022-1292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2068 https://bugzilla.redhat.com/show_bug.cgi?id=2097310 https://www.cve.org/CVERecord?id=CVE-2022-2068 https://nvd.nist.gov/vuln/detail/CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2068.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.", "Name": "CVE-2022-2068", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.1.12-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.9.13-6.el9", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "boost-system", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "boost-date-time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "boost-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-selinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "20240822-1.gitbaf3e06.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "selinux-policy-targeted", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-iostreams", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:a8bcc74c5102188e7f1237ac491f6167d988497fe63e1ade221c9d88cc31334c", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "1:1.42.0-2.el9", "BaseScores": [7.3], "CVEIds": ["CVE-2024-24806"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json https://access.redhat.com/errata/RHSA-2024:4756", "FixedBy": "1:1.42.0-2.el9_4", "Description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "Name": "CVE-2024-24806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:50a1f59b158296f9c184276f5e30ff10630bba7d80a5a879a80f2917a1859a7a", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:2533b68b3df8c111a31cb8b89e350a11d77f64e3c5ebd10f69e867d2cfd10144", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-cve-base.txt
index 7c04ca226a..24df530c6b 100644
--- a/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:62655797fa492f0c975d3dea7e5d0e9ee0fb8590806d3b909859738eb543252a", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "virtualenv-clone", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.0.21-19.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:3.3-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-30630"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5252", "FixedBy": "1:3.3-4.el8_8.1", "Description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "Name": "CVE-2023-30630", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.6.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "2.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.29.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.1.2", "BaseScores": [6.1], "CVEIds": ["CVE-2024-22195", "CVE-2024-34064"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 https://nvd.nist.gov/vuln/detail/CVE-2024-22195 https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7 https://github.com/pallets/jinja https://github.com/pallets/jinja/releases/tag/3.1.3 https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3", "FixedBy": "3.1.3", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h5c8-rqwp-cp95", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj https://nvd.nist.gov/vuln/detail/CVE-2024-34064 https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb https://github.com/pallets/jinja https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS", "FixedBy": "3.1.4", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h75v-3vvj-5mfj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230320184635-7606e756e683", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.16.2", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.33.0-3.el8_2.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-44487", "CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:4252", "FixedBy": "0:1.33.0-6.el8_10.1", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5837", "FixedBy": "0:1.33.0-5.el8_8", "Description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "Name": "CVE-2023-44487", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.11-21.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.5, 4.3, 5.9], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.1-25.el8", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:3163", "FixedBy": "0:1.3.1-33.el8", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/operator-framework/operator-sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "(devel) (git, commit e67da35ef4fff3e471a208904b2a142b27ae32b1, built at 2023-07-27T14:42:20Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.2-19.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.5.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:4.6-17.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-4641"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:7112", "FixedBy": "2:4.6-19.el8", "Description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "Name": "CVE-2023-4641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.21-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.46-18.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json https://access.redhat.com/errata/RHSA-2024:4264", "FixedBy": "0:2.4.46-19.el8_10", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-0.8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.33-24.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.15.2", "BaseScores": [7.8, 5.5, 7.8, 6.3], "CVEIds": ["CVE-2023-4237", "CVE-2023-5764", "CVE-2024-0690", "CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764 https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1 https://access.redhat.com/errata/RHSA-2023:7773 https://access.redhat.com/security/cve/CVE-2023-5764 https://bugzilla.redhat.com/show_bug.cgi?id=2247629 https://github.com/ansible/ansible https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU", "FixedBy": "2.15.8", "Description": "Ansible template injection vulnerability", "Name": "GHSA-7j69-qfc3-2fq9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690 https://github.com/ansible/ansible/pull/82565 https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032 https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1 https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532 https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1 https://access.redhat.com/errata/RHSA-2024:0733 https://access.redhat.com/errata/RHSA-2024:2246 https://access.redhat.com/errata/RHSA-2024:3043 https://access.redhat.com/security/cve/CVE-2024-0690 https://bugzilla.redhat.com/show_bug.cgi?id=2259013 https://github.com/ansible/ansible https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml", "FixedBy": "2.15.9", "Description": "Ansible-core information disclosure flaw", "Name": "GHSA-h24r-m9qc-pvpg", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-4237 https://access.redhat.com/errata/RHBA-2023:5653 https://access.redhat.com/errata/RHBA-2023:5666 https://access.redhat.com/security/cve/CVE-2023-4237 https://bugzilla.redhat.com/show_bug.cgi?id=2229979 https://github.com/ansible/ansible", "FixedBy": "introduced=2.8.0&lastAffected=2.15.2", "Description": "Ansible may expose private key", "Name": "GHSA-ww3m-ffrm-qvqv", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.14.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5-5.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:4260", "FixedBy": "0:2.5-7.el8_10", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "9.0.3-22.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.1.1k-9.el8_7", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.17.4-0.20230223191600-0131a6301e42", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.12.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18.2-25.el8_8", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-26458", "CVE-2024-26461", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.4-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:6.1.2-10.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2021-43618"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2024:3214", "FixedBy": "1:6.1.2-11.el8", "Description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-43618", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "26.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "go1.19.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230711102312-30195339c3c7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "0.7.20-4.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.8.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.26.0-18.el8_8", "BaseScores": [7.5, 7.5, 5.5, 7.5, 7.3], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2023-7104", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0253", "FixedBy": "0:3.26.0-19.el8_9", "Description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "Name": "CVE-2023-7104", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2022.2.54-80.2.el8_6", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.19.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.25-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1-modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [6.1, 7.8], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "1.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.2-4.el8", "BaseScores": [6.4], "CVEIds": ["CVE-2023-22745"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:7166", "FixedBy": "0:2.3.2-5.el8", "Description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "Name": "CVE-2023-22745", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.4}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.12.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2023c-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.11.1-0.20230306195046-28cadc6b6055", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.26.16", "BaseScores": [4.2, 8.1], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml https://github.com/urllib3/urllib3 https://github.com/urllib3/urllib3/releases/tag/1.26.18 https://github.com/urllib3/urllib3/releases/tag/2.0.7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX https://www.rfc-editor.org/rfc/rfc9110.html#name-get", "FixedBy": "1.26.18", "Description": "urllib3's request body not stripped after redirect from 303 status changes request method to GET", "Name": "GHSA-g4mx-q9vg-27p4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml https://github.com/urllib3/urllib3 https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ", "FixedBy": "1.26.17", "Description": "`Cookie` HTTP header isn't stripped on cross-origin redirects", "Name": "GHSA-v845-jxx5-vc9f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.20.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.37.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.21", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.20.0-2.1.el8_1", "BaseScores": [6.1], "CVEIds": ["CVE-2023-32681"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4520", "FixedBy": "0:2.20.0-3.el8_8", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20221012153701-172d655c2280", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.4", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d", "FixedBy": "3.7", "Description": "", "Name": "PYSEC-2024-60", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d https://github.com/kjd/idna https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", "FixedBy": "3.7", "Description": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode", "Name": "GHSA-jjg7-2v4v-x38h", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.56.4-161.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20220713155537-f223a00ba0e2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.7.22", "BaseScores": [], "CVEIds": ["CVE-2024-39689"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc https://nvd.nist.gov/vuln/detail/CVE-2024-39689 https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 https://github.com/certifi/python-certifi https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "FixedBy": "2024.07.04", "Description": "Certifi removes GLOBALTRUST root certificate", "Name": "GHSA-248v-346w-9cwc", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.48-4.el8", "BaseScores": [3.3, 7.8], "CVEIds": ["CVE-2023-2602", "CVE-2023-2603"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "Name": "CVE-2023-2602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Name": "CVE-2023-2603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "20.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "68.0.0", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.4.10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.19.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.28.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:4.6.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.4.20-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "41.0.2", "BaseScores": [7.5, 5.5, 7.5], "CVEIds": ["CVE-2023-49083", "CVE-2023-50782", "CVE-2024-0727", "CVE-2024-26130"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://nvd.nist.gov/vuln/detail/CVE-2023-49083 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://github.com/pyca/cryptography https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV http://www.openwall.com/lists/oss-security/2023/11/29/2", "FixedBy": "41.0.6", "Description": "cryptography vulnerable to NULL-dereference when loading PKCS7 certificates", "Name": "GHSA-jfhm-5ghh-2f97", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 https://nvd.nist.gov/vuln/detail/CVE-2024-26130 https://github.com/pyca/cryptography/pull/10423 https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 https://github.com/pyca/cryptography", "FixedBy": "42.0.4", "Description": "cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override", "Name": "GHSA-6vqw-3v5j-54x4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/", "FixedBy": "41.0.6", "Description": "", "Name": "PYSEC-2023-254", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/github/advisory-database/pull/3472 https://github.com/openssl/openssl/pull/23362 https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 https://security.netapp.com/advisory/ntap-20240208-0006 https://www.openssl.org/news/secadv/20240125.txt http://www.openwall.com/lists/oss-security/2024/03/11/1", "FixedBy": "42.0.2", "Description": "Null pointer dereference in PKCS12 parsing", "Name": "GHSA-9v9h-cgj8-h64p", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9 https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512 https://github.com/pyca/cryptography", "FixedBy": "41.0.4", "Description": "Vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-v8gr-m533-ghj9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8 https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2 https://github.com/pyca/cryptography https://www.openssl.org/news/secadv/20230714.txt https://www.openssl.org/news/secadv/20230719.txt https://www.openssl.org/news/secadv/20230731.txt", "FixedBy": "41.0.3", "Description": "pyca/cryptography's wheels include vulnerable OpenSSL", "Name": "GHSA-jm77-qphf-c4w8", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782 https://github.com/pyca/cryptography/issues/9785 https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 https://github.com/pyca/cryptography", "FixedBy": "42.0.0", "Description": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack", "Name": "GHSA-3ww4-gg4f-jr7f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.5-11.el8", "BaseScores": [7.5, 7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2023-52425", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1615", "FixedBy": "0:2.2.5-11.el8_9.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [7.5, 7.5, 8.1, 6.1, 6.5, 5.3, 5.3, 5.9], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.7-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.16-6.el8_7", "BaseScores": [6.5, 5.9, 7.5], "CVEIds": ["CVE-2021-4209", "CVE-2023-5981", "CVE-2024-0553", "CVE-2024-28834"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1784", "FixedBy": "0:3.6.16-8.el8_9.3", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0155", "FixedBy": "0:3.6.16-8.el8_9", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Name": "CVE-2023-5981", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0627", "FixedBy": "0:3.6.16-8.el8_9.1", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Name": "CVE-2024-0553", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "25-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.53.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.24.2-5.el8", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "Name": "CVE-2023-45803", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1.2", "BaseScores": [3.3], "CVEIds": ["CVE-2023-5752"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "FixedBy": "23.3", "Description": "Command Injection in pip when used with Mercurial", "Name": "GHSA-mq26-g339-26xf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "Score": 3.3}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "FixedBy": "23.3", "Description": "", "Name": "PYSEC-2023-228", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [7.8, 6.5], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:95acab66b626f8b40f577d02d51b4d5e11c5fd7c801a538fd65ced08cc8ee02f", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.7-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.12.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.19.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.29.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.1-25.el8", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:3163", "FixedBy": "0:1.3.1-33.el8", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [6.1, 7.8], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "9.0.3-22.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:4.6-17.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-4641"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:7112", "FixedBy": "2:4.6-19.el8", "Description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "Name": "CVE-2023-4641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.5.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.11.1-0.20230306195046-28cadc6b6055", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.26.16", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml https://github.com/urllib3/urllib3 https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ", "FixedBy": "1.26.17", "Description": "`Cookie` HTTP header isn't stripped on cross-origin redirects", "Name": "GHSA-v845-jxx5-vc9f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml https://github.com/urllib3/urllib3 https://github.com/urllib3/urllib3/releases/tag/1.26.18 https://github.com/urllib3/urllib3/releases/tag/2.0.7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX https://www.rfc-editor.org/rfc/rfc9110.html#name-get", "FixedBy": "1.26.18", "Description": "urllib3's request body not stripped after redirect from 303 status changes request method to GET", "Name": "GHSA-g4mx-q9vg-27p4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1.2", "BaseScores": [3.3], "CVEIds": ["CVE-2023-5752"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "FixedBy": "23.3", "Description": "", "Name": "PYSEC-2023-228", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "FixedBy": "23.3", "Description": "Command Injection in pip when used with Mercurial", "Name": "GHSA-mq26-g339-26xf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "Score": 3.3}}}}]}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "go1.19.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.2-4.el8", "BaseScores": [6.4], "CVEIds": ["CVE-2023-22745"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:7166", "FixedBy": "0:2.3.2-5.el8", "Description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "Name": "CVE-2023-22745", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.4}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.33-24.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.19.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.21", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:3.3-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-30630"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5252", "FixedBy": "1:3.3-4.el8_8.1", "Description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "Name": "CVE-2023-30630", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.24.2-5.el8", "BaseScores": [8.1, 4.2], "CVEIds": ["CVE-2023-43804", "CVE-2023-45803", "CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0116", "FixedBy": "0:1.24.2-5.el8_9.2", "Description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "Name": "CVE-2023-45803", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "Score": 4.2}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.4", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d https://github.com/kjd/idna https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb", "FixedBy": "3.7", "Description": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode", "Name": "GHSA-jjg7-2v4v-x38h", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d", "FixedBy": "3.7", "Description": "", "Name": "PYSEC-2024-60", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.17.4-0.20230223191600-0131a6301e42", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "26.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "41.0.2", "BaseScores": [7.5, 5.5, 7.5], "CVEIds": ["CVE-2023-49083", "CVE-2023-50782", "CVE-2024-0727", "CVE-2024-26130"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782 https://github.com/pyca/cryptography/issues/9785 https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 https://github.com/pyca/cryptography", "FixedBy": "42.0.0", "Description": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack", "Name": "GHSA-3ww4-gg4f-jr7f", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8 https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2 https://github.com/pyca/cryptography https://www.openssl.org/news/secadv/20230714.txt https://www.openssl.org/news/secadv/20230719.txt https://www.openssl.org/news/secadv/20230731.txt", "FixedBy": "41.0.3", "Description": "pyca/cryptography's wheels include vulnerable OpenSSL", "Name": "GHSA-jm77-qphf-c4w8", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9 https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512 https://github.com/pyca/cryptography", "FixedBy": "41.0.4", "Description": "Vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-v8gr-m533-ghj9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/github/advisory-database/pull/3472 https://github.com/openssl/openssl/pull/23362 https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2 https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 https://security.netapp.com/advisory/ntap-20240208-0006 https://www.openssl.org/news/secadv/20240125.txt http://www.openwall.com/lists/oss-security/2024/03/11/1", "FixedBy": "42.0.2", "Description": "Null pointer dereference in PKCS12 parsing", "Name": "GHSA-9v9h-cgj8-h64p", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/", "FixedBy": "41.0.6", "Description": "", "Name": "PYSEC-2023-254", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 https://nvd.nist.gov/vuln/detail/CVE-2024-26130 https://github.com/pyca/cryptography/pull/10423 https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 https://github.com/pyca/cryptography", "FixedBy": "42.0.4", "Description": "cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override", "Name": "GHSA-6vqw-3v5j-54x4", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 https://nvd.nist.gov/vuln/detail/CVE-2023-49083 https://github.com/pyca/cryptography/pull/9926 https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a https://github.com/pyca/cryptography https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV http://www.openwall.com/lists/oss-security/2023/11/29/2", "FixedBy": "41.0.6", "Description": "cryptography vulnerable to NULL-dereference when loading PKCS7 certificates", "Name": "GHSA-jfhm-5ghh-2f97", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.53.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [7.8, 6.5], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-0.8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.8.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.4.46-18.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json https://access.redhat.com/errata/RHSA-2024:4264", "FixedBy": "0:2.4.46-19.el8_10", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "2.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "4.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2023c-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.56.4-161.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.11-21.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5-5.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:4260", "FixedBy": "0:2.5-7.el8_10", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.1.4-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.8-51.el8_8.1", "BaseScores": [5.3, 6.5, 7.5, 7.5, 5.3, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2022-48560", "CVE-2022-48564", "CVE-2023-27043", "CVE-2023-40217", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0256", "FixedBy": "0:3.6.8-56.el8_9.3", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48564 https://bugzilla.redhat.com/show_bug.cgi?id=2249750 https://www.cve.org/CVERecord?id=CVE-2022-48564 https://nvd.nist.gov/vuln/detail/CVE-2022-48564 https://bugs.python.org/issue42103 https://github.com/python/cpython/issues/86269 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48564.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.", "Name": "CVE-2022-48564", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48560 https://bugzilla.redhat.com/show_bug.cgi?id=2249755 https://www.cve.org/CVERecord?id=CVE-2022-48560 https://nvd.nist.gov/vuln/detail/CVE-2022-48560 https://bugs.python.org/issue39421 https://github.com/python/cpython/issues/83602 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48560.json https://access.redhat.com/errata/RHSA-2024:0114", "FixedBy": "0:3.6.8-56.el8_9.2", "Description": "A use-after-free vulnerability was found in Python via the heappushpop function in the heapq module. This flaw allows an attacker to submit a specially crafted request, causing a service disruption that leads to a denial of service attack.", "Name": "CVE-2022-48560", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3347", "FixedBy": "0:3.6.8-62.el8_10", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5997", "FixedBy": "0:3.6.8-51.el8_8.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.26.0-18.el8_8", "BaseScores": [7.5, 7.5, 5.5, 7.5, 7.3], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2023-7104", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0253", "FixedBy": "0:3.26.0-19.el8_9", "Description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "Name": "CVE-2023-7104", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.5, 4.3, 5.9], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "20.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.14.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.23.22-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.16.2", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "virtualenv-clone", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.5.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.25-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.18.2-25.el8_8", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-26458", "CVE-2024-26461", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:3268", "FixedBy": "0:1.18.2-27.el8_10", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.3.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "68.0.0", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20221012153701-172d655c2280", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.21-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.4.20-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20220713155537-f223a00ba0e2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2022.2.54-80.2.el8_6", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "25-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.12.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.4.10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.12.8-24.el8", "BaseScores": [6.5, 7.8], "CVEIds": ["CVE-2020-35512", "CVE-2023-34969"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4498", "FixedBy": "1:1.12.8-24.el8_8.1", "Description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to <deny> rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "Name": "CVE-2023-34969", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "pyasn1-modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:1.1.1k-9.el8_7", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2023:7877", "FixedBy": "1:1.1.1k-12.el8_9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.9.6-10.el8_8", "BaseScores": [4.8, 5.3, 5.9], "CVEIds": ["CVE-2023-48795", "CVE-2023-6004", "CVE-2023-6918"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://www.cve.org/CVERecord?id=CVE-2023-6004 https://nvd.nist.gov/vuln/detail/CVE-2023-6004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6004.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.", "Name": "CVE-2023-6004", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://www.cve.org/CVERecord?id=CVE-2023-6918 https://nvd.nist.gov/vuln/detail/CVE-2023-6918 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ https://www.libssh.org/security/advisories/CVE-2023-6918.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6918.json https://access.redhat.com/errata/RHSA-2024:3233", "FixedBy": "0:0.9.6-14.el8", "Description": "A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.", "Name": "CVE-2023-6918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:0628", "FixedBy": "0:0.9.6-13.el8_9", "Description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "Name": "CVE-2023-48795", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230320184635-7606e756e683", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.63.0-14.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.53-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.28-225.el8", "BaseScores": [6.5, 5.9, 5.9, 7.8], "CVEIds": ["CVE-2023-4527", "CVE-2023-4806", "CVE-2023-4813", "CVE-2023-4911", "CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "Name": "CVE-2023-4527", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "Name": "CVE-2023-4806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "Name": "CVE-2023-4813", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3344", "FixedBy": "0:2.28-251.el8_10.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5455", "FixedBy": "0:2.28-225.el8_8.6", "Description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "Name": "CVE-2023-4911", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3269", "FixedBy": "0:2.28-251.el8_10.1", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "6.1-9.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 7.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-29491", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:5249", "FixedBy": "0:6.1-9.20180224.el8_8.1", "Description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Name": "CVE-2023-29491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.20.0-2.1.el8_1", "BaseScores": [6.1], "CVEIds": ["CVE-2023-32681"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4520", "FixedBy": "0:2.20.0-3.el8_8", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "23.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.188-3.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "7.61.1-30.el8_8.2", "BaseScores": [3.7, 5.9, 6.5, 3.7, 5.9, 8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2023-27536", "CVE-2023-28321", "CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "Name": "CVE-2023-38546", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "Name": "CVE-2023-27536", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "Name": "CVE-2023-46218", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2024:1601", "FixedBy": "0:7.61.1-33.el8_9.5", "Description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "Name": "CVE-2023-28322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 3.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4523", "FixedBy": "0:7.61.1-30.el8_8.3", "Description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "Name": "CVE-2023-28321", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "239-74.el8_8.2", "BaseScores": [5.9, 5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:3203", "FixedBy": "0:239-82.el8", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.2.5-11.el8", "BaseScores": [7.5, 7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2023-52425", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1615", "FixedBy": "0:2.2.5-11.el8_9.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:4.6.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "0.7.20-4.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "0.20.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.1.2", "BaseScores": [6.1], "CVEIds": ["CVE-2024-22195", "CVE-2024-34064"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj https://nvd.nist.gov/vuln/detail/CVE-2024-34064 https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb https://github.com/pallets/jinja https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS", "FixedBy": "3.1.4", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h75v-3vvj-5mfj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 https://nvd.nist.gov/vuln/detail/CVE-2024-22195 https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7 https://github.com/pallets/jinja https://github.com/pallets/jinja/releases/tag/3.1.3 https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3", "FixedBy": "3.1.3", "Description": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", "Name": "GHSA-h5c8-rqwp-cp95", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.6.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.0.21-19.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.13.1-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20230711102312-30195339c3c7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.26.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.5.0-18.el8", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.48-4.el8", "BaseScores": [3.3, 7.8], "CVEIds": ["CVE-2023-2602", "CVE-2023-2603"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "Name": "CVE-2023-2602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:4524", "FixedBy": "0:2.48-5.el8_8", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Name": "CVE-2023-2603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/operator-framework/operator-sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2023.7.22", "BaseScores": [], "CVEIds": ["CVE-2024-39689"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc https://nvd.nist.gov/vuln/detail/CVE-2024-39689 https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 https://github.com/certifi/python-certifi https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "FixedBy": "2024.07.04", "Description": "Certifi removes GLOBALTRUST root certificate", "Name": "GHSA-248v-346w-9cwc", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi8", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.8-1009", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8.2-19.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.14.2-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "1.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.32.1-42.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.33.0-3.el8_2.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-44487", "CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:4252", "FixedBy": "0:1.33.0-6.el8_10.1", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5837", "FixedBy": "0:1.33.0-5.el8_8", "Description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "Name": "CVE-2023-44487", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "20221215-1.gitece0092.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "3.9.16-1.module+el8.8.0+18968+3d7b19f0.1", "BaseScores": [5.9, 5.3, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-40217", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5998", "FixedBy": "0:3.9.16-1.module+el8.8.0+20025+f2100191.2", "Description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "Name": "CVE-2023-40217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:3.9.18-1.module+el8.9.0+20024+793d7211", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:3.9.18-3.module+el8.10.0+21142+453d2b75", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:3.9.19-1.module+el8.10.0+21815+bb024982", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:82f04b121ea21206a69ac160f78095cc3d9aeda79331bdcc90743fcd5dd20baf", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "8:1.02.181-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.7.0-16.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.28.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ef6ed2ebdfc2767161373a225e61be7c234a4269bad2466649b0472e4928f9bc", "Version": "2.15.2", "BaseScores": [6.3, 7.8, 5.5, 7.8], "CVEIds": ["CVE-2023-4237", "CVE-2023-5764", "CVE-2024-0690", "CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-4237 https://access.redhat.com/errata/RHBA-2023:5653 https://access.redhat.com/errata/RHBA-2023:5666 https://access.redhat.com/security/cve/CVE-2023-4237 https://bugzilla.redhat.com/show_bug.cgi?id=2229979 https://github.com/ansible/ansible", "FixedBy": "introduced=2.8.0&lastAffected=2.15.2", "Description": "Ansible may expose private key", "Name": "GHSA-ww3m-ffrm-qvqv", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690 https://github.com/ansible/ansible/pull/82565 https://github.com/ansible/ansible/commit/6935c8e303440addd3871ecf8e04bde61080b032 https://github.com/ansible/ansible/commit/78db3a3de6b40fb52d216685ae7cb903c609c3e1 https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532 https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1 https://access.redhat.com/errata/RHSA-2024:0733 https://access.redhat.com/errata/RHSA-2024:2246 https://access.redhat.com/errata/RHSA-2024:3043 https://access.redhat.com/security/cve/CVE-2024-0690 https://bugzilla.redhat.com/show_bug.cgi?id=2259013 https://github.com/ansible/ansible https://github.com/pypa/advisory-database/tree/main/vulns/ansible-core/PYSEC-2024-36.yaml", "FixedBy": "2.15.9", "Description": "Ansible-core information disclosure flaw", "Name": "GHSA-h24r-m9qc-pvpg", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764 https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1 https://access.redhat.com/errata/RHSA-2023:7773 https://access.redhat.com/security/cve/CVE-2023-5764 https://bugzilla.redhat.com/show_bug.cgi?id=2247629 https://github.com/ansible/ansible https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU", "FixedBy": "2.15.8", "Description": "Ansible template injection vulnerability", "Name": "GHSA-7j69-qfc3-2fq9", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "50.3.2-4.module+el8.5.0+12204+54860423", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:50.3.2-4.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:50.3.2-5.module+el8.10.0+20345+671a55aa", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.14.3-26.el8", "BaseScores": [7.8, 6.7, 7.8], "CVEIds": ["CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35938", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0647", "FixedBy": "0:4.14.3-28.el8_9", "Description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-35939", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1:6.1.2-10.el8", "BaseScores": [7.5], "CVEIds": ["CVE-2021-43618"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2024:3214", "FixedBy": "1:6.1.2-11.el8", "Description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-43618", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.28.36-2.el8", "BaseScores": [7.8, 6.1], "CVEIds": ["CVE-2022-0235", "CVE-2023-3899"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4706", "FixedBy": "0:1.28.36-3.el8_8", "Description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "Name": "CVE-2023-3899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v0.37.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "2.9.7-16.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 7.5], "CVEIds": ["CVE-2023-28484", "CVE-2023-29469", "CVE-2023-39615", "CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2024:0119", "FixedBy": "0:2.9.7-18.el8_9", "Description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "Name": "CVE-2023-39615", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "Name": "CVE-2023-29469", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4529", "FixedBy": "0:2.9.7-16.el8_8.1", "Description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "Name": "CVE-2023-28484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:3626", "FixedBy": "0:2.9.7-18.el8_10.1", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "3.6.16-6.el8_7", "BaseScores": [6.5, 5.9, 7.5], "CVEIds": ["CVE-2021-4209", "CVE-2023-5981", "CVE-2024-0553", "CVE-2024-28834"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1784", "FixedBy": "0:3.6.16-8.el8_9.3", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0155", "FixedBy": "0:3.6.16-8.el8_9", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Name": "CVE-2023-5981", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0627", "FixedBy": "0:3.6.16-8.el8_9.1", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Name": "CVE-2024-0553", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ee229233a41330fd04955edf3ba628d81a44446edd5bcc3205d777ac9686cec3", "Version": "20.2.4-7.module+el8.6.0+13003+6bb2c488", "BaseScores": [5.9, 5.3, 6.5, 6.1, 8.1, 7.5, 7.5], "CVEIds": ["CVE-2022-40897", "CVE-2023-23931", "CVE-2023-27043", "CVE-2023-32681", "CVE-2023-43804", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-3651", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-40897 https://bugzilla.redhat.com/show_bug.cgi?id=2158559 https://www.cve.org/CVERecord?id=CVE-2022-40897 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://pyup.io/vulnerabilities/CVE-2022-40897/52495/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40897.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "Name": "CVE-2022-40897", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 5.9}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "Name": "CVE-2023-27043", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-23931 https://bugzilla.redhat.com/show_bug.cgi?id=2171817 https://www.cve.org/CVERecord?id=CVE-2023-23931 https://nvd.nist.gov/vuln/detail/CVE-2023-23931 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-23931.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "Name": "CVE-2023-23931", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:7034", "FixedBy": "0:20.2.4-8.module+el8.9.0+19644+d68f775d", "Description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "Name": "CVE-2023-32681", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "Score": 6.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:2985", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "Name": "CVE-2023-43804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "Score": 8.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3466", "FixedBy": "0:20.2.4-9.module+el8.10.0+21329+8d76b841", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ed6f90162942ba59092f5706c63f6b859acb8604c683fb3d03aff79e9774c130", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-quay-cve.txt
index f870620b6b..1686a28075 100644
--- a/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:ca2cf594e024e31ed89e750debba62069566fcf4d964245e4f302cdeb87e7489", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "unbound-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.066-4.module+el8.3.0+6446+594cad75", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ruamel.yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:acf2f5c78cf6302a5524bbef3e852d3cf3d05e479cfbb6fe1ece163241324bd8", "Version": "0.18.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.26.18", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.26.20", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.48-6.el8_9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.1.4-12.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "5.72-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.37-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.28-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.20.0-3.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.11-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:1.1.1k-12.el8_9", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.5-7.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.56.4-162.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "29.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.4.46-19.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/operator-framework/ansible-operator-plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "(devel) (git, commit 42b5d80c75f1ddda8f2dbe1629b9454d366a8d6a, built at 2024-07-15T16:58:27Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "20160104-7.module+el8.3.0+6498+9eecfe51", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Unicode-Normalize", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.25-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "go1.21.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "kernel-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.18.0-553.22.1.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "6.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.22.3-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.18.2-28.el8_10", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.19.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:3.35-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.22", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.5-13.el8_10", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.15.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.13.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2:4.6-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024.7.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-gconv-extra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:6.1.2-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ruamel.yaml.clib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:acf2f5c78cf6302a5524bbef3e852d3cf3d05e479cfbb6fe1ece163241324bd8", "Version": "0.2.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2023.2.60_v7.0.306-80.0.el8_8", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.1-23.20170329cvs.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xkeyboard-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.28-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.88-2.module+el8.6.0+13392+f0897f98", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3:1.49-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:1.69-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:1.280-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-unbound", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:2.027-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.55-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.0.21-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "530-3.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads-shared", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.58-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "pyopenssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "24.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "llvm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "17.0.6-3.module+el8.10.0+22125+1509a634", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.15-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.1.8-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acc_provision", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:acf2f5c78cf6302a5524bbef3e852d3cf3d05e479cfbb6fe1ece163241324bd8", "Version": "6.1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.33.0-6.el8_10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213162025-012b6fc9bca9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pkgconf-m4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:2.50-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.3.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.074-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "70.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "25-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "isl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.16.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1_modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.1.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20220623-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.74-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rust-std-static", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.39-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.39.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.25-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.42-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.15.11", "BaseScores": [6.3], "CVEIds": ["CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "cpp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:0.237-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2024.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.21.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "2.1.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:2.21-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxkbcommon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.20-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.10-0.3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024a-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.30-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.21-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.26.0-19.el8_9", "BaseScores": [7.5, 7.5, 5.5, 7.5], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "pkgconf-pkg-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "69.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "5.33-26.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:3.5-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.230.600-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.1.1k-12.el8_9", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9.7-18.el8_10.1", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.61.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.167-399.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "binutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.30-123.el8", "BaseScores": [9.8, 7.5, 6.5, 5.5, 5.5, 5.5, 7.5, 5.5, 7.5, 5.5, 6.5, 5.5, 5.5, 7.5, 5.5, 5.5, 5.5, 6.5, 5.5, 6.1, 5.5, 5.5, 5.5, 5.5, 5.5, 7.8, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 7.1, 5.5, 5.5, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 5.5, 7.8, 5.5], "CVEIds": ["CVE-2018-1000876", "CVE-2018-12641", "CVE-2018-12697", "CVE-2018-12698", "CVE-2018-12699", "CVE-2018-12700", "CVE-2018-12934", "CVE-2018-17360", "CVE-2018-17794", "CVE-2018-17985", "CVE-2018-18309", "CVE-2018-18483", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607", "CVE-2018-18700", "CVE-2018-18701", "CVE-2018-19932", "CVE-2018-20002", "CVE-2018-20623", "CVE-2018-20651", "CVE-2018-20657", "CVE-2018-20671", "CVE-2018-20673", "CVE-2018-6872", "CVE-2019-12972", "CVE-2019-14250", "CVE-2019-9071", "CVE-2019-9075", "CVE-2019-9077", "CVE-2020-16598", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3826", "CVE-2021-45078", "CVE-2022-38533", "CVE-2022-44840", "CVE-2022-47007", "CVE-2022-47008", "CVE-2022-47010", "CVE-2022-47011", "CVE-2023-1972", "CVE-2023-25584", "CVE-2023-25585", "CVE-2023-25588"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12699 https://bugzilla.redhat.com/show_bug.cgi?id=1595427 https://www.cve.org/CVERecord?id=CVE-2018-12699 https://nvd.nist.gov/vuln/detail/CVE-2018-12699 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-12699.json", "FixedBy": "", "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", "Name": "CVE-2018-12699", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17794 https://bugzilla.redhat.com/show_bug.cgi?id=1635082 https://www.cve.org/CVERecord?id=CVE-2018-17794 https://nvd.nist.gov/vuln/detail/CVE-2018-17794 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17794.json", "FixedBy": "", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", "Name": "CVE-2018-17794", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12700 https://bugzilla.redhat.com/show_bug.cgi?id=1595437 https://www.cve.org/CVERecord?id=CVE-2018-12700 https://nvd.nist.gov/vuln/detail/CVE-2018-12700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12700.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2018-12700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12972 https://bugzilla.redhat.com/show_bug.cgi?id=1831873 https://www.cve.org/CVERecord?id=CVE-2019-12972 https://nvd.nist.gov/vuln/detail/CVE-2019-12972 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12972.json", "FixedBy": "", "Description": "An out-of-bounds read was discovered in Binutils while it processes a malformed ELF relocatable file (.o file). A victim user who uses Binutils tools (size, gdb, readelf) to analyze untrusted binaries, may be vulnerable to a denial of service attack.", "Name": "CVE-2019-12972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-38533.json", "FixedBy": "", "Description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "Name": "CVE-2022-38533", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18309 https://bugzilla.redhat.com/show_bug.cgi?id=1639911 https://www.cve.org/CVERecord?id=CVE-2018-18309 https://nvd.nist.gov/vuln/detail/CVE-2018-18309 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18309.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.", "Name": "CVE-2018-18309", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12697 https://bugzilla.redhat.com/show_bug.cgi?id=1595417 https://www.cve.org/CVERecord?id=CVE-2018-12697 https://nvd.nist.gov/vuln/detail/CVE-2018-12697 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12697.json", "FixedBy": "", "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", "Name": "CVE-2018-12697", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18700 https://bugzilla.redhat.com/show_bug.cgi?id=1646535 https://www.cve.org/CVERecord?id=CVE-2018-18700 https://nvd.nist.gov/vuln/detail/CVE-2018-18700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18700.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12934 https://bugzilla.redhat.com/show_bug.cgi?id=1597853 https://www.cve.org/CVERecord?id=CVE-2018-12934 https://nvd.nist.gov/vuln/detail/CVE-2018-12934 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12934.json", "FixedBy": "", "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", "Name": "CVE-2018-12934", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35496 https://bugzilla.redhat.com/show_bug.cgi?id=1911444 https://www.cve.org/CVERecord?id=CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35496.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35496", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "FixedBy": "", "Description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "Name": "CVE-2023-1972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18484 https://bugzilla.redhat.com/show_bug.cgi?id=1645958 https://www.cve.org/CVERecord?id=CVE-2018-18484 https://nvd.nist.gov/vuln/detail/CVE-2018-18484 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18484.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", "Name": "CVE-2018-18484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12698 https://bugzilla.redhat.com/show_bug.cgi?id=1595419 https://www.cve.org/CVERecord?id=CVE-2018-12698 https://nvd.nist.gov/vuln/detail/CVE-2018-12698 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12698.json", "FixedBy": "", "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", "Name": "CVE-2018-12698", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20002 https://bugzilla.redhat.com/show_bug.cgi?id=1661534 https://www.cve.org/CVERecord?id=CVE-2018-20002 https://nvd.nist.gov/vuln/detail/CVE-2018-20002 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20002.json", "FixedBy": "", "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", "Name": "CVE-2018-20002", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20671 https://bugzilla.redhat.com/show_bug.cgi?id=1664712 https://www.cve.org/CVERecord?id=CVE-2018-20671 https://nvd.nist.gov/vuln/detail/CVE-2018-20671 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20671.json", "FixedBy": "", "Description": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.", "Name": "CVE-2018-20671", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35495 https://bugzilla.redhat.com/show_bug.cgi?id=1911441 https://www.cve.org/CVERecord?id=CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35495.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability.", "Name": "CVE-2020-35495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3826.json", "FixedBy": "", "Description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "Name": "CVE-2021-3826", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9071 https://bugzilla.redhat.com/show_bug.cgi?id=1680657 https://www.cve.org/CVERecord?id=CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9071.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.", "Name": "CVE-2019-9071", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35494 https://bugzilla.redhat.com/show_bug.cgi?id=1911439 https://www.cve.org/CVERecord?id=CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35494.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality.", "Name": "CVE-2020-35494", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "Score": 6.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35493 https://bugzilla.redhat.com/show_bug.cgi?id=1911437 https://www.cve.org/CVERecord?id=CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35493.json", "FixedBy": "", "Description": "A flaw was found in Binutils in bfd/pef.c. This flaw allows an attacker who can submit a crafted PEF file to be parsed by objdump to cause a heap buffer overflow, leading to an out-of-bounds read. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2020-35493", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18607 https://bugzilla.redhat.com/show_bug.cgi?id=1647421 https://www.cve.org/CVERecord?id=CVE-2018-18607 https://nvd.nist.gov/vuln/detail/CVE-2018-18607 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18607.json", "FixedBy": "", "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18607", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35507 https://bugzilla.redhat.com/show_bug.cgi?id=1911691 https://www.cve.org/CVERecord?id=CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35507.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35507", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18605 https://bugzilla.redhat.com/show_bug.cgi?id=1647403 https://www.cve.org/CVERecord?id=CVE-2018-18605 https://nvd.nist.gov/vuln/detail/CVE-2018-18605 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18605.json", "FixedBy": "", "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18605", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20673 https://bugzilla.redhat.com/show_bug.cgi?id=1664709 https://www.cve.org/CVERecord?id=CVE-2018-20673 https://nvd.nist.gov/vuln/detail/CVE-2018-20673 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20673.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Name": "CVE-2018-20673", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18483 https://bugzilla.redhat.com/show_bug.cgi?id=1645957 https://www.cve.org/CVERecord?id=CVE-2018-18483 https://nvd.nist.gov/vuln/detail/CVE-2018-18483 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18483.json", "FixedBy": "", "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", "Name": "CVE-2018-18483", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-16598 https://bugzilla.redhat.com/show_bug.cgi?id=1906756 https://www.cve.org/CVERecord?id=CVE-2020-16598 https://nvd.nist.gov/vuln/detail/CVE-2020-16598 https://sourceware.org/bugzilla/show_bug.cgi?id=25840 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-16598.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2020-16598", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12641 https://bugzilla.redhat.com/show_bug.cgi?id=1594410 https://www.cve.org/CVERecord?id=CVE-2018-12641 https://nvd.nist.gov/vuln/detail/CVE-2018-12641 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12641.json", "FixedBy": "", "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", "Name": "CVE-2018-12641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17360 https://bugzilla.redhat.com/show_bug.cgi?id=1632921 https://www.cve.org/CVERecord?id=CVE-2018-17360 https://nvd.nist.gov/vuln/detail/CVE-2018-17360 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17360.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.", "Name": "CVE-2018-17360", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25588 https://bugzilla.redhat.com/show_bug.cgi?id=2167505 https://www.cve.org/CVERecord?id=CVE-2023-25588 https://nvd.nist.gov/vuln/detail/CVE-2023-25588 https://sourceware.org/bugzilla/show_bug.cgi?id=29677 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25588.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.", "Name": "CVE-2023-25588", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19932 https://bugzilla.redhat.com/show_bug.cgi?id=1658949 https://www.cve.org/CVERecord?id=CVE-2018-19932 https://nvd.nist.gov/vuln/detail/CVE-2018-19932 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19932.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", "Name": "CVE-2018-19932", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20623 https://bugzilla.redhat.com/show_bug.cgi?id=1664700 https://www.cve.org/CVERecord?id=CVE-2018-20623 https://nvd.nist.gov/vuln/detail/CVE-2018-20623 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20623.json", "FixedBy": "", "Description": "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.", "Name": "CVE-2018-20623", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20651 https://bugzilla.redhat.com/show_bug.cgi?id=1664703 https://www.cve.org/CVERecord?id=CVE-2018-20651 https://nvd.nist.gov/vuln/detail/CVE-2018-20651 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20651.json", "FixedBy": "", "Description": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-20651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25585 https://bugzilla.redhat.com/show_bug.cgi?id=2167498 https://www.cve.org/CVERecord?id=CVE-2023-25585 https://nvd.nist.gov/vuln/detail/CVE-2023-25585 https://sourceware.org/bugzilla/show_bug.cgi?id=29892 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25585.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.", "Name": "CVE-2023-25585", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25584 https://bugzilla.redhat.com/show_bug.cgi?id=2167467 https://www.cve.org/CVERecord?id=CVE-2023-25584 https://nvd.nist.gov/vuln/detail/CVE-2023-25584 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25584.json", "FixedBy": "", "Description": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "Name": "CVE-2023-25584", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17985 https://bugzilla.redhat.com/show_bug.cgi?id=1652723 https://www.cve.org/CVERecord?id=CVE-2018-17985 https://nvd.nist.gov/vuln/detail/CVE-2018-17985 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17985.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", "Name": "CVE-2018-17985", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18606 https://bugzilla.redhat.com/show_bug.cgi?id=1647415 https://www.cve.org/CVERecord?id=CVE-2018-18606 https://nvd.nist.gov/vuln/detail/CVE-2018-18606 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18606.json", "FixedBy": "", "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18701 https://bugzilla.redhat.com/show_bug.cgi?id=1646529 https://www.cve.org/CVERecord?id=CVE-2018-18701 https://nvd.nist.gov/vuln/detail/CVE-2018-18701 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18701.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18701", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-6872 https://bugzilla.redhat.com/show_bug.cgi?id=1543969 https://www.cve.org/CVERecord?id=CVE-2018-6872 https://nvd.nist.gov/vuln/detail/CVE-2018-6872 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-6872.json", "FixedBy": "", "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", "Name": "CVE-2018-6872", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla.redhat.com/show_bug.cgi?id=1664699 https://www.cve.org/CVERecord?id=CVE-2018-1000876 https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000876.json", "FixedBy": "", "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", "Name": "CVE-2018-1000876", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9075 https://bugzilla.redhat.com/show_bug.cgi?id=1680669 https://www.cve.org/CVERecord?id=CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9075.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", "Name": "CVE-2019-9075", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "FixedBy": "", "Description": "An out-of-bounds flaw was found in binutils\u2019 stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "Name": "CVE-2021-45078", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9077 https://bugzilla.redhat.com/show_bug.cgi?id=1680675 https://www.cve.org/CVERecord?id=CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9077.json", "FixedBy": "", "Description": "A vulnerability was found in the readelf utility in GNU Binutils. This issue involves a heap-based buffer overflow in the process_mips_specific function, which can be triggered by a malformed MIPS option section in binary files.", "Name": "CVE-2019-9077", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "FixedBy": "", "Description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "Name": "CVE-2022-44840", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221002015-b0ce06bbee7c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.3.7-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "3.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.38-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "semantic-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "42.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213143201-ec583247a57a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:2.97-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.3.1-34.el8_10", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:1.07-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:0.17025-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.06-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools-rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v5.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2023.11.15", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.24.2-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.73-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.16-8.el8_9.3", "BaseScores": [6.5], "CVEIds": ["CVE-2021-4209"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.2-20.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:4.6.0-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "20.26.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2013.0523-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:26.1-12.el8_10", "BaseScores": [7.3], "CVEIds": ["CVE-2022-48338", "CVE-2024-30204"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48338.json", "FixedBy": "", "Description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "Name": "CVE-2022-48338", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 7.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.33-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.18.1", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "23.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.48.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.4.20-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.1.0-9.1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shared-mime-info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.9-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.28-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221221325-2ac9dc51f3f1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ca2cf594e024e31ed89e750debba62069566fcf4d964245e4f302cdeb87e7489", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2023.2.60_v7.0.306-80.0.el8_8", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5736", "FixedBy": "0:2024.2.69_v8.0.303-80.0.el8_10", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "pkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shared-mime-info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.9-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "6.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools-rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.25-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.1-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024a-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.2.4-4.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.4.48-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.3.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.0.21-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kernel-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.18.0-553.22.1.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "charset-normalizer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "3.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.30-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-threads", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:2.21-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platformdirs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cachetools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.3.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.1.1k-12.el8_9", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "libpkgconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/ansible-operator-plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "(devel) (git, commit 42b5d80c75f1ddda8f2dbe1629b9454d366a8d6a, built at 2024-07-15T16:58:27Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner-http", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "5.33-26.el8", "BaseScores": [4.4, 6.5], "CVEIds": ["CVE-2019-8905", "CVE-2019-8906"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8906.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "Name": "CVE-2019-8906", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "Score": 4.4}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-8905.json", "FixedBy": "", "Description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Name": "CVE-2019-8905", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.30-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "packaging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3:1.49-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.230.600-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.15-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.26.0-19.el8_9", "BaseScores": [7.5, 7.5, 5.5, 7.5], "CVEIds": ["CVE-2019-19244", "CVE-2019-9936", "CVE-2019-9937", "CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9937.json", "FixedBy": "", "Description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "Name": "CVE-2019-9937", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-19244.json", "FixedBy": "", "Description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "Name": "CVE-2019-19244", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9936.json", "FixedBy": "", "Description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "Name": "CVE-2019-9936", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.5-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.11.0-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.1.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.6.8-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnsl2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.0-2.20180605git4a062cf.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.13.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.28-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.48-6.el8_9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.56.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxkbcommon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.1-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.10-0.3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "6.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5.10-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.1.27-6.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.5-7.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.3-3.el8_4", "BaseScores": [8.1], "CVEIds": ["CVE-2019-17543"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-17543 https://bugzilla.redhat.com/show_bug.cgi?id=1765316 https://www.cve.org/CVERecord?id=CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-17543.json", "FixedBy": "", "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "Name": "CVE-2019-17543", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 8.1}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptography", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "42.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/pyca/cryptography/security/advisories/GHSA-h4gh-qq45-vh27 https://github.com/pyca/cryptography https://openssl-library.org/news/secadv/20240903.txt", "FixedBy": "43.0.1", "Description": "pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels", "Name": "GHSA-h4gh-qq45-vh27", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.28.3-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:0.17025-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "530-3.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.5-13.el8_10", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2022-23990", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-23990 https://bugzilla.redhat.com/show_bug.cgi?id=2048356 https://www.cve.org/CVERecord?id=CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-23990.json", "FixedBy": "", "Description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.", "Name": "CVE-2022-23990", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6989", "FixedBy": "0:2.2.5-15.el8_10", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2:4.6-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "24.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "perl-threads-shared", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.58-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-runner", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filelock", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.15.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.0p1-25.el8_10", "BaseScores": [6.8, 5.3, 5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2018-15919", "CVE-2019-6110", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-6110 https://bugzilla.redhat.com/show_bug.cgi?id=1666124 https://www.cve.org/CVERecord?id=CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-6110.json", "FixedBy": "", "Description": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.", "Name": "CVE-2019-6110", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "Score": 6.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1623184 https://www.cve.org/CVERecord?id=CVE-2018-15919 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-15919.json", "FixedBy": "", "Description": "OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.", "Name": "CVE-2018-15919", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "glibc-gconv-extra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-syspurpose", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "unbound-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20220623-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.1-23.20170329cvs.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "20.2.4-9.module+el8.10.0+21329+8d76b841", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lockfile", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.12.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "docutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.21.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.22.3-18.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "chkconfig", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.19.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "semantic-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.7.0-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221002015-b0ce06bbee7c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "7.0-10.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.2.20-3.el8_6", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "pycparser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.22", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "trousers-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.3.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:4.6.0-22.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9-9.el8_6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pipenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2023.11.15", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.18.2-28.el8_10", "BaseScores": [6.5, 6.6, 9.1, 7.5], "CVEIds": ["CVE-2020-17049", "CVE-2023-5455", "CVE-2024-3596", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:8860", "FixedBy": "0:1.18.2-30.el8_10", "Description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "Name": "CVE-2024-3596", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2242828 https://www.cve.org/CVERecord?id=CVE-2023-5455 https://nvd.nist.gov/vuln/detail/CVE-2023-5455 https://www.freeipa.org/release-notes/4-10-3.html https://www.freeipa.org/release-notes/4-11-1.html https://www.freeipa.org/release-notes/4-6-10.html https://www.freeipa.org/release-notes/4-9-14.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5455.json", "FixedBy": "", "Description": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.", "Name": "CVE-2023-5455", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-17049.json", "FixedBy": "", "Description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "Name": "CVE-2020-17049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:5312", "FixedBy": "0:1.18.2-29.el8_10", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.4.20-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.17-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ruamel.yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:acf2f5c78cf6302a5524bbef3e852d3cf3d05e479cfbb6fe1ece163241324bd8", "Version": "0.18.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.066-4.module+el8.3.0+6446+594cad75", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "importlib-resources", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "5.0.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ansible-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.15.11", "BaseScores": [6.3], "CVEIds": ["CVE-2024-8775", "CVE-2024-9902"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-8775 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-8775 https://bugzilla.redhat.com/show_bug.cgi?id=2312119 https://github.com/ansible/ansible", "FixedBy": "lastAffected=2.17.4", "Description": "Ansible vulnerable to Insertion of Sensitive Information into Log File", "Name": "GHSA-jpxc-vmjf-9fcj", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-9902 https://github.com/ansible/ansible/commit/03794735d370db98a5ec2ad514fab2b0dd22d6be https://github.com/ansible/ansible/commit/03daf774d0d80fb7235910ed1c2b4fbcaebdfe65 https://github.com/ansible/ansible/commit/3b6de811abea0a811e03e3029222a7e459922892 https://github.com/ansible/ansible/commit/9d7312f695639e804d2caeb1d0f51c716a9ac7dd https://github.com/ansible/ansible/commit/f7be90626da3035c697623dcf9c90b7a0bc91c92 https://access.redhat.com/errata/RHSA-2024:8969 https://access.redhat.com/security/cve/CVE-2024-9902 https://bugzilla.redhat.com/show_bug.cgi?id=2318271 https://github.com/ansible/ansible", "FixedBy": "2.15.13rc1", "Description": "ansible-core Incorrect Authorization vulnerability", "Name": "GHSA-32p4-gm2c-wmch", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "Score": 6.3}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.15-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240221221325-2ac9dc51f3f1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:6.1.2-11.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "dbus-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.4.46-19.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:1.69-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:2.97-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ruamel.yaml.clib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:acf2f5c78cf6302a5524bbef3e852d3cf3d05e479cfbb6fe1ece163241324bd8", "Version": "0.2.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acc_provision", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:acf2f5c78cf6302a5524bbef3e852d3cf3d05e479cfbb6fe1ece163241324bd8", "Version": "6.1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.45.6-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.28-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.88-2.module+el8.6.0+13392+f0897f98", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.9-13.el8_5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.5.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.13.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.12.2-9.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jinja2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.5-9.el8_7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.074-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.110-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.56.4-162.el8", "BaseScores": [5.5, 7.5, 7.5, 5.5], "CVEIds": ["CVE-2023-29499", "CVE-2023-32611", "CVE-2023-32636", "CVE-2023-32665", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32611.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32611", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json", "FixedBy": "", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-29499.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "Name": "CVE-2023-29499", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32665.json", "FixedBy": "", "Description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "Name": "CVE-2023-32665", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.16-8.el8_9.3", "BaseScores": [6.5], "CVEIds": ["CVE-2021-4209"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4209.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "Name": "CVE-2021-4209", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.18-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "10.32-3.el8_6", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.14.2-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213143201-ec583247a57a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "llvm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "17.0.6-3.module+el8.10.0+22125+1509a634", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cryptsetup-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.3.7-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.33-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.23-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:1.280-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.80-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:8.0.1763-19.el8_6.4", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.5, 7.8, 7.8, 5.5, 7.8, 5.5, 7.8, 7.8, 7.8, 5.5, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 5.5, 5.5, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2018-20786", "CVE-2020-20703", "CVE-2021-3236", "CVE-2021-3927", "CVE-2021-3974", "CVE-2021-4166", "CVE-2022-0351", "CVE-2022-1619", "CVE-2022-1720", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-3037", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3296", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20786 https://bugzilla.redhat.com/show_bug.cgi?id=1680588 https://www.cve.org/CVERecord?id=CVE-2018-20786 https://nvd.nist.gov/vuln/detail/CVE-2018-20786 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20786.json", "FixedBy": "", "Description": "libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.", "Name": "CVE-2018-20786", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3236 https://bugzilla.redhat.com/show_bug.cgi?id=2231531 https://www.cve.org/CVERecord?id=CVE-2021-3236 https://nvd.nist.gov/vuln/detail/CVE-2021-3236 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3236.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the ex_buffer_all function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2021-3236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zipp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.18.1", "BaseScores": [], "CVEIds": ["CVE-2024-5569"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5569 https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd https://github.com/jaraco/zipp https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", "FixedBy": "3.19.1", "Description": "zipp Denial of Service vulnerability", "Name": "GHSA-jfmj-5v4g-7637", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pkgconf-m4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-1.el8", "BaseScores": [7.5, 4.7], "CVEIds": ["CVE-2021-24032", "CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-24032.json", "FixedBy": "", "Description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "Name": "CVE-2021-24032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.1.2-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ptyprocess", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/operator-registry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.39.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.3.3-5.el8", "BaseScores": [6.5, 6.5, 6.5, 7.8, 7.8], "CVEIds": ["CVE-2018-1000879", "CVE-2018-1000880", "CVE-2020-21674", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-21674 https://bugzilla.redhat.com/show_bug.cgi?id=1888786 https://www.cve.org/CVERecord?id=CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2020-21674 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-21674.json", "FixedBy": "", "Description": "Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.", "Name": "CVE-2020-21674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000880.json", "FixedBy": "", "Description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "Name": "CVE-2018-1000880", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000879.json", "FixedBy": "", "Description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "Name": "CVE-2018-1000879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.167-399.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-26.el8", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2024:8922", "FixedBy": "0:1.0.6-27.el8_10", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "distlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "5.72-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.37-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.4-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "9.0.3-24.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2018-20225"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20225.json", "FixedBy": "", "Description": "A flaw was found in python-pip. The software installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).", "Name": "CVE-2018-20225", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:1.07-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.21-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.17.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20230731-1.git3177e06.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "39.2.0-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5530", "FixedBy": "0:39.2.0-8.el8_10", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.28.42-1.el8", "BaseScores": [6.1], "CVEIds": ["CVE-2022-0235"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0235 https://bugzilla.redhat.com/show_bug.cgi?id=2044591 https://www.cve.org/CVERecord?id=CVE-2022-0235 https://nvd.nist.gov/vuln/detail/CVE-2022-0235 https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0235.json", "FixedBy": "", "Description": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "Name": "CVE-2022-0235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests-unixsocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:3.35-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.113-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2:1.30-9.el8", "BaseScores": [7.5, 3.3], "CVEIds": ["CVE-2019-9923", "CVE-2021-20193", "CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9923.json", "FixedBy": "", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Name": "CVE-2019-9923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "FixedBy": "", "Description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-20193", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.6-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.8-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.5-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1:3.5-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.8.5-7.el8_6", "BaseScores": [5.9], "CVEIds": ["CVE-2019-12904", "CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12904.json", "FixedBy": "", "Description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "Name": "CVE-2019-12904", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}]}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "3.74-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.7.0-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.1.7-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.13-4.el8_7", "BaseScores": [5.5], "CVEIds": ["CVE-2018-1000654"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-1000654.json", "FixedBy": "", "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "Name": "CVE-2018-1000654", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.14-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virtualenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "20.26.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.4-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.20.2-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:26.1-12.el8_10", "BaseScores": [7.3], "CVEIds": ["CVE-2022-48338", "CVE-2024-30204"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48338.json", "FixedBy": "", "Description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "Name": "CVE-2022-48338", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 7.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "20160104-7.module+el8.3.0+6498+9eecfe51", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "23.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-devel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.1.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.33.0-6.el8_10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2024.2.2", "BaseScores": [], "CVEIds": ["CVE-2024-39689"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "osv/pypi", "Link": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc https://nvd.nist.gov/vuln/detail/CVE-2024-39689 https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463 https://github.com/certifi/python-certifi https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "FixedBy": "2024.07.04", "Description": "Certifi removes GLOBALTRUST root certificate", "Name": "GHSA-248v-346w-9cwc", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.9.7-18.el8_10.1", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "rust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "device-mapper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8:1.02.181-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "50.3.2-5.module+el8.10.0+20345+671a55aa", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:50.3.2-6.module+el8.10.0+22183+c898c0c1", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.190-2.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2021-33294", "CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-33294.json", "FixedBy": "", "Description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.", "Name": "CVE-2021-33294", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.9.5-15.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2013.0523-395.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240213162025-012b6fc9bca9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.2-20.el8", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Unicode-Normalize", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.25-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.13.1-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi8/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.9-1107", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.1-10.20180224.el8", "BaseScores": [6.5, 6.5, 6.5, 6.5, 6.5, 8.8, 6.5, 5.5, 6.5, 6.5], "CVEIds": ["CVE-2018-19211", "CVE-2018-19217", "CVE-2020-19185", "CVE-2020-19186", "CVE-2020-19187", "CVE-2020-19188", "CVE-2020-19189", "CVE-2020-19190", "CVE-2021-39537", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19185.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19185", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19187.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19190.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19190", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19217.json", "FixedBy": "", "Description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "Name": "CVE-2018-19217", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-39537.json", "FixedBy": "", "Description": "A heap overflow vulnerability has been found in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "Name": "CVE-2021-39537", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19186.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "Name": "CVE-2020-19186", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19211.json", "FixedBy": "", "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "Name": "CVE-2018-19211", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-19189.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19189", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "FixedBy": "", "Description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash.", "Name": "CVE-2020-19188", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.73-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/go-is-svg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20160927212452-35e8c4b0612c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.43.5-1.el8_10", "BaseScores": [5.0], "CVEIds": ["CVE-2018-1000021"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000021 https://bugzilla.redhat.com/show_bug.cgi?id=1541854 https://www.cve.org/CVERecord?id=CVE-2018-1000021 https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000021.json", "FixedBy": "", "Description": "It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.", "Name": "CVE-2018-1000021", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.0}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.6-13.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.31-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "requests-oauthlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.3.2-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.24.2-7.el8", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:5309", "FixedBy": "0:1.24.2-8.el8_10", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.31.0", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/pull/6655 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac https://github.com/psf/requests https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "FixedBy": "2.32.0", "Description": "Requests `Session` object does not verify requests after making first request with verify=False", "Name": "GHSA-9wx4-h78v-vm56", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:5.26.3-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xkeyboard-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.28-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "3.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.18-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.2.53-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:0.237-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.13.1-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.20.0-3.el8_8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.4.1-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.7.20-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v5.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.0.3-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/operator-framework/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.26.18", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/pypi", "Link": "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e https://github.com/urllib3/urllib3", "FixedBy": "1.26.19", "Description": "urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ", "Name": "GHSA-34jh-p97f-mpxf", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.1.8-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "websocket-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.55-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rust-std-static", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.75.0-1.module+el8.10.0+21160+cc6a0df8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.3.1-34.el8_10", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:3.11-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cpp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "8.5.0-22.el8_10", "BaseScores": [7.5, 8.3, 5.5, 5.5], "CVEIds": ["CVE-2018-20657", "CVE-2019-14250", "CVE-2021-42694", "CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-42694 https://bugzilla.redhat.com/show_bug.cgi?id=2015365 https://www.cve.org/CVERecord?id=CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Canonical_Represenation https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-42694.json", "FixedBy": "", "Description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. Homoglyphs are different Unicode characters that, to the naked eye, look the same.  An attacker could use homoglyphs to deceive a human reviewer by creating a malicious patch containing functions that look similar to standard library functions, such as print, but replace one character with a homoglyph. This function can then be defined in an upstream dependency to launch source code-related attacks.", "Name": "CVE-2021-42694", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "Score": 8.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "20180723-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "markupsafe", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3c61c15b346ea5afd0d9810567b43859610f4526e8ed5af79647bc93999a7465", "Version": "2.1.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.26.20", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "brotli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.0.6-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-headers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.28-251.el8_10.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.38-422.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyopenssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "24.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "29.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "69.5.1", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "osv/pypi", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "FixedBy": "70.0.0", "Description": "setuptools vulnerable to Command Injection via package URL", "Name": "GHSA-cx63-2mw6-8hw5", "Metadata": {"UpdatedBy": "osv/pypi", "RepoName": "pypi", "RepoLink": "https://pypi.org/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "go1.21.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:2.50-4.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "8.42-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:2.6.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "isl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.16.1-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.61.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1-24.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4:2.027-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libssh-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.9.6-14.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "importlib-metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "6.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.62-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.23.22-2.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.4-12.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2020-15945"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-15945 https://bugzilla.redhat.com/show_bug.cgi?id=1861999 https://www.cve.org/CVERecord?id=CVE-2020-15945 https://nvd.nist.gov/vuln/detail/CVE-2020-15945 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-15945.json", "FixedBy": "", "Description": "A flaw was found in lua. A segmentation fault is possible because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.", "Name": "CVE-2020-15945", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "binutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "2.30-123.el8", "BaseScores": [9.8, 7.5, 6.5, 5.5, 5.5, 5.5, 7.5, 5.5, 7.5, 5.5, 6.5, 5.5, 5.5, 7.5, 5.5, 5.5, 5.5, 6.5, 5.5, 6.1, 5.5, 5.5, 5.5, 5.5, 5.5, 7.8, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 7.1, 5.5, 5.5, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 5.5, 5.5, 5.5, 7.8, 5.5], "CVEIds": ["CVE-2018-1000876", "CVE-2018-12641", "CVE-2018-12697", "CVE-2018-12698", "CVE-2018-12699", "CVE-2018-12700", "CVE-2018-12934", "CVE-2018-17360", "CVE-2018-17794", "CVE-2018-17985", "CVE-2018-18309", "CVE-2018-18483", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607", "CVE-2018-18700", "CVE-2018-18701", "CVE-2018-19932", "CVE-2018-20002", "CVE-2018-20623", "CVE-2018-20651", "CVE-2018-20657", "CVE-2018-20671", "CVE-2018-20673", "CVE-2018-6872", "CVE-2019-12972", "CVE-2019-14250", "CVE-2019-9071", "CVE-2019-9075", "CVE-2019-9077", "CVE-2020-16598", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3826", "CVE-2021-45078", "CVE-2022-38533", "CVE-2022-44840", "CVE-2022-47007", "CVE-2022-47008", "CVE-2022-47010", "CVE-2022-47011", "CVE-2023-1972", "CVE-2023-25584", "CVE-2023-25585", "CVE-2023-25588"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12699 https://bugzilla.redhat.com/show_bug.cgi?id=1595427 https://www.cve.org/CVERecord?id=CVE-2018-12699 https://nvd.nist.gov/vuln/detail/CVE-2018-12699 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-12699.json", "FixedBy": "", "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", "Name": "CVE-2018-12699", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20657.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "Name": "CVE-2018-20657", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17794 https://bugzilla.redhat.com/show_bug.cgi?id=1635082 https://www.cve.org/CVERecord?id=CVE-2018-17794 https://nvd.nist.gov/vuln/detail/CVE-2018-17794 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17794.json", "FixedBy": "", "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", "Name": "CVE-2018-17794", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12700 https://bugzilla.redhat.com/show_bug.cgi?id=1595437 https://www.cve.org/CVERecord?id=CVE-2018-12700 https://nvd.nist.gov/vuln/detail/CVE-2018-12700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12700.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2018-12700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12972 https://bugzilla.redhat.com/show_bug.cgi?id=1831873 https://www.cve.org/CVERecord?id=CVE-2019-12972 https://nvd.nist.gov/vuln/detail/CVE-2019-12972 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-12972.json", "FixedBy": "", "Description": "An out-of-bounds read was discovered in Binutils while it processes a malformed ELF relocatable file (.o file). A victim user who uses Binutils tools (size, gdb, readelf) to analyze untrusted binaries, may be vulnerable to a denial of service attack.", "Name": "CVE-2019-12972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-38533.json", "FixedBy": "", "Description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "Name": "CVE-2022-38533", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18309 https://bugzilla.redhat.com/show_bug.cgi?id=1639911 https://www.cve.org/CVERecord?id=CVE-2018-18309 https://nvd.nist.gov/vuln/detail/CVE-2018-18309 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18309.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.", "Name": "CVE-2018-18309", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12697 https://bugzilla.redhat.com/show_bug.cgi?id=1595417 https://www.cve.org/CVERecord?id=CVE-2018-12697 https://nvd.nist.gov/vuln/detail/CVE-2018-12697 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12697.json", "FixedBy": "", "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", "Name": "CVE-2018-12697", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18700 https://bugzilla.redhat.com/show_bug.cgi?id=1646535 https://www.cve.org/CVERecord?id=CVE-2018-18700 https://nvd.nist.gov/vuln/detail/CVE-2018-18700 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18700.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18700", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12934 https://bugzilla.redhat.com/show_bug.cgi?id=1597853 https://www.cve.org/CVERecord?id=CVE-2018-12934 https://nvd.nist.gov/vuln/detail/CVE-2018-12934 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12934.json", "FixedBy": "", "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", "Name": "CVE-2018-12934", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35496 https://bugzilla.redhat.com/show_bug.cgi?id=1911444 https://www.cve.org/CVERecord?id=CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35496.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35496", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "FixedBy": "", "Description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "Name": "CVE-2023-1972", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18484 https://bugzilla.redhat.com/show_bug.cgi?id=1645958 https://www.cve.org/CVERecord?id=CVE-2018-18484 https://nvd.nist.gov/vuln/detail/CVE-2018-18484 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18484.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", "Name": "CVE-2018-18484", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-14250.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "Name": "CVE-2019-14250", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12698 https://bugzilla.redhat.com/show_bug.cgi?id=1595419 https://www.cve.org/CVERecord?id=CVE-2018-12698 https://nvd.nist.gov/vuln/detail/CVE-2018-12698 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12698.json", "FixedBy": "", "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", "Name": "CVE-2018-12698", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20002 https://bugzilla.redhat.com/show_bug.cgi?id=1661534 https://www.cve.org/CVERecord?id=CVE-2018-20002 https://nvd.nist.gov/vuln/detail/CVE-2018-20002 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20002.json", "FixedBy": "", "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", "Name": "CVE-2018-20002", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20671 https://bugzilla.redhat.com/show_bug.cgi?id=1664712 https://www.cve.org/CVERecord?id=CVE-2018-20671 https://nvd.nist.gov/vuln/detail/CVE-2018-20671 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20671.json", "FixedBy": "", "Description": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.", "Name": "CVE-2018-20671", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35495 https://bugzilla.redhat.com/show_bug.cgi?id=1911441 https://www.cve.org/CVERecord?id=CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35495.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability.", "Name": "CVE-2020-35495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3826.json", "FixedBy": "", "Description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "Name": "CVE-2021-3826", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9071 https://bugzilla.redhat.com/show_bug.cgi?id=1680657 https://www.cve.org/CVERecord?id=CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9071.json", "FixedBy": "", "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.", "Name": "CVE-2019-9071", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35494 https://bugzilla.redhat.com/show_bug.cgi?id=1911439 https://www.cve.org/CVERecord?id=CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35494.json", "FixedBy": "", "Description": "A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality.", "Name": "CVE-2020-35494", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "Score": 6.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35493 https://bugzilla.redhat.com/show_bug.cgi?id=1911437 https://www.cve.org/CVERecord?id=CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35493.json", "FixedBy": "", "Description": "A flaw was found in Binutils in bfd/pef.c. This flaw allows an attacker who can submit a crafted PEF file to be parsed by objdump to cause a heap buffer overflow, leading to an out-of-bounds read. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2020-35493", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18607 https://bugzilla.redhat.com/show_bug.cgi?id=1647421 https://www.cve.org/CVERecord?id=CVE-2018-18607 https://nvd.nist.gov/vuln/detail/CVE-2018-18607 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18607.json", "FixedBy": "", "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18607", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35507 https://bugzilla.redhat.com/show_bug.cgi?id=1911691 https://www.cve.org/CVERecord?id=CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-35507.json", "FixedBy": "", "Description": "A flaw was found in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", "Name": "CVE-2020-35507", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18605 https://bugzilla.redhat.com/show_bug.cgi?id=1647403 https://www.cve.org/CVERecord?id=CVE-2018-18605 https://nvd.nist.gov/vuln/detail/CVE-2018-18605 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18605.json", "FixedBy": "", "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18605", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20673 https://bugzilla.redhat.com/show_bug.cgi?id=1664709 https://www.cve.org/CVERecord?id=CVE-2018-20673 https://nvd.nist.gov/vuln/detail/CVE-2018-20673 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20673.json", "FixedBy": "", "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "Name": "CVE-2018-20673", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18483 https://bugzilla.redhat.com/show_bug.cgi?id=1645957 https://www.cve.org/CVERecord?id=CVE-2018-18483 https://nvd.nist.gov/vuln/detail/CVE-2018-18483 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18483.json", "FixedBy": "", "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", "Name": "CVE-2018-18483", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-16598 https://bugzilla.redhat.com/show_bug.cgi?id=1906756 https://www.cve.org/CVERecord?id=CVE-2020-16598 https://nvd.nist.gov/vuln/detail/CVE-2020-16598 https://sourceware.org/bugzilla/show_bug.cgi?id=25840 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-16598.json", "FixedBy": "", "Description": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "Name": "CVE-2020-16598", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-12641 https://bugzilla.redhat.com/show_bug.cgi?id=1594410 https://www.cve.org/CVERecord?id=CVE-2018-12641 https://nvd.nist.gov/vuln/detail/CVE-2018-12641 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-12641.json", "FixedBy": "", "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", "Name": "CVE-2018-12641", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17360 https://bugzilla.redhat.com/show_bug.cgi?id=1632921 https://www.cve.org/CVERecord?id=CVE-2018-17360 https://nvd.nist.gov/vuln/detail/CVE-2018-17360 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17360.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.", "Name": "CVE-2018-17360", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25588 https://bugzilla.redhat.com/show_bug.cgi?id=2167505 https://www.cve.org/CVERecord?id=CVE-2023-25588 https://nvd.nist.gov/vuln/detail/CVE-2023-25588 https://sourceware.org/bugzilla/show_bug.cgi?id=29677 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25588.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.", "Name": "CVE-2023-25588", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-19932 https://bugzilla.redhat.com/show_bug.cgi?id=1658949 https://www.cve.org/CVERecord?id=CVE-2018-19932 https://nvd.nist.gov/vuln/detail/CVE-2018-19932 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-19932.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", "Name": "CVE-2018-19932", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20623 https://bugzilla.redhat.com/show_bug.cgi?id=1664700 https://www.cve.org/CVERecord?id=CVE-2018-20623 https://nvd.nist.gov/vuln/detail/CVE-2018-20623 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20623.json", "FixedBy": "", "Description": "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.", "Name": "CVE-2018-20623", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20651 https://bugzilla.redhat.com/show_bug.cgi?id=1664703 https://www.cve.org/CVERecord?id=CVE-2018-20651 https://nvd.nist.gov/vuln/detail/CVE-2018-20651 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-20651.json", "FixedBy": "", "Description": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-20651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25585 https://bugzilla.redhat.com/show_bug.cgi?id=2167498 https://www.cve.org/CVERecord?id=CVE-2023-25585 https://nvd.nist.gov/vuln/detail/CVE-2023-25585 https://sourceware.org/bugzilla/show_bug.cgi?id=29892 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25585.json", "FixedBy": "", "Description": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.", "Name": "CVE-2023-25585", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-25584 https://bugzilla.redhat.com/show_bug.cgi?id=2167467 https://www.cve.org/CVERecord?id=CVE-2023-25584 https://nvd.nist.gov/vuln/detail/CVE-2023-25584 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-25584.json", "FixedBy": "", "Description": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "Name": "CVE-2023-25584", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-17985 https://bugzilla.redhat.com/show_bug.cgi?id=1652723 https://www.cve.org/CVERecord?id=CVE-2018-17985 https://nvd.nist.gov/vuln/detail/CVE-2018-17985 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-17985.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", "Name": "CVE-2018-17985", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18606 https://bugzilla.redhat.com/show_bug.cgi?id=1647415 https://www.cve.org/CVERecord?id=CVE-2018-18606 https://nvd.nist.gov/vuln/detail/CVE-2018-18606 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18606.json", "FixedBy": "", "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "Name": "CVE-2018-18606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-18701 https://bugzilla.redhat.com/show_bug.cgi?id=1646529 https://www.cve.org/CVERecord?id=CVE-2018-18701 https://nvd.nist.gov/vuln/detail/CVE-2018-18701 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-18701.json", "FixedBy": "", "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "Name": "CVE-2018-18701", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-6872 https://bugzilla.redhat.com/show_bug.cgi?id=1543969 https://www.cve.org/CVERecord?id=CVE-2018-6872 https://nvd.nist.gov/vuln/detail/CVE-2018-6872 https://access.redhat.com/security/data/csaf/v2/vex/2018/cve-2018-6872.json", "FixedBy": "", "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", "Name": "CVE-2018-6872", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-1000876 https://bugzilla.redhat.com/show_bug.cgi?id=1664699 https://www.cve.org/CVERecord?id=CVE-2018-1000876 https://nvd.nist.gov/vuln/detail/CVE-2018-1000876 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000876.json", "FixedBy": "", "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", "Name": "CVE-2018-1000876", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9075 https://bugzilla.redhat.com/show_bug.cgi?id=1680669 https://www.cve.org/CVERecord?id=CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9075.json", "FixedBy": "", "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", "Name": "CVE-2019-9075", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "FixedBy": "", "Description": "An out-of-bounds flaw was found in binutils\u2019 stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "Name": "CVE-2021-45078", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9077 https://bugzilla.redhat.com/show_bug.cgi?id=1680675 https://www.cve.org/CVERecord?id=CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9077.json", "FixedBy": "", "Description": "A vulnerability was found in the readelf utility in GNU Binutils. This issue involves a heap-based buffer overflow in the process_mips_specific function, which can be triggered by a malformed MIPS option section in binary files.", "Name": "CVE-2019-9077", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "FixedBy": "", "Description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "Name": "CVE-2022-44840", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "0.39-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.2.11-25.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "0.9.9-3.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-unbound", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.16.2-5.el8_9.6", "BaseScores": [7.5], "CVEIds": ["CVE-2019-16866", "CVE-2024-33655", "CVE-2024-43167", "CVE-2024-43168", "CVE-2024-8508"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-16866 https://bugzilla.redhat.com/show_bug.cgi?id=1767955 https://www.cve.org/CVERecord?id=CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2019-16866 https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-16866.json", "FixedBy": "", "Description": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.", "Name": "CVE-2019-16866", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43167 https://bugzilla.redhat.com/show_bug.cgi?id=2303456 https://www.cve.org/CVERecord?id=CVE-2024-43167 https://nvd.nist.gov/vuln/detail/CVE-2024-43167 https://github.com/NLnetLabs/unbound/issues/1072 https://github.com/NLnetLabs/unbound/pull/1073/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43167.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.", "Name": "CVE-2024-43167", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43168 https://bugzilla.redhat.com/show_bug.cgi?id=2303462 https://www.cve.org/CVERecord?id=CVE-2024-43168 https://nvd.nist.gov/vuln/detail/CVE-2024-43168 https://github.com/NLnetLabs/unbound/issues/1039 https://github.com/NLnetLabs/unbound/pull/1040/files https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43168.json", "FixedBy": "", "Description": "A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.", "Name": "CVE-2024-43168", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2279942 https://www.cve.org/CVERecord?id=CVE-2024-33655 https://nvd.nist.gov/vuln/detail/CVE-2024-33655 https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33655.json", "FixedBy": "", "Description": "A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the authoritative answers become available to Unbound at the same time, Unbound starts serving all the accumulated queries. This results in large-sized, concentrated response bursts to the spoofed addresses.", "Name": "CVE-2024-33655", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8508 https://bugzilla.redhat.com/show_bug.cgi?id=2316321 https://www.cve.org/CVERecord?id=CVE-2024-8508 https://nvd.nist.gov/vuln/detail/CVE-2024-8508 https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8508.json", "FixedBy": "", "Description": "A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that Unbound can perform per packet, meaning that if a specially crafted query is passed for the contents of a malicious zone with very large RRsets, Unbound may spend a considerable amount of time applying name compression to downstream replies, locking the CPU until the whole packet has been processed.", "Name": "CVE-2024-8508", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "4.2.1-4.el8", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "25-20.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.1.0-9.1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "239-82.el8_10.1", "BaseScores": [5.5, 4.3], "CVEIds": ["CVE-2018-20839", "CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "FixedBy": "", "Description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "Name": "CVE-2018-20839", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Score": 4.3}}}}]}, {"Name": "pkgconf-pkg-config", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.4.2-1.el8", "BaseScores": [5.5], "CVEIds": ["CVE-2023-24056"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-24056.json", "FixedBy": "", "Description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "Name": "CVE-2023-24056", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pexpect", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "4.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python39", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.9.19-1.module+el8.10.0+21815+bb024982", "BaseScores": [7.5], "CVEIds": ["CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6345", "CVE-2024-6923", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:5962", "FixedBy": "0:3.9.19-7.module+el8.10.0+22237+51382d7a", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8359", "FixedBy": "0:3.9.20-1.module+el8.10.0+22342+478c159e", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.3.2-12.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.11-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1.4.4-6.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "4.14.3-31.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "platform-python", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "3.6.8-62.el8_10", "BaseScores": [7.5, 7.5, 7.5], "CVEIds": ["CVE-2019-9674", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-9287"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://access.redhat.com/security/data/csaf/v2/vex/2019/cve-2019-9674.json", "FixedBy": "", "Description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "Name": "CVE-2019-9674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6975", "FixedBy": "0:3.6.8-67.el8_10", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json", "FixedBy": "", "Description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "Name": "CVE-2024-9287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google-auth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "2.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2.32.1-46.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.1.6-1.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "info", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "6.5-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "5.3.28-42.el8_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1.42-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.29.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "7.61.1-34.el8", "BaseScores": [8.8, 6.5], "CVEIds": ["CVE-2023-27534", "CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-27534.json", "FixedBy": "", "Description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "Name": "CVE-2023-27534", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 8.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5654", "FixedBy": "0:7.61.1-34.el8_10.2", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "0.63.0-19.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "resolvelib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pyasn1_modules", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ff6323708ad3c86e4a345b84a13f54d792a41072df60901620990ae3a17461b8", "Version": "0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "4.06-396.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-daemon", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "1:1.12.8-26.el8", "BaseScores": [7.8], "CVEIds": ["CVE-2020-35512"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "FixedBy": "", "Description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "Name": "CVE-2020-35512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "2.11-5.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtirpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "1.1.4-12.el8_10", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "3.0.4-7.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "70.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/h2non/filetype", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.1.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "certifi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d80df33ad758d1e043de3503f498c8315e82f2d483c80258a1e26a8a2c6f3a47", "Version": "2024.7.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:aa42ef82fc0a877a3d1d411ac1a4a1eb6fdd883305b2eb045e380c282713ed29", "Version": "234-8.el8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d15e2a323ac405255acb3450bcdc923626c87bec46480ad92f1eb97784db3efd", "Version": "1:1.1.1k-12.el8_9", "BaseScores": [5.5, 6.5, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:7848", "FixedBy": "1:1.1.1k-14.el8_6", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3f0da83d314b937c6819195c65a8f45001e56e39814b4f8ee929df29666966fb", "Version": "v0.48.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-quay-cve.txt
index 58a2a8ff1b..17f3896e78 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:9df007093405d61dcc9228e47e3c08e64b13ad54a336e4e0a82933589f80a681", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shastrinator/kube-admission-webhook", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240712005226-d905af558e63", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:9df007093405d61dcc9228e47e3c08e64b13ad54a336e4e0a82933589f80a681", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shastrinator/kube-admission-webhook", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240712005226-d905af558e63", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f4e32fde66655935eaa399ffdc73a40c150e8ff07957477aea36e464103fe589", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-quay-cve.txt
index 3a699423f2..9536c302da 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:a90590d8bedbee28129140088f72119d38bdb537130b61de56d302a6b8dae496", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/xeipuuv/gojsonschema", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/gateway-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/ini.v1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.67.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/istio", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel) (git, commit 0183f2886bc078e8df4d6bbd21fa452a3a23481d, built at 2023-07-21T20:31:00Z, dirty)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20200713203337-b2494ecb17dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.22.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:89f7c97b0bfdd44a750e210f8afb5021d35d6d9505c747cafb08b5f05d833e6c", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/BurntSushi/toml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rivo/uniseg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.130.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/x448/float16", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20211013185944-b0039bd2cfe3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/peterbourgon/diskv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.1+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.13.1-0.20230315234915-a26de2d610c3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/square/go-jose.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rogpeppe/go-internal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/mitchellh/mapstructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/exponent-io/jsonpath", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20151013193312-d6023ce2651d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/monochromegane/go-gitignore", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20200626010858-205db1a8cc00", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/cli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel) (git, commit 9edcffcde5595e8a5b1a35f88c421764e575afce, built at 2024-08-13T07:28:48Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lithammer/dedent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.55.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-kit/log", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-isatty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.18", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grafana/regexp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20221122212121-6b5c0a4cb7fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/longrunning", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-middleware", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fvbommel/sortorder", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/jwx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/go-control-plane", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.11.1-0.20230416233444-7f2a3030ef40", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-colorable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/daviddengcn/go-colortext", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/backoff/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/statsd_exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.30.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pmezard/go-difflib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/hcl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ryanuber/go-glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/reflectwalk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/spf13/cast", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "istio.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.18.1-0.20230713061908-17d95fabac25", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/blackmagic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cpuguy83/go-md2man/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kylelemons/godebug", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/census-instrumentation/opencensus-proto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20180305231024-9cad4c3443a7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.19.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.14.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/s2a-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/goutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "contrib.go.opencensus.io/exporter/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/shlex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20191202100458-e7afc7fbc510", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/pkg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230524020242-1015535057be", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/orderedmap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cncf/xds/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230310173818-32f1caf87195", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-wordwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/metrics", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-multierror", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.54.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/viper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-containerregistry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230313181309-38a27ef9d749", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kustomize/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v5.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fxamacker/cbor/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/copystructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/color", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/camelcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/mcs-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/appengine", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.6.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/liggitt/tabwriter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20181228230101-89fcab3d43de", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/magiconair/properties", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/logging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker-credential-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cyphar/filepath-securejoin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stretchr/testify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cheggaaa/pb/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20180127040603-bd5ef7bd5415", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20190905194746-02993c407bfb", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/miekg/dns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.53", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spaolacci/murmur3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.117.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.42.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "go1.20.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230327201221-f5883ff37f0c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/VividCortex/ewma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/hashicorp/errwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.43.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20190611155906-901d90724c79", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.34.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230525235612-a134d8f9ddca", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/googleapis/gax-go/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/MakeNowJust/heredoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/subosito/gotenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/golang-lru/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v5.6.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230410155749-daa745c078e1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/evanphx/json-patch.v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v4.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/russross/blackfriday/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/semver/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opencensus.io", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/option", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/jwalterweatherman", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20221205130635-1aeaba878587", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20240711033017-18e509b52bc8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pelletier/go-toml/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/image-spec", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0-rc3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/sprig/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shopspring/decimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/compute/metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/googleapis/enterprise-certificate-proxy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/chai2010/gettext-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/httpcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/protoc-gen-validate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v4.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230321023759-10a507213a29", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.13.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-runewidth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.14", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/distribution", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.8.2+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logfmt/logfmt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/klauspost/compress", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/huandu/xstrings", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/iter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.17.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.27.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/pretty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "helm.sh/helm/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230713061407-06047cce866f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gobwas/glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-errors/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:a90590d8bedbee28129140088f72119d38bdb537130b61de56d302a6b8dae496", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/ini.v1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.67.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spaolacci/murmur3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.54.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cpuguy83/go-md2man/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.17.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/miekg/dns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.53", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20200713203337-b2494ecb17dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cyphar/filepath-securejoin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.30.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "go1.20.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.34.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ryanuber/go-glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/appengine", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.6.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/pretty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grafana/regexp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20221122212121-6b5c0a4cb7fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/golang-lru/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/subosito/gotenv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-runewidth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.14", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kr/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.42.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.14.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.17.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/longrunning", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20190611155906-901d90724c79", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/kylelemons/godebug", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rogpeppe/go-internal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230713061407-06047cce866f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "contrib.go.opencensus.io/exporter/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-colorable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.13", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.15.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonschema", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20221205130635-1aeaba878587", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fxamacker/cbor/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/klauspost/compress", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/liggitt/tabwriter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20181228230101-89fcab3d43de", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/peterbourgon/diskv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.1+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/cli", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/daviddengcn/go-colortext", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/s2a-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/googleapis/gax-go/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-kit/log", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.130.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/imdario/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/x448/float16", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/orderedmap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/BurntSushi/toml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-wordwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/VividCortex/ewma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/backoff/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/exponent-io/jsonpath", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20151013193312-d6023ce2651d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/pmezard/go-difflib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v4.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/onsi/gomega", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.27.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/atomic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.10.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/huandu/xstrings", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/jwalterweatherman", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v5.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/istio", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel) (git, commit 0183f2886bc078e8df4d6bbd21fa452a3a23481d, built at 2023-07-21T20:31:00Z, dirty)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/iter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.22.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20211013185944-b0039bd2cfe3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gregjones/httpcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20180305231024-9cad4c3443a7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/pkg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230524020242-1015535057be", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/metrics", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-version", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/image-spec", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0-rc3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker-credential-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/errwrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/httpcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/evanphx/json-patch.v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v4.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jonboulle/clockwork", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/mapstructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/shopspring/decimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/copystructure", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/logging", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cheggaaa/pb/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/btree", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xlab/treeprint", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.43.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gobwas/glob", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/viper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/goutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20190905194746-02993c407bfb", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230321023759-10a507213a29", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/color", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/xeipuuv/gojsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20180127040603-bd5ef7bd5415", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/go-multierror", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/reflectwalk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.13.1-0.20230315234915-a26de2d610c3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-isatty", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.18", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/census-instrumentation/opencensus-proto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/jwx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.26", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/docker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v23.0.3+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/docker/distribution", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.8.2+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/sprig/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/magiconair/properties", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/protoc-gen-validate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.55.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-middleware", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v5.6.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/kustomize/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v5.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/kustomize/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.13.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:89f7c97b0bfdd44a750e210f8afb5021d35d6d9505c747cafb08b5f05d833e6c", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fvbommel/sortorder", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-containerregistry", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/chai2010/gettext-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cast", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.14.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/hashicorp/hcl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20240711033017-18e509b52bc8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.90.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.2.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/blackmagic", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/russross/blackfriday/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.10.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/rivo/uniseg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel) (git, commit 9edcffcde5595e8a5b1a35f88c421764e575afce, built at 2024-08-13T07:28:48Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fatih/camelcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stretchr/testify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.8.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/statsd_exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cli-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/Masterminds/semver/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.starlark.net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230525235612-a134d8f9ddca", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/mcs-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cloud.google.com/go/compute/metadata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230327201221-f5883ff37f0c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "istio.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.18.1-0.20230713061908-17d95fabac25", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/shlex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20191202100458-e7afc7fbc510", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.27.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/square/go-jose.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/monochromegane/go-gitignore", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20200626010858-205db1a8cc00", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230313181309-38a27ef9d749", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/envoyproxy/go-control-plane", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.11.1-0.20230416233444-7f2a3030ef40", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/matttproud/golang_protobuf_extensions", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.19.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/googleapis/enterprise-certificate-proxy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-errors/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.4.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lestrrat-go/option", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "helm.sh/helm/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v4.2.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opencensus.io", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.24.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.21.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.117.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/moby/spdystream", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/gateway-api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.5.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/lithammer/dedent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230410155749-daa745c078e1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.19.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cncf/xds/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20230310173818-32f1caf87195", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pelletier/go-toml/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v2.0.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mxk/go-flowrate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.0.0-20140419014527-cca7078d478f", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.22.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logfmt/logfmt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:7a15f2f9853e6a90370e4718dfb47a92b3f03ac29920d8e8ea75b6fe8f77de1c", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/MakeNowJust/heredoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d009cb02adfabeb789ee7370f6b509669ca6d501de74ced8cc5562fe4c8d26b9", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-quay-cve.txt
index 71bb585886..d349d689cf 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:d9158297a3a5c8bf1fa7ba76975a83b5d27f159b409ad25bdedfd2a97e5765a6", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gopacket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.19", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.2.38-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.68.4-16.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ea068e1223990bbae9880304550b7edf353a4027f10a0ac29fd2accd5ace890b", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6789838c5a97250fef39fd00fd5a23fd25009be3b7ce3711c85bbd278ffc2700", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:d9158297a3a5c8bf1fa7ba76975a83b5d27f159b409ad25bdedfd2a97e5765a6", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:ea068e1223990bbae9880304550b7edf353a4027f10a0ac29fd2accd5ace890b", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gopacket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.19", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.2.38-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.68.4-16.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6789838c5a97250fef39fd00fd5a23fd25009be3b7ce3711c85bbd278ffc2700", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:1ce5c5020d0bc63e26dfc6b02a5ce83827d8bacef7c74c13831d79adeb05d227", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-quay-cve.txt
index 1ab1e0acca..5ab10e47fb 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:efaf9031ff2980c96b8c8469d1373d36e6d141976696632ee6595afb3662d340", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6789838c5a97250fef39fd00fd5a23fd25009be3b7ce3711c85bbd278ffc2700", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.68.4-16.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.2.38-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:efaf9031ff2980c96b8c8469d1373d36e6d141976696632ee6595afb3662d340", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nmstate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.2.38-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ipcalc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/pcidb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6789838c5a97250fef39fd00fd5a23fd25009be3b7ce3711c85bbd278ffc2700", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/jaypipes/ghw", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/hub", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ghodss/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriov-network-device-plugin", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20230509124106-8ec9db3cbd23", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmaxminddb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.2-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "jq", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.6-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.68.4-16.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/otel/sdk/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/tatsushid/go-fastping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20160109021039-d7bb493dee3e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "oniguruma", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.9.6-1.el9.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/natefinch/pie", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20170715172608-9a0d72014007", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iputils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20210202-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.1-beta.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/sriovnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.1-0.20230427090635-4929697df2dc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "geolite2-city", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "geolite2-country", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "20191217-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/rpc2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20200203073230-5ce2854ce0fd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/ovn-org/libovsdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20210422150337-f29ae9b43ea5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/afero", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/govdpa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.1.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mitchellh/go-homedir", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dhcp-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "12:4.4.2-19.b1.el9", "BaseScores": [7.5, 7.5], "CVEIds": ["CVE-2024-1737", "CVE-2024-1975", "CVE-2024-3661", "CVE-2024-4076"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4076 https://bugzilla.redhat.com/show_bug.cgi?id=2298904 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server.", "Name": "CVE-2024-4076", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1975 https://bugzilla.redhat.com/show_bug.cgi?id=2298901 https://www.cve.org/CVERecord?id=CVE-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1975.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a \"KEY\" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a \"KEY\" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG(0) signed requests. This issue can lead to a denial of service.", "Name": "CVE-2024-1975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-1737 https://bugzilla.redhat.com/show_bug.cgi?id=2298893 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1737.json", "FixedBy": "", "Description": "A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This vulnerability may lead to a denial of service.", "Name": "CVE-2024-1737", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3661 https://bugzilla.redhat.com/show_bug.cgi?id=2320141 https://www.cve.org/CVERecord?id=CVE-2024-3661 https://nvd.nist.gov/vuln/detail/CVE-2024-3661 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://my.f5.com/manage/s/article/K000139553 https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://security.paloaltonetworks.com/CVE-2024-3661 https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3661.json", "FixedBy": "", "Description": "A flaw was found in DHCP. DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN.", "Name": "CVE-2024-3661", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:21204a86f89bd2e272bebfa0bbb84733ce1f0508b27674b999f984e21a38e378", "Version": "1.2.6-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.45.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:169fbf2adc2938d521959d57a88240db7a704f69dec27ee8793d28d8c2f37f24", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:592881763b002776b1a3f71e7cac154b461fba8effcacbff44b2d067a42b80fb", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-quay-cve.txt
index 3aba407d7d..0f5da4d708 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:f016657a549b679c18c9cc971a5828e95f89e05861a3145e1eb4ba4f47c61111", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:4.14-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.33-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.16-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.17-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.22.4-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:2.52-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "command-line-arguments", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:91efaaf3bdc01c3fa79a606a75f9c1d3b3a11d72262bbe409a0ee7d098ad6b03", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:1.07-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.38-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:3.21-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:0.238-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-SelectSaver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-AutoLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.74-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.58-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.18-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:1.56-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-FileHandle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.74-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.073-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-if", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.60.800-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-overload", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.31-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:2.01-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.27-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:3.42-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2013.0523-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Fcntl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.13-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.92-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:0.17029-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.30-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.50-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "20200520-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-subs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfido2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-POSIX", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.94-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-overloading", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Class-Struct", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.66-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Std", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.12-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.30-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-vars", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.05-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "perl-File-Find", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.37-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-stat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.09-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-NDBM_File", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.15-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.076-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Symbol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.08-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2:1.300-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.1-38.20210216cvs.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:3.08-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:2.031-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.41-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:0.231.100-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-DynaLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.47-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:91efaaf3bdc01c3fa79a606a75f9c1d3b3a11d72262bbe409a0ee7d098ad6b03", "Version": "go1.16.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/cl/333191 https://go.googlesource.com/go/+/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e https://groups.google.com/g/golang-announce/c/uHACNfXAZqk https://go.dev/issue/46866", "FixedBy": "1.16.7", "Description": "Panic in ReverseProxy in net/http/httputil", "Name": "GO-2021-0245", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcbor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.7.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.28.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "590-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:27.2-10.el9_4", "BaseScores": [5.5], "CVEIds": ["CVE-2017-1000383", "CVE-2024-30203", "CVE-2024-30204", "CVE-2024-30205"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30205.json", "FixedBy": "", "Description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "Name": "CVE-2024-30205", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30203.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30203", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://access.redhat.com/security/data/csaf/v2/vex/2017/cve-2017-1000383.json", "FixedBy": "", "Description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "Name": "CVE-2017-1000383", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.174-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.78-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.43-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-IPC-Open3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.21-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-B", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.80-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.09-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-File-Basename", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.85-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.65-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-mro", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.23-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:f016657a549b679c18c9cc971a5828e95f89e05861a3145e1eb4ba4f47c61111", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Fcntl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.13-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-PathTools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.78-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Find", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.37-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-parent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:0.238-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Mozilla-CA", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "20200520-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "groff-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.22.4-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Path", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.18-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/rpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.0.0-20230305170008-8188dc5388df", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v5.9.0+incompatible", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh-clients", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "perl-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.27-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-mro", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.23-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.19.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/cloud-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/metric", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcbor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.7.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "k8s.io/kms", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Usage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:2.01-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/opencontainers/go-digest", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-constant", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.33-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO-Socket-SSL", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.073-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "google.golang.org/grpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.61.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-ANSIColor", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/controller-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-HTTP-Tiny", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.076-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gorilla/websocket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.5.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:0.17029-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/cel-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.17.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.47.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/api/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-overloading", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/genproto/googleapis/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240125205218-1f4bbc51befe", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/felixge/httpsnoop", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "less", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "590-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sync", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/yl2chen/cidranger", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/stoewer/go-strcase", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.etcd.io/etcd/client/pkg/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.5.11", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/trace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "emacs-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:27.2-10.el9_4", "BaseScores": [5.5], "CVEIds": ["CVE-2017-1000383", "CVE-2024-30203", "CVE-2024-30204", "CVE-2024-30205"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30205.json", "FixedBy": "", "Description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "Name": "CVE-2024-30205", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30204.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30204", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-30203.json", "FixedBy": "", "Description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "Name": "CVE-2024-30203", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://access.redhat.com/security/data/csaf/v2/vex/2017/cve-2017-1000383.json", "FixedBy": "", "Description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "Name": "CVE-2017-1000383", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 5.5}}}}]}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/NYTimes/gziphandler", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libfido2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/distribution/reference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Class-Struct", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.66-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd/v22", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v22.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubernetes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.30.2", "BaseScores": [], "CVEIds": ["CVE-2024-5321"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "osv/go", "Link": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/issues/126161 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs", "Name": "GHSA-82m2-cv7p-4m75", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://github.com/advisories/GHSA-82m2-cv7p-4m75 https://nvd.nist.gov/vuln/detail/CVE-2024-5321 https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 https://github.com/kubernetes/kubernetes/issues/126161 https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0", "FixedBy": "1.30.3", "Description": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", "Name": "GO-2024-2994", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Encode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:3.08-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Term-Cap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.17-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-POSIX", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.94-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-subs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Exporter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.74-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/crypto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "command-line-arguments", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:91efaaf3bdc01c3fa79a606a75f9c1d3b3a11d72262bbe409a0ee7d098ad6b03", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-TermReadKey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.38-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "k8s.io/component-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Temp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:0.231.100-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.29.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "git-core-doc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/asaskevich/govalidator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20230301143203-a9d515a09cc2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Net-SSLeay", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.92-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:91efaaf3bdc01c3fa79a606a75f9c1d3b3a11d72262bbe409a0ee7d098ad6b03", "Version": "go1.16.6", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/cl/333191 https://go.googlesource.com/go/+/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e https://groups.google.com/g/golang-announce/c/uHACNfXAZqk https://go.dev/issue/46866", "FixedBy": "1.16.7", "Description": "Panic in ReverseProxy in net/http/httputil", "Name": "GO-2021-0245", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubectl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Escapes", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:1.07-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-DynaLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.47-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/sdk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/proto/otlp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-vars", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.05-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Data-Dumper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.174-462.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-FileHandle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.03-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libedit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.1-38.20210216cvs.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Symbol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.08-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-AutoLoader", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.74-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Socket", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:2.031-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20220525160904-9e1acff93e4a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IO", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.43-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Storable", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:3.21-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Digest-MD5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.58-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "perl-Git", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.43.5-1.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Perldoc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.28.01-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/openshift/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20240125191952-1e2afa0f76cf", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Errno", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.30-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Pod-Simple", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:3.42-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-IPC-Open3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.21-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-Basename", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2.85-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.65-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssh", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "8.7p1-38.el9_4.4", "BaseScores": [5.3, 7.0], "CVEIds": ["CVE-2016-20012", "CVE-2023-51767"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://access.redhat.com/security/data/csaf/v2/vex/2016/cve-2016-20012.json", "FixedBy": "", "Description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "Name": "CVE-2016-20012", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "FixedBy": "", "Description": "An authentication bypass vulnerability was found in OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit.", "Name": "CVE-2023-51767", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.0}}}}]}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "perl-Time-Local", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2:1.300-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-libnet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/cobra", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.8.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/component-helpers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Long", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:2.52-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "perl-SelectSaver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.02-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-URI", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "5.09-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-Tabs+Wrap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "2013.0523-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-overload", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.31-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-NDBM_File", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.15-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kubelet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Getopt-Std", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.12-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Text-ParseWords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.30-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.22.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-podlators", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1:4.14-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-Carp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.50-460.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/sirupsen/logrus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-interpreter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:5.32.1-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "github.com/cenkalti/backoff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-IO-Socket-IP", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.41-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-semver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/natefinch/lumberjack.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v2.2.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/stdr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.2.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-File-stat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.09-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/blang/semver/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v4.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-if", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "0.60.800-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "perl-B", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "1.80-481.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "perl-MIME-Base64", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "3.16-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "perl-Scalar-List-Utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:55b1876fb3d5872765995bb61945b60b38ceca59fd86053566f69e6c29dce6c8", "Version": "4:1.56-461.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:3855e1089ef85deae346fe9a53a80b7e350a8d90b273e30605ab4231a31e74d1", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-quay-cve.txt
index 93b86723b5..74d076f0df 100644
--- a/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:dc15ac21c28e30d1bc9827d8faaa475f066ca653040e8bae83e057d58676b3d7", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:dc15ac21c28e30d1bc9827d8faaa475f066ca653040e8bae83e057d58676b3d7", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/emicklei/go-restful/v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v3.11.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apiextensions-apiserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "github.com/go-openapi/swag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.22.9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20240102154912-e7106e64919e", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mailru/easyjson", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.7.7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/client-go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/klog/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.120.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "sigs.k8s.io/yaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dario.cat/mergo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.3.16", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/go-openapi/jsonpointer", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "go.uber.org/multierr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.11.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/cespare/xxhash/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/gogo/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.3.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/spf13/pflag", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/term", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/go-cmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/prometheus/client_model", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/exp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20240119083558-1b970713d09a", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/zapr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.3.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/apimachinery", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "k8s.io/kube-openapi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20240228011516-70dd3763d340", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.5.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/josharian/intern", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-logr/logr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/golang/groupcache", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20210331224755-41bb18bfe9da", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/text", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.15.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/client_golang", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.18.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gomodules.xyz/jsonpatch/v2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v2.4.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/modern-go/reflect2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/yaml.v3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v3.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gnostic-models", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.6.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gopkg.in/inf.v0", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "go.uber.org/zap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.26.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/procfs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.12.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/modern-go/concurrent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/json-iterator/go", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.1.12", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/json", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20221116044647-bc3834ca7abd", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/beorn7/perks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.0.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "golang.org/x/net", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.23.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/fsnotify/fsnotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.7.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/davecgh/go-spew", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "google.golang.org/protobuf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.33.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/prometheus/common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.46.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/gofuzz", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.2.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "github.com/pkg/errors", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "k8s.io/api", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.30.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sigs.k8s.io/controller-runtime", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.18.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/google/uuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.6.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sigs.k8s.io/structured-merge-diff/v4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v4.4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/oauth2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.16.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/go-openapi/jsonreference", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.20.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/evanphx/json-patch/v5", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v5.9.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/k8snetworkplumbingwg/network-attachment-definition-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v1.1.1-0.20201119153432-9d213757d22d", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/munnerz/goautoneg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8d2e3a711bc62849f21445db2292c1fd60f94dc22d3ec24cbc7af8be6211d9ce", "Version": "v0.0.0-20191010083416-a7dc8b61c822", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-cve-base.txt
index fe5da72dd3..78cf9a36a2 100644
--- a/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.5, 5.9], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-15.el9", "BaseScores": [7.4, 4.7, 5.5], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963", "CVE-2024-22365"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "FixedBy": "0:1.5.1-19.el9", "Description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "Name": "CVE-2024-22365", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.34-6.el9_1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.25.1-7.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "53.0.0-12.el9", "BaseScores": [], "CVEIds": ["CVE-2024-6345"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "FixedBy": "0:53.0.0-12.el9_4.1", "Description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "Name": "CVE-2024-6345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.26.5-3.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-37891"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "FixedBy": "0:1.26.5-5.el9_4.1", "Description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "Name": "CVE-2024-37891", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.3.0-11.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:1.2.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.2-11.1.el9_3", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "21.2.3-7.el9_3.1", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "6.2.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}]}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.5.0-1.el9", "BaseScores": [7.5, 9.8, 9.8, 7.5], "CVEIds": ["CVE-2023-52425", "CVE-2024-28757", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "Name": "CVE-2024-28757", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "FixedBy": "0:2.5.0-1.el9_3.1", "Description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "Name": "CVE-2023-52425", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "3.9.18-1.el9_3.1", "BaseScores": [7.5, 7.5, 5.9, 7.5], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2023-6597", "CVE-2024-0450", "CVE-2024-4032", "CVE-2024-6232", "CVE-2024-6923", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "FixedBy": "0:3.9.18-3.el9_4.3", "Description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "Name": "CVE-2024-4032", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "Name": "CVE-2023-6597", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "FixedBy": "0:3.9.18-3.el9_4.1", "Description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "Name": "CVE-2024-0450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "FixedBy": "0:3.9.18-3.el9_4.5", "Description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "Name": "CVE-2024-6923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "FixedBy": "0:3.9.18-3.el9_4.6", "Description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "Name": "CVE-2024-6232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.10-7.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2024-3651"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "FixedBy": "0:2.10-7.el9_4.1", "Description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "Name": "CVE-2024-3651", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.189-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:b04bff1abf63602d9822bc95ca7c13293e373593230a12b654ac16531240fbb6", "Version": "1.29.38-1.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-quay-cve.txt
index 182058ec33..fdae37cd6b 100644
--- a/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:75f6b076cc0a68b52cacc8c8f316379fe0222ed8f526434f46076ba378604c33", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20201117170446-d9b008d0a637", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20200728191858-db3c7e526aae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/godbus/dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20180201030542-885f9cc04c9c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-shellwords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v1.0.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20170904100407-a1d1b6c41b1c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "20210518-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20180511133405-39ca1b05acc7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/alexflint/go-filemutex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20171022225611-72bdc8eae2ae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "wget", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "1.21.1-8.el9_4", "BaseScores": [6.1], "CVEIds": ["CVE-2021-31879"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-31879.json", "FixedBy": "", "Description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "Name": "CVE-2021-31879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20190326074333-42ed695e3de8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/j-keck/arping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20160618110441-2cf9dc699c56", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "0.21.1-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v1.1.1-0.20201029203352-d40f9887b852", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "go1.15.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:75f6b076cc0a68b52cacc8c8f316379fe0222ed8f526434f46076ba378604c33", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.68.4-14.el9_4.1", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/coreos/go-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20180511133405-39ca1b05acc7", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.1.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-decorator", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/d2g/dhcp4client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v1.0.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-gobject-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "wget", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "1.21.1-8.el9_4", "BaseScores": [6.1], "CVEIds": ["CVE-2021-31879"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-31879.json", "FixedBy": "", "Description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "Name": "CVE-2021-31879", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "Score": 6.1}}}}]}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "go1.15.8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": [{"Severity": "Unknown", "NamespaceName": "osv/go", "Link": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "FixedBy": "1.20.0", "Description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "Name": "GO-2023-2375", "Metadata": {"UpdatedBy": "osv/go", "RepoName": "go", "RepoLink": "https://pkg.go.dev/", "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.8.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.3.0-2.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/j-keck/arping", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20160618110441-2cf9dc699c56", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4.1-3.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "github.com/containernetworking/plugins", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2:1.34-6.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-subscription-manager-rhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dmidecode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "which", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.21-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.2.2-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-requests", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.25.1-8.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35195"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json", "FixedBy": "", "Description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "Name": "CVE-2024-35195", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "golang.org/x/sys", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20201117170446-d9b008d0a637", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "virt-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.25-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1:3.0.7-28.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "github.com/d2g/dhcp4", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20170904100407-a1d1b6c41b1c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.5.1-19.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.34-100.el9_4.4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netns", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20200728191858-db3c7e526aae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "findutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:4.8.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "9.3-1610", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-iniparse", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.4-45.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/safchain/ethtool", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20190326074333-42ed695e3de8", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "8.32-35.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpsl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "0.21.1-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-idna", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.10-7.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "subscription-manager-rhsm-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "20220623-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "7.76.1-29.el9_4.1", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.3.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-fips-provider", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.0.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gobject-base-noarch", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.40.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/coreos/go-iptables", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.5.0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "252-32.el9_4.7", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/godbus/dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20180201030542-885f9cc04c9c", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pysocks", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.7.1-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.43.0-5.el9_4.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "234-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "53.0.0-12.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.21.1-2.el9_4", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.14.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.190-2.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "publicsuffix-list-dafsa", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "20210518-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies-scripts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "20240202-1.git283706d.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-urllib3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.26.5-5.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-systemd-inhibit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-cloud-what", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "passwd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.80-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/mattn/go-shellwords", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v1.0.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuser", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.63-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/vishvananda/netlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v1.1.1-0.20201029203352-d40f9887b852", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "usermode", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.114-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "5.3.28-53.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.40-5.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "github.com/alexflint/go-filemutex", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:8236b8d4a0522b47067a658b790f233c331fbcb9c85dad1b7de22d526fc9f78e", "Version": "v0.0.0-20171022225611-72bdc8eae2ae", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.37.4-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "0.69.0-8.el9_4.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "3.9.18-3.el9_4.6", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2:4.9-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf-plugin-subscription-manager", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "1.29.40-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdb-gdbserver", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "10.2-13.el9", "BaseScores": [5.5, 5.5, 5.5], "CVEIds": ["CVE-2022-47007", "CVE-2022-47010", "CVE-2022-47011"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "FixedBy": "", "Description": "A memory leak was found in function  stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "Name": "CVE-2022-47007", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47010", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "FixedBy": "", "Description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "Name": "CVE-2022-47011", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-chardet", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "4.0.0-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "4.16.1.3-29.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "21.2.3-8.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:cc8d49605e96cac1ce35d7319698c5f11e2a1d97a01629bfc76241cbf491c0a6", "Version": "11.4.1-3.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-inotify", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:99a7ec374c4d4af5f9b9ad281068affa7961aad432aba4efc963785a5a350f8d", "Version": "0.9.6-25.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-cve-base.txt
index 8c4fc2b898..f1c9b9e765 100644
--- a/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-quay-cve.txt
index ce570545e7..7e9a258b88 100644
--- a/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/openvswitch/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:b2678dc1d35596e8ce5fff2c9cc322959be3ae691b54754d7e723d07d5d2fbfb", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "hostname", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.23-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "1.2.6-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "14:1.10.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.9.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "logrotate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.18.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tcpdump", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "14:4.99.0-9.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2397 https://bugzilla.redhat.com/show_bug.cgi?id=2274792 https://www.cve.org/CVERecord?id=CVE-2024-2397 https://nvd.nist.gov/vuln/detail/CVE-2024-2397 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2397.json", "FixedBy": "", "Description": "A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single user's execution of tcpdump.", "Name": "CVE-2024-2397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2:8.2.2637-21.el9", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnetfilter_queue", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cthelper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.0-22.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "conntrack-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.4.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "strace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "5.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ltrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "0.7.91-43.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.68.4-16.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libibverbs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "51.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cttimeout", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.0-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:b2678dc1d35596e8ce5fff2c9cc322959be3ae691b54754d7e723d07d5d2fbfb", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/containernetworking/cni", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "v1.1.2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "logrotate", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.18.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "./pkg/ipam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "(devel)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "3.8.3-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cttimeout", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.0-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "github.com/noironetworks/aci-containers", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "(devel) (git, commit ae1879969fd54999beb81413bcde6ff410a8a09e, built at 2024-11-08T10:50:22Z)", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "strace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "5.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "5.3.28-55.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "psmisc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "23.4-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libbpf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2:1.4.0-1.el9", "BaseScores": [6.5, 6.5, 5.5], "CVEIds": ["CVE-2021-45940", "CVE-2021-45941", "CVE-2022-3606"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45940 https://bugzilla.redhat.com/show_bug.cgi?id=2043383 https://www.cve.org/CVERecord?id=CVE-2021-45940 https://nvd.nist.gov/vuln/detail/CVE-2021-45940 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45940.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45940", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-45941 https://bugzilla.redhat.com/show_bug.cgi?id=2043387 https://www.cve.org/CVERecord?id=CVE-2021-45941 https://nvd.nist.gov/vuln/detail/CVE-2021-45941 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-45941.json", "FixedBy": "", "Description": "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory.", "Name": "CVE-2021-45941", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3606 https://bugzilla.redhat.com/show_bug.cgi?id=2155196 https://www.cve.org/CVERecord?id=CVE-2022-3606 https://nvd.nist.gov/vuln/detail/CVE-2022-3606 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3606.json", "FixedBy": "", "Description": "A flaw was found in libbpf. When there are no program sections, obj->programs is left unallocated, causing a NULL pointer dereference in the following access to prog->sec_idx in find_prog_by_sec_insn. A local user could use this flaw to cause a denial of service.", "Name": "CVE-2022-3606", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2024b-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "hostname", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.23-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libnftnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "1.2.6-4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.68.4-16.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libibverbs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "51.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "2.5.0-2.el9_4.1", "BaseScores": [], "CVEIds": ["CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ltrace", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "0.7.91-43.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "2024.2.69_v8.0.303-91.4.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.9.20-1.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "9.4-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tar", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2:1.34-7.el9", "BaseScores": [], "CVEIds": ["CVE-2023-39804"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-39804.json", "FixedBy": "", "Description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "Name": "CVE-2023-39804", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "kmod", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.3.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "1.0.4-16.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "2.1.12-8.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnl3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "3.9.0-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "stdlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:16c860c1497ff53626bfb48f57b467794f25acb3426d7f7d56efced96102bf38", "Version": "go1.22.5", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2:8.2.2637-21.el9", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "20240828-2.git626aa59.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1:3.2.2-6.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tcpdump", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "14:4.99.0-9.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2397 https://bugzilla.redhat.com/show_bug.cgi?id=2274792 https://www.cve.org/CVERecord?id=CVE-2024-2397 https://nvd.nist.gov/vuln/detail/CVE-2024-2397 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2397.json", "FixedBy": "", "Description": "A flaw was found in tcpdump. Trying to print content from a maliciously crafted .pcap file may lead to an infinite loop, resulting in a denial of service. This issue is considered low severity; for a successful attack to happen, a user must open a crafted file, and it will only crash a single user's execution of tcpdump.", "Name": "CVE-2024-2397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "14:1.10.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iptables-nft", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.8.10-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "2.9.13-6.el9_4", "BaseScores": [6.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "252-48.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libnetfilter_queue", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "2.34-133.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "conntrack-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.4.7-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "iproute", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:0e5020559b625b52007d9036662c32444ae6b84b5ee45908d28ef4f83d50b6ca", "Version": "6.2.0-6.el9_4", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d45d0d3609041a4533f4b53702458425571a254de1b1167258bc2e12b1fd2a61", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "4.14.0-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_cthelper", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "1.0.0-22.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6381d64950c902a93cd329939cdbb202787388c022290226258196ed5c30be73", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-debuginfod-client", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:d28bb2568eb815ffb748a1fa991bfa341666b6f1a1924c85ffad7e62d7104294", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-cve-base.txt b/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-cve-base.txt
index 8c4fc2b898..f1c9b9e765 100644
--- a/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-cve-base.txt
+++ b/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-cve-base.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:67c0ce89aa26291d6eaddca2395ecd9b61644d866bfef65579f3e01e02a63d0d", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.7-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.69.0-6.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.10.0-10.el9_2", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0.7-104.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.32-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.8-6.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.16-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.46.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.44-3.el9.3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.24.1-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.7.24-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:3.0.7-25.el9_3", "BaseScores": [5.5, 5.3, 5.3, 5.3, 5.3, 6.5], "CVEIds": ["CVE-2023-2975", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535", "CVE-2024-6119"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "Name": "CVE-2023-6237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "Name": "CVE-2023-2975", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "FixedBy": "1:3.0.7-28.el9_4", "Description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "Name": "CVE-2024-6119", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "FixedBy": "1:3.0.7-27.el9", "Description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "Name": "CVE-2023-6129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.6.3-1.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.21.1-1.el9", "BaseScores": [9.1, 7.5], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462", "CVE-2024-37370", "CVE-2024-37371"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37371", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 9.1}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "FixedBy": "0:1.21.1-2.el9_4", "Description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "Name": "CVE-2024-37370", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 7.5}}}}]}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.0.3-7.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023d-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.9.13-5.el9_3", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.7.6-23.el9_3.3", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "FixedBy": "0:3.7.6-23.el9_3.4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "5.39-14.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-48554"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "FixedBy": "0:5.39-16.el9", "Description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "Name": "CVE-2022-48554", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.14.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11.4.1-2.1.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37.4-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.34-83.el9_3.12", "BaseScores": [], "CVEIds": ["CVE-2024-2961", "CVE-2024-33599", "CVE-2024-33600", "CVE-2024-33601", "CVE-2024-33602"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "Name": "CVE-2024-33601", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "Name": "CVE-2024-33599", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "Name": "CVE-2024-33600", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "Name": "CVE-2024-33602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "FixedBy": "0:2.34-100.el9_4.2", "Description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "Name": "CVE-2024-2961", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.43.0-5.el9_3.1", "BaseScores": [], "CVEIds": ["CVE-2024-28182"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "FixedBy": "0:1.43.0-5.el9_4.3", "Description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "Name": "CVE-2024-28182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:1.19-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.14.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "7.76.1-26.el9_3.3", "BaseScores": [6.5], "CVEIds": ["CVE-2024-2398", "CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "FixedBy": "0:7.76.1-29.el9_4.1", "Description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "Name": "CVE-2024-2398", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "252-18.el9", "BaseScores": [5.9, 5.5], "CVEIds": ["CVE-2021-3997", "CVE-2023-7008"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "FixedBy": "0:252-32.el9_4", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Name": "CVE-2023-7008", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.68.4-11.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636", "CVE-2024-34397"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "FixedBy": "0:2.68.4-14.el9_4.1", "Description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "Name": "CVE-2024-34397", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.8-3.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.2.11-40.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2023.2.60_v7.0.306-90.1.el9_2", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.1.12-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "10.40-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "20230731-1.git94f0e2c.el9_3.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "4.16.1.3-27.el9_3", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "2.3.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:5015a3d6c28e865dd85dca405f7a873edca79c845ac510b798911f3295c4fc11", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}]}}}
diff --git a/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-quay-cve.txt b/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-quay-cve.txt
index 8f8358a540..2ef422ad0b 100644
--- a/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-quay-cve.txt
+++ b/docs/release_artifacts/6.1.2.1/z/opflex/6.1.2.1-quay-cve.txt
@@ -1 +1 @@
-{"status": "scanned", "data": {"Layer": {"Name": "sha256:bb717cdbf76433ac019a38a7bef5b76ccc5cca2e816f8d4177bbca501e0dce9c", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.42.0-2.el9", "BaseScores": [7.3], "CVEIds": ["CVE-2024-24806"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json https://access.redhat.com/errata/RHSA-2024:4756", "FixedBy": "1:1.42.0-2.el9_4", "Description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "Name": "CVE-2024-24806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-date-time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-plugin-selinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.1.12-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "selinux-policy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-program-options", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "20240822-1.gitbaf3e06.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "5.3.28-54.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "compat-openssl11", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.1.1k-4.el9_0", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.4, 7.5, 5.3, 7.5, 5.9, 9.8, 9.8, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0286 https://bugzilla.redhat.com/show_bug.cgi?id=2164440 https://www.cve.org/CVERecord?id=CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0286.json", "FixedBy": "", "Description": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", "Name": "CVE-2023-0286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4450 https://bugzilla.redhat.com/show_bug.cgi?id=2164494 https://www.cve.org/CVERecord?id=CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4450.json", "FixedBy": "", "Description": "A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", "Name": "CVE-2022-4450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2097 https://bugzilla.redhat.com/show_bug.cgi?id=2104905 https://www.cve.org/CVERecord?id=CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 https://www.openssl.org/news/secadv/20220705.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2097.json", "FixedBy": "", "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed.", "Name": "CVE-2022-2097", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0215 https://bugzilla.redhat.com/show_bug.cgi?id=2164492 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0215.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", "Name": "CVE-2023-0215", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4304 https://bugzilla.redhat.com/show_bug.cgi?id=2164487 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4304.json", "FixedBy": "", "Description": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", "Name": "CVE-2022-4304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1292 https://bugzilla.redhat.com/show_bug.cgi?id=2081494 https://www.cve.org/CVERecord?id=CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 https://www.openssl.org/news/secadv/20220503.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1292.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.", "Name": "CVE-2022-1292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2068 https://bugzilla.redhat.com/show_bug.cgi?id=2097310 https://www.cve.org/CVERecord?id=CVE-2022-2068 https://nvd.nist.gov/vuln/detail/CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2068.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.", "Name": "CVE-2022-2068", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "selinux-policy-targeted", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-system", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.9.13-6.el9", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2024.2.69_v8.0.303-91.4.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "boost-iostreams", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.8.3-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "2.5.0-2.el9_4", "BaseScores": [9.8, 9.8, 7.5], "CVEIds": ["CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}]}}}
+{"status": "scanned", "data": {"Layer": {"Name": "sha256:bb717cdbf76433ac019a38a7bef5b76ccc5cca2e816f8d4177bbca501e0dce9c", "ParentName": "", "NamespaceName": "", "IndexedByVersion": 4, "Features": [{"Name": "cracklib-dicts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.42.0-2.el9", "BaseScores": [7.3], "CVEIds": ["CVE-2024-24806"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json https://access.redhat.com/errata/RHSA-2024:4756", "FixedBy": "1:1.42.0-2.el9_4", "Description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "Name": "CVE-2024-24806", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "Score": 7.3}}}}]}, {"Name": "libsigsegv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-program-options", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libfdisk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bash", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "5.1.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcap-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.8.2-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-setuptools-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "53.0.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-broker", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "28-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "npth", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "elfutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "librepo", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.14.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "selinux-policy", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lz4-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.9.3-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmodulemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.13.0-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ima-evm-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.5-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "cyrus-sasl-lib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.1.27-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsmartcols", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-font-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcurl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "libxml2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.9.13-6.el9", "BaseScores": [6.5, 7.5], "CVEIds": ["CVE-2023-45322", "CVE-2024-25062", "CVE-2024-34459"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "FixedBy": "", "Description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "Name": "CVE-2024-34459", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-45322.json", "FixedBy": "", "Description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "Name": "CVE-2023-45322", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "FixedBy": "0:2.9.13-6.el9_4", "Description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "Name": "CVE-2024-25062", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libattr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf-plugins-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "fonts-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:2.0.5-7.el9.1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-core-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libevent", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.1.12-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "compat-openssl11", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.1.1k-4.el9_0", "BaseScores": [5.5, 5.3, 5.3, 5.3, 6.5, 7.4, 7.5, 5.3, 7.5, 5.9, 9.8, 9.8, 7.5, 5.3, 5.3], "CVEIds": ["CVE-2022-1292", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-4304", "CVE-2022-4450", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-2650", "CVE-2023-3446", "CVE-2023-3817", "CVE-2023-5678", "CVE-2024-0727", "CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "Name": "CVE-2024-0727", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json", "FixedBy": "", "Description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "Name": "CVE-2023-3446", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "Name": "CVE-2023-5678", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2650.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "Name": "CVE-2023-2650", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0286 https://bugzilla.redhat.com/show_bug.cgi?id=2164440 https://www.cve.org/CVERecord?id=CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0286.json", "FixedBy": "", "Description": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", "Name": "CVE-2023-0286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4450 https://bugzilla.redhat.com/show_bug.cgi?id=2164494 https://www.cve.org/CVERecord?id=CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4450.json", "FixedBy": "", "Description": "A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", "Name": "CVE-2022-4450", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2097 https://bugzilla.redhat.com/show_bug.cgi?id=2104905 https://www.cve.org/CVERecord?id=CVE-2022-2097 https://nvd.nist.gov/vuln/detail/CVE-2022-2097 https://www.openssl.org/news/secadv/20220705.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2097.json", "FixedBy": "", "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed.", "Name": "CVE-2022-2097", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "Score": 5.3}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0215 https://bugzilla.redhat.com/show_bug.cgi?id=2164492 https://www.cve.org/CVERecord?id=CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0215.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", "Name": "CVE-2023-0215", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4304 https://bugzilla.redhat.com/show_bug.cgi?id=2164487 https://www.cve.org/CVERecord?id=CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 https://www.openssl.org/news/secadv/20230207.txt https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4304.json", "FixedBy": "", "Description": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", "Name": "CVE-2022-4304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1292 https://bugzilla.redhat.com/show_bug.cgi?id=2081494 https://www.cve.org/CVERecord?id=CVE-2022-1292 https://nvd.nist.gov/vuln/detail/CVE-2022-1292 https://www.openssl.org/news/secadv/20220503.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1292.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.", "Name": "CVE-2022-1292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2068 https://bugzilla.redhat.com/show_bug.cgi?id=2097310 https://www.cve.org/CVERecord?id=CVE-2022-2068 https://nvd.nist.gov/vuln/detail/CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2068.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.", "Name": "CVE-2022-2068", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "FixedBy": "", "Description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0464", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "Name": "CVE-2023-0466", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "Name": "CVE-2023-0465", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "Score": 5.3}}}}]}, {"Name": "ca-certificates", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2024.2.69_v8.0.303-91.4.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2023-37920"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "FixedBy": "0:2024.2.69_v8.0.303-91.4.el9_4", "Description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "Name": "CVE-2023-37920", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "rpm-plugin-selinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "file-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "5.39-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsolv", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.7.24-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dateutil", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1:2.8.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9/ubi-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-gpg", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sed", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.8-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "redhat-release", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-0.5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmount", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libpeas", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.30.0-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "elfutils-default-yama-scope", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libusbx", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.26-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnfnetlink", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.0.1-21.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-hawkey", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnutls", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.8.3-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-28834", "CVE-2024-28835"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Name": "CVE-2024-28834", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "FixedBy": "0:3.8.3-4.el9_4", "Description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "Name": "CVE-2024-28835", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1.2.18-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "popt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.18-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "p11-kit-trust", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.25.3-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libverto", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.3.2-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "selinux-policy-targeted", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "38.1.44-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libxcrypt-compat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "4.4.18-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dbus", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-glib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "json-c", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.14-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openldap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.6.6-3.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-2953"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "FixedBy": "", "Description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "Name": "CVE-2023-2953", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "gzip", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.12-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libassuan", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.5.5-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libgcrypt", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.10.0-11.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2236"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "FixedBy": "", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Name": "CVE-2024-2236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-base", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "libpwquality", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.4.4-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "acl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libutempter", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.2.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnetfilter_conntrack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.0.9-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.69.0-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dnf-data", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "yum-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "net-tools", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.0-0.64.20160912git.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libtasn1", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.16.0-8.el9_1", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libzstd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.5.1-2.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-4899"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "FixedBy": "", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Name": "CVE-2022-4899", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libarchive", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.5.3-4.el9", "BaseScores": [5.3, 7.8, 7.8], "CVEIds": ["CVE-2023-30571", "CVE-2024-48957", "CVE-2024-48958"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "FixedBy": "", "Description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "Name": "CVE-2023-30571", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "Score": 5.3}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48957 https://bugzilla.redhat.com/show_bug.cgi?id=2317729 https://www.cve.org/CVERecord?id=CVE-2024-48957 https://nvd.nist.gov/vuln/detail/CVE-2024-48957 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2149 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48957.json", "FixedBy": "", "Description": "A flaw was found in Libarchive's archive_read_support_format_rar.c component. This vulnerability allows out-of-bounds access via a crafted archive file because the src pointer can move beyond the dst buffer.", "Name": "CVE-2024-48957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-48958 https://bugzilla.redhat.com/show_bug.cgi?id=2317728 https://www.cve.org/CVERecord?id=CVE-2024-48958 https://nvd.nist.gov/vuln/detail/CVE-2024-48958 https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5 https://github.com/libarchive/libarchive/pull/2148 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-48958.json", "FixedBy": "", "Description": "A flaw was found in the libarchive library. An out-of-bounds access in the execute_filter_delta function in the libarchive/archive_read_support_format_rar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked to the library to crash, resulting in denial of service.", "Name": "CVE-2024-48958", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}]}, {"Name": "libsepol", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "3.6-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gmp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1:6.2.0-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "audit-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.1.5-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "bzip2-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.0.8-8.el9", "BaseScores": [9.8], "CVEIds": ["CVE-2019-12900"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=1724459 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json", "FixedBy": "", "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "Name": "CVE-2019-12900", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}]}, {"Name": "pcre2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "dbus-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:1.12.20-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "alternatives", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.24-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "procps-ng", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.3.17-14.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "rpm-build-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glib2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.68.4-15.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2023-32636"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-32636.json", "FixedBy": "", "Description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "Name": "CVE-2023-32636", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "openssl-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "glibc-minimal-langpack", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "readline", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "krb5-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.21.1-3.el9", "BaseScores": [], "CVEIds": ["CVE-2024-26458", "CVE-2024-26461", "CVE-2024-26462"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26462.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26462", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26458.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-26461.json", "FixedBy": "", "Description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "Name": "CVE-2024-26461", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "systemd-pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gdbm-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1:1.23-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-six", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "1.15.0-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "shadow-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2:4.9-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "grep", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.6-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-iostreams", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "crypto-policies", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "20240822-1.gitbaf3e06.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "cracklib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.9.6-27.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "kmod-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "28-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "nettle", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.1-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "expat", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "2.5.0-2.el9_4", "BaseScores": [9.8, 9.8, 7.5], "CVEIds": ["CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492", "CVE-2024-50602"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json", "FixedBy": "", "Description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "Name": "CVE-2024-50602", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45492", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "Name": "CVE-2024-45491", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "FixedBy": "0:2.5.0-2.el9_4.1", "Description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "Name": "CVE-2024-45490", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "libcap", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.48-9.el9_2", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libeconf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "0.4.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gobject-introspection", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.68.0-11.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "setup", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.13.7-10.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "diffutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.7-12.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux-core", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "xz-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.2.5-8.el9_0", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tzdata", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2024a-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libreport-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.15.2-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "tpm2-tss", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.2.3-1.el9", "BaseScores": [], "CVEIds": ["CVE-2024-29040"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-29040.json", "FixedBy": "", "Description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "Name": "CVE-2024-29040", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libstdc++", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "11.5.0-2.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2022-27943"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-27943.json", "FixedBy": "", "Description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "Name": "CVE-2022-27943", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "gawk", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.1.0-6.el9", "BaseScores": [7.1], "CVEIds": ["CVE-2023-4156"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4156.json", "FixedBy": "", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Name": "CVE-2023-4156", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "python-unversioned-command", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "ncurses-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "6.2-10.20210508.el9", "BaseScores": [6.5, 7.1], "CVEIds": ["CVE-2022-29458", "CVE-2023-45918", "CVE-2023-50495"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "FixedBy": "", "Description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "Name": "CVE-2023-45918", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-50495.json", "FixedBy": "", "Description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "Name": "CVE-2023-50495", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-29458.json", "FixedBy": "", "Description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "Name": "CVE-2022-29458", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}]}, {"Name": "pcre2-syntax", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "10.40-6.el9", "BaseScores": [7.5], "CVEIds": ["CVE-2022-41409"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "FixedBy": "", "Description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "Name": "CVE-2022-41409", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}]}, {"Name": "librhsm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.0.3-9.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libsemanage", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "basesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "11-13.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libselinux-utils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.6-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "pam", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.5.1-20.el9", "BaseScores": [7.4, 4.7], "CVEIds": ["CVE-2024-10041", "CVE-2024-10963"], "Vulnerabilities": [{"Severity": "High", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json", "FixedBy": "", "Description": "A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.", "Name": "CVE-2024-10963", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "Score": 7.4}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json", "FixedBy": "", "Description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "Name": "CVE-2024-10041", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "Score": 4.7}}}}]}, {"Name": "elfutils-libelf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "0.191-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-25260"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-25260.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "Name": "CVE-2024-25260", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libgpg-error", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.42-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-common", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libmnl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.0.4-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libcom_err", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.46.5-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libcomps", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:72cfab7ee233b94e50df4eac012e3c4eb8794ccea14ca5e212c0793fae8d7157", "Version": "0.1.18-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "sqlite-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.34.1-7.el9_3", "BaseScores": [5.5], "CVEIds": ["CVE-2023-36191", "CVE-2024-0232"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "FixedBy": "", "Description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "Name": "CVE-2023-36191", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-0232.json", "FixedBy": "", "Description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "Name": "CVE-2024-0232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "microdnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.9.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "zlib", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.2.11-41.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "coreutils-single", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "8.32-36.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-rpm", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "curl-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "7.76.1-31.el9", "BaseScores": [6.5], "CVEIds": ["CVE-2024-7264"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "FixedBy": "", "Description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "Name": "CVE-2024-7264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 6.5}}}}]}, {"Name": "policycoreutils", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "3.6-2.1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libffi", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.4.2-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "attr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.5.1-3.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-rpm-macros", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "rootfiles", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "8.1-31.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.9.19-8.el9", "BaseScores": [7.5, 7.5, 5.9], "CVEIds": ["CVE-2021-23336", "CVE-2023-36632", "CVE-2024-7592", "CVE-2024-8088"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-36632 https://bugzilla.redhat.com/show_bug.cgi?id=2217338 https://www.cve.org/CVERecord?id=CVE-2023-36632 https://nvd.nist.gov/vuln/detail/CVE-2023-36632 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-36632.json", "FixedBy": "", "Description": "A vulnerability was found in Python. This issue occurs in the legacy email.utils.parseaddr function in Python that allows attackers to trigger a \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address.", "Name": "CVE-2023-36632", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "FixedBy": "", "Description": "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", "Name": "CVE-2024-7592", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-23336.json", "FixedBy": "", "Description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "Name": "CVE-2021-23336", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "Score": 5.9}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json", "FixedBy": "", "Description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "Name": "CVE-2024-8088", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "rpm-sign-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.16.1.3-34.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "python3-pip-wheel", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "21.3.1-1.el9", "BaseScores": [5.7], "CVEIds": ["CVE-2021-3572"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3572.json", "FixedBy": "", "Description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "Name": "CVE-2021-3572", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "Score": 5.7}}}}]}, {"Name": "libidn2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libuuid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "dejavu-sans-fonts", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.37-18.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "glibc-langpack-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.34-120.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-system", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "openssl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1:3.2.2-4.el9", "BaseScores": [], "CVEIds": ["CVE-2024-2511", "CVE-2024-41996", "CVE-2024-4603", "CVE-2024-4741", "CVE-2024-5535"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "Name": "CVE-2024-2511", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "FixedBy": "", "Description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "Name": "CVE-2024-41996", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "Name": "CVE-2024-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "Name": "CVE-2024-4741", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json", "FixedBy": "", "Description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "Name": "CVE-2024-4603", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libyaml", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.2.5-7.el9", "BaseScores": [], "CVEIds": ["CVE-2024-35325"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-35325 https://bugzilla.redhat.com/show_bug.cgi?id=2292350 https://www.cve.org/CVERecord?id=CVE-2024-35325 https://nvd.nist.gov/vuln/detail/CVE-2024-35325 https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35325.json", "FixedBy": "", "Description": "A vulnerability was found in libyaml in versions up to 0.2.5. This issue affects the yaml_event_delete function in the /src/libyaml/src/api.c. file, leading to a double-free problem.", "Name": "CVE-2024-35325", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "libacl", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.3.1-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libdb", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "5.3.28-54.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gpgme", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.15.1-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libnghttp2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.43.0-6.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "util-linux", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "keyutils-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "1.6.3-1.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "langpacks-en", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "3.0-16.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libksba", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "1.5.1-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "gnupg2", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "2.3.3-4.el9", "BaseScores": [3.3], "CVEIds": ["CVE-2022-3219"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3219.json", "FixedBy": "", "Description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "Name": "CVE-2022-3219", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "Score": 3.3}}}}]}, {"Name": "pcre", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "8.44-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "lua-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "5.4.4-4.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libunistring", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "0.9.10-15.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "ubi9-minimal-container", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "9.3-1612", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "filesystem", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "3.16-5.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "systemd-libs", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "252-45.el9", "BaseScores": [5.5], "CVEIds": ["CVE-2021-3997"], "Vulnerabilities": [{"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3997.json", "FixedBy": "", "Description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "Name": "CVE-2021-3997", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}]}, {"Name": "dnf", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "4.14.0-17.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "vim-minimal", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2:8.2.2637-20.el9_1", "BaseScores": [7.8, 7.8, 5.5, 6.6, 4.3, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 5.5, 7.8, 7.8, 5.5, 7.8, 5.3, 7.8, 7.8, 5.5, 7.8, 7.8, 6.6, 4.7, 7.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 7.1, 8.0, 7.8, 7.8, 7.8, 7.8, 7.8, 7.5, 4.3, 7.8, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 6.6, 7.8, 7.8, 4.3, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 4.3, 7.8, 7.8, 7.8, 7.1, 7.8, 7.8, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 5.5, 7.8, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 7.8, 4.3, 5.5, 5.5, 7.8, 7.8, 7.8, 7.8, 9.8, 7.8, 7.8, 7.8, 7.8, 7.5, 7.8, 7.8, 7.8, 7.8, 4.2], "CVEIds": ["CVE-2020-20703", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-4136", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2022-0213", "CVE-2022-0351", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1674", "CVE-2022-1720", "CVE-2022-1725", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2257", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-2522", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2946", "CVE-2022-2980", "CVE-2022-2982", "CVE-2022-3016", "CVE-2022-3037", "CVE-2022-3099", "CVE-2022-3134", "CVE-2022-3153", "CVE-2022-3234", "CVE-2022-3235", "CVE-2022-3256", "CVE-2022-3278", "CVE-2022-3296", "CVE-2022-3297", "CVE-2022-3324", "CVE-2022-3352", "CVE-2022-3705", "CVE-2022-4141", "CVE-2022-4292", "CVE-2022-4293", "CVE-2023-0049", "CVE-2023-0051", "CVE-2023-0054", "CVE-2023-0288", "CVE-2023-0433", "CVE-2023-0512", "CVE-2023-1127", "CVE-2023-1170", "CVE-2023-1175", "CVE-2023-1264", "CVE-2023-2609", "CVE-2023-2610", "CVE-2023-46246", "CVE-2023-4733", "CVE-2023-4734", "CVE-2023-4735", "CVE-2023-4738", "CVE-2023-4750", "CVE-2023-4751", "CVE-2023-4752", "CVE-2023-4781", "CVE-2023-48231", "CVE-2023-48232", "CVE-2023-48233", "CVE-2023-48234", "CVE-2023-48235", "CVE-2023-48236", "CVE-2023-48237", "CVE-2023-48706", "CVE-2023-5344", "CVE-2023-5441", "CVE-2023-5535", "CVE-2024-22667", "CVE-2024-41957", "CVE-2024-41965", "CVE-2024-43374", "CVE-2024-43790", "CVE-2024-43802", "CVE-2024-45306", "CVE-2024-47814"], "Vulnerabilities": [{"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://access.redhat.com/security/data/csaf/v2/vex/2024/cve-2024-22667.json", "FixedBy": "", "Description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "Name": "CVE-2024-22667", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2206.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2206", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1264.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1264", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1175.json", "FixedBy": "", "Description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "Name": "CVE-2023-1175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48232.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "Name": "CVE-2023-48232", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2207.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2207", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2819.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-2819", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48237.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48237", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1127.json", "FixedBy": "", "Description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "Name": "CVE-2023-1127", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2610.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "Name": "CVE-2023-2610", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3324.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3324", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5441.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2023-5441", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3928.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3928", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2345.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2345", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-46246.json", "FixedBy": "", "Description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n", "Name": "CVE-2023-46246", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2125.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2125", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "FixedBy": "", "Description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "Name": "CVE-2024-41957", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Score": 5.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4733 https://bugzilla.redhat.com/show_bug.cgi?id=2237315 https://www.cve.org/CVERecord?id=CVE-2023-4733 https://nvd.nist.gov/vuln/detail/CVE-2023-4733 https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4733.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the buflist_altfpos function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4733", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2522.json", "FixedBy": "", "Description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2522", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3153.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "Name": "CVE-2022-3153", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4136.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4136", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4173.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4173", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "FixedBy": "", "Description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "Name": "CVE-2024-43802", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0213.json", "FixedBy": "", "Description": "A flaw was found in vim.  The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0213", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Medium", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43790 https://bugzilla.redhat.com/show_bug.cgi?id=2307454 https://www.cve.org/CVERecord?id=CVE-2024-43790 https://nvd.nist.gov/vuln/detail/CVE-2024-43790 https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43790.json", "FixedBy": "", "Description": "A vulnerability was found in the VIM package. When performing a search and displaying the search count message is disabled, the search pattern is shown at the bottom of the screen, and this text is stored in an internal buffer. The search pattern is reversed when using the right-left search mode, and a new internal buffer will be created. If the original search pattern contains NULL characters, the newly allocated buffer will be smaller than the required size, leading to a head-based out-of-bounds read. This flaw allows an attacker to trick the user into running the malicious search pattern and execute all the steps required to cause the out-of-bounds read.", "Name": "CVE-2024-43790", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48706.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48706", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 4.7}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "Name": "CVE-2024-43374", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5344.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-5344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "FixedBy": "", "Description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "Name": "CVE-2024-45306", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4735.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "Name": "CVE-2023-4735", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-0351.json", "FixedBy": "", "Description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "Name": "CVE-2022-0351", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3037.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3037", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2862.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "Name": "CVE-2022-2862", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4781.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "Name": "CVE-2023-4781", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48234.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4166.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4166", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3968.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3968", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "Score": 8.0}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0433.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "Name": "CVE-2023-0433", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0512.json", "FixedBy": "", "Description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "Name": "CVE-2023-0512", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3297.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3297", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4752.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4752", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0054.json", "FixedBy": "", "Description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "Name": "CVE-2023-0054", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3705.json", "FixedBy": "", "Description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-3705", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48235.json", "FixedBy": "", "Description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2982.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2982", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4141.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4141", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4293.json", "FixedBy": "", "Description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "Name": "CVE-2022-4293", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2923.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "Name": "CVE-2022-2923", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2124.json", "FixedBy": "", "Description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2124", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2889.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2889", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2257.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "Name": "CVE-2022-2257", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3973.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3973", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-1170.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "Name": "CVE-2023-1170", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "Score": 6.6}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2845.json", "FixedBy": "", "Description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "Name": "CVE-2022-2845", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3974.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "Name": "CVE-2021-3974", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48233.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48233", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3234.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "Name": "CVE-2022-3234", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1674.json", "FixedBy": "", "Description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "Name": "CVE-2022-1674", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2284.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2284", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2183.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2183", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-4292.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-4292", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2285.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2285", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48236.json", "FixedBy": "", "Description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "Name": "CVE-2023-48236", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4751.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "Name": "CVE-2023-4751", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2286.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2286", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3927.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "Name": "CVE-2021-3927", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2287.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "Name": "CVE-2022-2287", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "Score": 7.1}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1616.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "Name": "CVE-2022-1616", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3099.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3099", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2874.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "Name": "CVE-2022-2874", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4734.json", "FixedBy": "", "Description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "Name": "CVE-2023-4734", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4738.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "Name": "CVE-2023-4738", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-5535.json", "FixedBy": "", "Description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "Name": "CVE-2023-5535", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2304.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2304", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0051.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "Name": "CVE-2023-0051", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-4187.json", "FixedBy": "", "Description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "Name": "CVE-2021-4187", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2343.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2343", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3278.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-3278", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3134.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3134", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-2609.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "Name": "CVE-2023-2609", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1725.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "Name": "CVE-2022-1725", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3352.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "Name": "CVE-2022-3352", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1720.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "Name": "CVE-2022-1720", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2182.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2182", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2817.json", "FixedBy": "", "Description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2817", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://access.redhat.com/security/data/csaf/v2/vex/2021/cve-2021-3903.json", "FixedBy": "", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Name": "CVE-2021-3903", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2946.json", "FixedBy": "", "Description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "Name": "CVE-2022-2946", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2042.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2042", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2210.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2210", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2849.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "Name": "CVE-2022-2849", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-48231.json", "FixedBy": "", "Description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "Name": "CVE-2023-48231", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "Score": 4.3}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2208.json", "FixedBy": "", "Description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "Name": "CVE-2022-2208", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2980.json", "FixedBy": "", "Description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "Name": "CVE-2022-2980", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "Score": 5.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3016.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3016", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1619.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "Name": "CVE-2022-1619", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3256.json", "FixedBy": "", "Description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3256", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3296.json", "FixedBy": "", "Description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-3296", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2020-20703 https://bugzilla.redhat.com/show_bug.cgi?id=2216287 https://www.cve.org/CVERecord?id=CVE-2020-20703 https://nvd.nist.gov/vuln/detail/CVE-2020-20703 https://access.redhat.com/security/data/csaf/v2/vex/2020/cve-2020-20703.json", "FixedBy": "", "Description": "A use-after-free flaw was found in Vim. This issue allows a heap buffer overflow leading to a write access violation. This flaw allows the attacker to possibly have control over the write address and value, which may lead to an application crash.", "Name": "CVE-2020-20703", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "Score": 9.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-3235.json", "FixedBy": "", "Description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "Name": "CVE-2022-3235", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0288.json", "FixedBy": "", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "Name": "CVE-2023-0288", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2344.json", "FixedBy": "", "Description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "Name": "CVE-2022-2344", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2126.json", "FixedBy": "", "Description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2126", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-1620.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "Name": "CVE-2022-1620", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Score": 7.5}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-4750 https://bugzilla.redhat.com/show_bug.cgi?id=2237314 https://www.cve.org/CVERecord?id=CVE-2023-4750 https://nvd.nist.gov/vuln/detail/CVE-2023-4750 https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-4750.json", "FixedBy": "", "Description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the bt_quickfix function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "Name": "CVE-2023-4750", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://access.redhat.com/security/data/csaf/v2/vex/2023/cve-2023-0049.json", "FixedBy": "", "Description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "Name": "CVE-2023-0049", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2129.json", "FixedBy": "", "Description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "Name": "CVE-2022-2129", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://access.redhat.com/security/data/csaf/v2/vex/2022/cve-2022-2175.json", "FixedBy": "", "Description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "Name": "CVE-2022-2175", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Score": 7.8}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "FixedBy": "", "Description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "Name": "CVE-2024-41965", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "Score": 4.2}}}}, {"Severity": "Low", "NamespaceName": "rhel-vex", "Link": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "FixedBy": "", "Description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "Name": "CVE-2024-47814", "Metadata": {"UpdatedBy": "rhel-vex", "RepoName": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "RepoLink": null, "DistroName": "", "DistroVersion": "", "NVD": {"CVSSv3": {"Vectors": "", "Score": ""}}}}]}, {"Name": "python3-systemd", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "234-19.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libseccomp", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "2.5.2-2.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "mpfr", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:f04c9b876d295357d00498f220693deb94c91be43ef5d13f12d7547c029d9925", "Version": "4.1.0-7.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "libblkid", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:6d1a370d8f58c750488b9e9551fdf2fb35ca8f08727c2d816e70bd0e3028fa6d", "Version": "2.37.4-20.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}, {"Name": "boost-date-time", "VersionFormat": "", "NamespaceName": "", "AddedBy": "sha256:516aa76b2376854752013a3c338bd91f68cfd29cbe794b7a4f872930db41ec55", "Version": "1.75.0-8.el9", "BaseScores": [], "CVEIds": [], "Vulnerabilities": []}]}}}
diff --git a/docs/release_artifacts/releases.yaml b/docs/release_artifacts/releases.yaml
index 0a28067768..35237f1388 100644
--- a/docs/release_artifacts/releases.yaml
+++ b/docs/release_artifacts/releases.yaml
@@ -4897,10 +4897,10 @@ releases:
           H: 45
           L: 208
           M: 186
-          U: 1
-        severity_link: https://quay.io/repository/noirolabs/ansible-operator/manifest/sha256:62655797fa492f0c975d3dea7e5d0e9ee0fb8590806d3b909859738eb543252a?tab=vulnerabilities
+          U: 0
+        severity_link: https://quay.io/repository/noirolabs/ansible-operator/manifest/sha256:95acab66b626f8b40f577d02d51b4d5e11c5fd7c801a538fd65ced08cc8ee02f?tab=vulnerabilities
         severity_type: quay
-        sha: 62655797fa492f0c975d3dea7e5d0e9ee0fb8590806d3b909859738eb543252a
+        sha: 95acab66b626f8b40f577d02d51b4d5e11c5fd7c801a538fd65ced08cc8ee02f
       build-logs: release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-buildlog.txt
       build-time: 2024-09-24 10:31:52 PDT
       commit:
@@ -4926,8 +4926,8 @@ releases:
       sbom: release_artifacts/6.1.2.1/z/acc-provision-operator/6.1.2.1-sbom.txt
       severity:
       - C: 0
-        H: 10
-        L: 271
+        H: 11
+        L: 272
         M: 72
         U: 0
       severity_link: https://quay.io/repository/noiro/acc-provision-operator/manifest/sha256:ca2cf594e024e31ed89e750debba62069566fcf4d964245e4f302cdeb87e7489?tab=vulnerabilities
@@ -4941,9 +4941,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/aci-containers-host/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:24:41 PST
       commit:
@@ -4984,9 +4984,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/aci-containers-controller/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:27:16 PST
       commit:
@@ -5027,9 +5027,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/cnideploy/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:29:18 PST
       commit:
@@ -5070,9 +5070,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/aci-containers-operator/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:31:13 PST
       commit:
@@ -5156,9 +5156,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/aci-containers-webhook/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:35:23 PST
       commit:
@@ -5199,9 +5199,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/aci-containers-certmanager/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:36:53 PST
       commit:
@@ -5242,9 +5242,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.2.1/z/aci-containers-host-ovscni/6.1.2.1-buildlog.txt
       build-time: 2024-11-08 03:38:47 PST
       commit:
@@ -5651,26 +5651,26 @@ releases:
           U: 0
         sha: 66233eebd72bb5baa25190d4f55e1dc3fff3a9b77186c1f91a0abdb274452072
       build-logs: release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-buildlog.txt
-      build-time: 2024-11-06 01:57:27 PST
+      build-time: 2024-11-11 02:07:52 PST
       commit:
       - link: https://github.com/noironetworks/aci-containers/commit/d090ca19b2ebe458b0f15e91dc685e6ba807e693
         sha: d090ca19b2ebe458b0f15e91dc685e6ba807e693
       cve: release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-cve.txt
       docker:
-      - link: https://hub.docker.com/layers/noiro/aci-containers-host-ovscni/6.0.4.4.81c2369.z/images/sha256-a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf?context=explore
-        sha: a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf
+      - link: https://hub.docker.com/layers/noiro/aci-containers-host-ovscni/6.0.4.4.81c2369.z/images/sha256-ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc?context=explore
+        sha: ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc
         tag: 6.0.4.4.81c2369.z
-      - link: https://hub.docker.com/layers/noiro/aci-containers-host-ovscni/6.0.4.4.81c2369.110624.10022/images/sha256-a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf?context=explore
-        sha: a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf
-        tag: 6.0.4.4.81c2369.110624.10022
+      - link: https://hub.docker.com/layers/noiro/aci-containers-host-ovscni/6.0.4.4.81c2369.111124.10031/images/sha256-ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc?context=explore
+        sha: ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc
+        tag: 6.0.4.4.81c2369.111124.10031
       name: aci-containers-host-ovscni
       quay:
       - link: https://quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.z
-        sha: a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf
+        sha: ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc
         tag: 6.0.4.4.81c2369.z
-      - link: https://quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.110624.10022
-        sha: a444c2c417aa44de48e144bbb1e2a454c468f43917cf1dfa8fea00d8b43c38cf
-        tag: 6.0.4.4.81c2369.110624.10022
+      - link: https://quay.io/noiro/aci-containers-host-ovscni:6.0.4.4.81c2369.111124.10031
+        sha: ebcf8cb31f4822db5c68c5117e62a076805c8bcad339d839ccd831fc7983b1dc
+        tag: 6.0.4.4.81c2369.111124.10031
       sbom: release_artifacts/6.0.4.4/z/aci-containers-host-ovscni/6.0.4.4-sbom.txt
       severity:
       - C: 0
@@ -5722,7 +5722,7 @@ releases:
         U: 0
       severity_link: https://quay.io/repository/noiro/opflex/manifest/sha256:889f964494ff2f8769bb24ca6bb0c9ee468d4a04a2f6a0c9a3504e92d25ca26c?tab=vulnerabilities
       severity_type: quay
-    last_updated: 2024-11-11 02:05:47 PST
+    last_updated: 2024-11-11 02:07:52 PST
     release_name: 6.0.4.4.z
   - acc_provision: []
     container_images: []
@@ -5748,10 +5748,10 @@ releases:
           H: 45
           L: 208
           M: 186
-          U: 1
-        severity_link: https://quay.io/repository/noirolabs/ansible-operator/manifest/sha256:62655797fa492f0c975d3dea7e5d0e9ee0fb8590806d3b909859738eb543252a?tab=vulnerabilities
+          U: 0
+        severity_link: https://quay.io/repository/noirolabs/ansible-operator/manifest/sha256:95acab66b626f8b40f577d02d51b4d5e11c5fd7c801a538fd65ced08cc8ee02f?tab=vulnerabilities
         severity_type: quay
-        sha: 62655797fa492f0c975d3dea7e5d0e9ee0fb8590806d3b909859738eb543252a
+        sha: 95acab66b626f8b40f577d02d51b4d5e11c5fd7c801a538fd65ced08cc8ee02f
       build-logs: release_artifacts/6.1.1.2/z/acc-provision-operator/6.1.1.2-buildlog.txt
       build-time: 2024-10-11 23:41:25 PDT
       commit:
@@ -5778,7 +5778,7 @@ releases:
       severity:
       - C: 0
         H: 11
-        L: 269
+        L: 270
         M: 72
         U: 0
       severity_link: https://quay.io/repository/noiro/acc-provision-operator/manifest/sha256:294f2c6d884994aa58af31fea379e9b036bb95fb8babaa1321f6691bb351439e?tab=vulnerabilities
@@ -5792,9 +5792,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/aci-containers-host/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:07:40 PDT
       commit:
@@ -5835,9 +5835,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/aci-containers-controller/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:10:07 PDT
       commit:
@@ -5878,9 +5878,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/cnideploy/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:11:53 PDT
       commit:
@@ -5921,9 +5921,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/aci-containers-operator/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:13:30 PDT
       commit:
@@ -6007,9 +6007,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/aci-containers-webhook/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:17:13 PDT
       commit:
@@ -6050,9 +6050,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/aci-containers-certmanager/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:18:35 PDT
       commit:
@@ -6093,9 +6093,9 @@ releases:
           L: 178
           M: 53
           U: 0
-        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05?tab=vulnerabilities
+        severity_link: https://quay.io/repository/noirolabs/ubi9/manifest/sha256:ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185?tab=vulnerabilities
         severity_type: quay
-        sha: 42950ec41cecbcc955560d5848532205fe3fb6467f406238fbb7ed8496178c05
+        sha: ecb856470e15c7160e22e4b2542fb9b37c30af41ec1b2c2c753ca948d8002185
       build-logs: release_artifacts/6.1.1.2/z/aci-containers-host-ovscni/6.1.1.2-buildlog.txt
       build-time: 2024-10-12 00:20:12 PDT
       commit: